Training is an essential element for preparing end users on the functionality and
Review the training plans and interview users to develop an opinion on its adequacy. Compare a list of planned training recipients with the population of end users to ensure that there are no significant gaps.
Look for evidence that would
Finalized project documentation and recorded lessons learned can be used to aid in the effectiveness and efficiency of future company projects.
Review the project documentation, and ensure that all relevant documents have been finalized and baselined. Look for evidence that a final list of lessons learned from the project has been documented.
The Project Management Institute (PMI) is responsible for publishing the well-known Project Management Professional (PMP) certification. If you would like more information about PMI or the PMP, visit http://www.pmi.org.
Software Engineering Institute
(SEI) and its
Capability Maturity Model Integration
(CMMI) are useful tools for gathering best practices for
Checklist for Auditing Overall Project Management
Ensure that sufficient project documentation and software development process documentation (if
q Review procedures for ensuring that project documentation is kept up-to-date.
Evaluate security and
Evaluate procedures for backing up critical project software and documentation. Ensure that
q Ensure that an effective process exists for capturing project issues, escalating those issues as appropriate, and tracking them to resolution.
Ensure that an effective process exists for capturing project change
Verify that a project schedule has been created and that it contains sufficient detail based on the
Ensure that there is a method for tracking project costs and reporting overruns. Ensure that all project costs, including labor, are
q Evaluate the project leadership structure to ensure that both the business and IT are represented adequately.
Checklist for Auditing Project Startup
q Ensure that appropriate project approval processes were followed prior to project initiation.
q Ensure that a technical feasibility analysis has been performed along with, if applicable, a feasibility analysis by the company's legal department.
Review and evaluate the requirements document. Determine if and how customer requirements for the project are obtained and documented before development takes place. Ensure that the customers sign off on the requirements and that the requirements
q Evaluate the process for ensuring that all affected groups who will be helping to support the system, software, or process are involved in the project and will be part of the sign-off process, indicating their readiness to support it.
q Review the process for establishing the priority of requirements.
q Determine whether the system requirements and preliminary design ensure that appropriate internal control and security elements will be designed into the system, process, or software.
If the project involves the purchase of software or technology, review and evaluate the vendor selection process and
Checklist for Auditing Detailed Design and System Development
q Ensure that all requirements can be mapped to a design element.
q Verify that the key stakeholders have signed off on the detailed design document (or equivalent).
Review processes for ensuring ongoing customer involvement with the prioritization of
q Look for evidence of peer reviews in design and development.
q Verify that appropriate internal controls and security have been designed into the system.
Checklist for Auditing Testing
q Verify that design and testing are taking place in a development/test environment and not in a production environment.
Review and evaluate the testing process. Ensure that the project has an adequate test plan and
q Ensure that all requirements can be mapped to a test case.
q Ensure that users are involved in testing and agree that the system meets requirements. This should include IT personnel who will be supporting the system and IT personnel who were involved in performing initial technical feasibility studies for the project.
Consider participating in
Checklist for Auditing Implementation
q Ensure that an effective process exists for recording, tracking, escalating, and resolving problems that arise after implementation.
q Review and evaluate the project's conversion plan. Ensure that the project has an adequate conversion plan and follows this plan.
q Review plans for converting the support of the new system or software from the project team to an operational support team.
q Ensure that sufficient documentation has been created for use of the system or process being developed and maintenance of the system or software. Evaluate processes for keeping the documentation up-to-date. Evaluate change controls and security over that documentation.
Checklist for Auditing Training
q Review plans for making sure that all affected users are trained on the use of the new system, software, or process.
q Ensure that processes are in place for keeping training materials up-to-date. Evaluate change controls and security over the training materials.
Checklist for Auditing Project Wrap-up
q Ensure that there is a process for closing out the project and recording lessons learned and that the process is followed.