Flylib.com

Books Software

 
 
 

Category list


Similar pages

It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D] - page 108


Buy on amazon.com >>
Davis C. Schiller M. Wheeler K.
    << Previous page
    Table of contents
    Next page >>

    Training

    31 Review plans for making sure that all affected users are trained on use of the new system, software, or process.

    Training is an essential element for preparing end users on the functionality and nuances of what has been developed. If training is not given or is inadequate, the new system, software, or process likely will be misused, used ineffectively, or avoided.

    How

    Review the training plans and interview users to develop an opinion on its adequacy. Compare a list of planned training recipients with the population of end users to ensure that there are no significant gaps.

    32 Ensure that processes are in place for keeping training materials up-to-date. Evaluate change controls and security over the training materials.

    As new employees and new users have a need to use the system, they will want to take advantage of the training materials. If these training materials have become outdated (e.g., owing to system changes), the effectiveness of the training materials will be limited.

    How

    Look for evidence that would indicate that training has been updated when the system has changed, and review processes for ensuring ongoing maintenance of the documentation. Ensure that files containing documentation are locked down and can be modified only by appropriate personnel (using techniques described in Chapters 6 and 7). Interview appropriate personnel to understand processes for changing critical documents. Ensure that an approval process is required before changes are made to significant documents and that the approval process cannot be circumvented.



    Project Wrap-up

    33 Ensure that there is a process for closing out the project and recording lessons learned and that the process is followed.

    Finalized project documentation and recorded lessons learned can be used to aid in the effectiveness and efficiency of future company projects.

    How

    Review the project documentation, and ensure that all relevant documents have been finalized and baselined. Look for evidence that a final list of lessons learned from the project has been documented.



    Knowledge Base

    The Project Management Institute (PMI) is responsible for publishing the well-known Project Management Professional (PMP) certification. If you would like more information about PMI or the PMP, visit http://www.pmi.org.

    The Software Engineering Institute (SEI) and its Capability Maturity Model Integration (CMMI) are useful tools for gathering best practices for software-development methodology. The SEI's mission is to advance software engineering and related disciplines to ensure the development and operation of systems with predictable and improved cost, schedule, and quality. The CMMI is a process-improvement approach that provides organizations with the essential elements of effective processes. If you would like more information on them, visit http://www.sei.cmu.edu.



    Master Checklists

    Auditing Overall Project Management

    Checklist for Auditing Overall Project Management

    1. q Ensure that sufficient project documentation and software development process documentation (if applicable ) have been created. Ensure that the company's project methodology standards are being followed.

    2. q Review procedures for ensuring that project documentation is kept up-to-date.

    3. q Evaluate security and change-management processes for critical project documentation.

    4. q Evaluate procedures for backing up critical project software and documentation. Ensure that backups are stored offsite and that documented procedures exist for recovery.

    5. q Ensure that an effective process exists for capturing project issues, escalating those issues as appropriate, and tracking them to resolution.

    6. q Ensure that an effective process exists for capturing project change requests , prioritizing them, and dispositioning them.

    7. q Verify that a project schedule has been created and that it contains sufficient detail based on the size of the project. Ensure that there is a process in place for monitoring progress and reporting significant delays.

    8. q Ensure that there is a method for tracking project costs and reporting overruns. Ensure that all project costs, including labor, are considered and tracked.

    9. q Evaluate the project leadership structure to ensure that both the business and IT are represented adequately.

    Auditing Project Startup

    Checklist for Auditing Project Startup

    1. q Ensure that appropriate project approval processes were followed prior to project initiation.

    2. q Ensure that a technical feasibility analysis has been performed along with, if applicable, a feasibility analysis by the company's legal department.

    3. q Review and evaluate the requirements document. Determine if and how customer requirements for the project are obtained and documented before development takes place. Ensure that the customers sign off on the requirements and that the requirements encompass standard IT elements.

    4. q Evaluate the process for ensuring that all affected groups who will be helping to support the system, software, or process are involved in the project and will be part of the sign-off process, indicating their readiness to support it.

    5. q Review the process for establishing the priority of requirements.

    6. q Determine whether the system requirements and preliminary design ensure that appropriate internal control and security elements will be designed into the system, process, or software.

    7. q If the project involves the purchase of software or technology, review and evaluate the vendor selection process and related contracts.

    Auditing Detailed Design and System Development

    Checklist for Auditing Detailed Design and System Development

    1. q Ensure that all requirements can be mapped to a design element.

    2. {% if main.adsdop %}{% include 'adsenceinline.tpl' %}{% endif %}

      q Verify that the key stakeholders have signed off on the detailed design document (or equivalent).

    3. q Review processes for ensuring ongoing customer involvement with the prioritization of tasks on the project.

    4. q Look for evidence of peer reviews in design and development.

    5. q Verify that appropriate internal controls and security have been designed into the system.

    Auditing Testing

    Checklist for Auditing Testing

    1. q Verify that design and testing are taking place in a development/test environment and not in a production environment.

    2. q Review and evaluate the testing process. Ensure that the project has an adequate test plan and follows this test plan.

    3. q Ensure that all requirements can be mapped to a test case.

    4. q Ensure that users are involved in testing and agree that the system meets requirements. This should include IT personnel who will be supporting the system and IT personnel who were involved in performing initial technical feasibility studies for the project.

    5. q Consider participating in user acceptance testing and validating that system security and internal controls are functioning as intended.

    Auditing Implementation

    Checklist for Auditing Implementation

    1. q Ensure that an effective process exists for recording, tracking, escalating, and resolving problems that arise after implementation.

    2. q Review and evaluate the project's conversion plan. Ensure that the project has an adequate conversion plan and follows this plan.

    3. q Review plans for converting the support of the new system or software from the project team to an operational support team.

    4. q Ensure that sufficient documentation has been created for use of the system or process being developed and maintenance of the system or software. Evaluate processes for keeping the documentation up-to-date. Evaluate change controls and security over that documentation.

    Auditing Training

    Checklist for Auditing Training

    1. q Review plans for making sure that all affected users are trained on the use of the new system, software, or process.

    2. q Ensure that processes are in place for keeping training materials up-to-date. Evaluate change controls and security over the training materials.

    Auditing Project Wrap-up

    Checklist for Auditing Project Wrap-up

    1. q Ensure that there is a process for closing out the project and recording lessons learned and that the process is followed.



    Buy on amazon.com >>
    Davis C. Schiller M. Wheeler K.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy