Master Checklists

Auditing Overall Project Management

Checklist for Auditing Overall Project Management

  1. qEnsure that sufficient project documentation and software development process documentation (if applicable) have been created. Ensure that the company's project methodology standards are being followed.

  2. qReview procedures for ensuring that project documentation is kept up-to-date.

  3. qEvaluate security and change-management processes for critical project documentation.

  4. qEvaluate procedures for backing up critical project software and documentation. Ensure that backups are stored offsite and that documented procedures exist for recovery.

  5. qEnsure that an effective process exists for capturing project issues, escalating those issues as appropriate, and tracking them to resolution.

  6. qEnsure that an effective process exists for capturing project change requests, prioritizing them, and dispositioning them.

  7. qVerify that a project schedule has been created and that it contains sufficient detail based on the size of the project. Ensure that there is a process in place for monitoring progress and reporting significant delays.

  8. qEnsure that there is a method for tracking project costs and reporting overruns. Ensure that all project costs, including labor, are considered and tracked.

  9. qEvaluate the project leadership structure to ensure that both the business and IT are represented adequately.

Auditing Project Startup

Checklist for Auditing Project Startup

  1. qEnsure that appropriate project approval processes were followed prior to project initiation.

  2. qEnsure that a technical feasibility analysis has been performed along with, if applicable, a feasibility analysis by the company's legal department.

  3. qReview and evaluate the requirements document. Determine if and how customer requirements for the project are obtained and documented before development takes place. Ensure that the customers sign off on the requirements and that the requirements encompass standard IT elements.

  4. qEvaluate the process for ensuring that all affected groups who will be helping to support the system, software, or process are involved in the project and will be part of the sign-off process, indicating their readiness to support it.

  5. qReview the process for establishing the priority of requirements.

  6. qDetermine whether the system requirements and preliminary design ensure that appropriate internal control and security elements will be designed into the system, process, or software.

  7. qIf the project involves the purchase of software or technology, review and evaluate the vendor selection process and related contracts.

Auditing Detailed Design and System Development

Checklist for Auditing Detailed Design and System Development

  1. qEnsure that all requirements can be mapped to a design element.

  2. qVerify that the key stakeholders have signed off on the detailed design document (or equivalent).

  3. qReview processes for ensuring ongoing customer involvement with the prioritization of tasks on the project.

  4. qLook for evidence of peer reviews in design and development.

  5. qVerify that appropriate internal controls and security have been designed into the system.

Auditing Testing

Checklist for Auditing Testing

  1. qVerify that design and testing are taking place in a development/test environment and not in a production environment.

  2. qReview and evaluate the testing process. Ensure that the project has an adequate test plan and follows this test plan.

  3. qEnsure that all requirements can be mapped to a test case.

  4. qEnsure that users are involved in testing and agree that the system meets requirements. This should include IT personnel who will be supporting the system and IT personnel who were involved in performing initial technical feasibility studies for the project.

  5. qConsider participating in user acceptance testing and validating that system security and internal controls are functioning as intended.

Auditing Implementation

Checklist for Auditing Implementation

  1. qEnsure that an effective process exists for recording, tracking, escalating, and resolving problems that arise after implementation.

  2. qReview and evaluate the project's conversion plan. Ensure that the project has an adequate conversion plan and follows this plan.

  3. qReview plans for converting the support of the new system or software from the project team to an operational support team.

  4. qEnsure that sufficient documentation has been created for use of the system or process being developed and maintenance of the system or software. Evaluate processes for keeping the documentation up-to-date. Evaluate change controls and security over that documentation.

Auditing Training

Checklist for Auditing Training

  1. qReview plans for making sure that all affected users are trained on the use of the new system, software, or process.

  2. qEnsure that processes are in place for keeping training materials up-to-date. Evaluate change controls and security over the training materials.

Auditing Project Wrap-up

Checklist for Auditing Project Wrap-up

  1. qEnsure that there is a process for closing out the project and recording lessons learned and that the process is followed.

IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
Year: 2004
Pages: 159 © 2008-2017.
If you may any questions please contact us: