Role of IS Auditor in SDLC
The system development life cycle is the process of creating and implementing a new system or software. The IT auditor's role is to ensure that the system development process is effective and that proper controls are embedded in the system.
Here's a breakdown:
Reporting to senior management: The IT auditor independently reports to senior management about the system development process. They provide updates and information to ensure that the process is on track.
Embedding controls: The IT auditor ensures that important controls, such as audit trails for financial transactions, are embedded in the system development process. This helps to reduce risks and make the system more effective.
The IT auditor is involved in different phases of the system development life cycle:
Feasibility study: The IT auditor can provide advice on whether developing a new system is the best solution and whether it should be done in-house or outsourced.
Requirement phase: The IT auditor ensures that user input is properly gathered and communicated to the development team. They also consult with senior management to ensure everyone is satisfied with the requirements.
Design phase: The IT auditor reviews the system development methodologies used by the team and provides advice on their appropriateness. They also ensure that guidelines and procedures are followed for outsourcing.
Development phase: The IT auditor focuses on testing, ensuring that a proper test plan is in place and that errors are resolved. They also review user acceptance test results.
Implementation phase: The IT auditor provides recommendations on system changeover methodologies, considering risks and costs.
Post-implementation phase: The IT auditor conducts a review to assess whether the system has achieved its objectives and whether users are satisfied.
Overall, the IT auditor's involvement in the system development process helps to ensure that controls are embedded and risks are reduced, leading to a more effective and reliable system.
Last updated