The document outlines the role of an auditor throughout the system development life cycle (SDLC) process. It discusses the auditor's involvement in each phase, including preliminary review, system requirements analysis, system design, development, testing, implementation, maintenance, and IT governance. The auditor helps set the project scope, assess business objectives, review requirements and design documents, evaluate test results, ensure correct implementation, and supervise maintenance. The overall process involves understanding needs, designing, building, testing, and implementing systems while maintaining governance, risk and compliance standards.
3. It is the process of
building or acquiring
new systems in
environment
Generic sequence
of steps or phases
Systems may be
custom developed
or purchased
directly from a
vendor.
It is usually long
term
Blog.bharathraob.com
3
5. Auditor
helps in
BPR, Settin
g the scope
and Testing
Host
Vendor
provides
the
solution
to the
Host
Auditor
Auditor helps in Scope
Management, and
Design of solution
Blog.bharathraob.com
Vendor
6. 6
Is it as simple as it looks like???
Blog.bharathraob.com
9. Preliminary Review
Business Requirements
o IT Objectives should always
be align with Business
Objectives and not vice
versa
Current state of business
and its processes
Scope
Technical Requirements
o (Hardware, Manpower, Budg
ets, Resources)
Auditor’s Role
Assessing the Business
Objectives and IT
objectives
Design of the revised
objectives
Scope Document
(RFP, Tender, EOI)
Budgeting and Financial
Feasibility decision taking
ROI Feasibility
Blog.bharathraob.com
9
10.
Auditor’s Role
System R & A
Functionalities
o Requirement gathering
o FRS Document
Deliverables
o Hardware equipment
o Software Interfaces
o Revised Business
Processes
Project Plan
Resource Allotment
Participate in requirement
gathering process and
approve by giving signoffs
(PMO)
Decide the software
deliverables
Business Process Reengineering and
Benchmarking
Develop a project plan
Resource Allotment
o Developers, Funds, Hardw
are, Man Power etc
Blog.bharathraob.com
10
11. Auditor’s Role
System Design
Translate the functional
Requirements
Review and give
sign off of the
HLD and LLD
(PMO)
Technical Design
•
•
•
•
May use help of
an Expert – SA
620
Algorithms and Flowcharts
Database Schemas
User Interfaces
HLD and LLD
Blog.bharathraob.com
11
12. Systems Development
Auditor’s Role
Coding and Acquisition
• Sharepoint, C, C++, Java, VB.Net, C#, SQL
• Purchase the licence directly
Licencing
Coding Standards and conventions
are followed
Nothing
Documentation and preservation of
codes and invoices etc.
Blog.bharathraob.com
12
13. Auditor’s Role
Testing
Design the
test plans
Unit Testing
Integration Testing
System Testing
Evaluate
the test
results
Final/User Acceptance Testing
Test Data and Environment
Test Plan
Test Results
Documentation of Test Summary for signoff
Blog.bharathraob.com
Provide
Signoffs
13
14.
Implementation
Installation vs.
Implementation
Configuration
Deployment of the
system
Live Data Migration and
Conversion
Production Environment
Documentation of
Implementation
Auditor’s Role
Ensure that correct
configuration is applied to
suit business
requirements
Data is migrated
completely and is
converted.
o C-I-A of Data is maintained
Review of the
Documentation of
implementation
Blog.bharathraob.com
14
HLD and LLD – High Level Document and Low Level DocumentHLD – It gives the overall system design in terms of functional architecture and database design. LLD – The view of the application developed during the high level design is broken down into modules and programs. Logic design is done for every program and then is documented as program specifications.
Unit testing ----- Detailed designIntegration testing ----- Architectural DesignSystem Testing ----- Functional RequirementsAcceptance Testing ----- User Requirements