Course Description
In several recent surveys, C-level management has indicated one of the greatest risk to their organization is the inability for project teams to deliver automated application systems on-time, on-budget, AND with the required functionality. These projects tend to go off track when the project controls fail, or are not adequately enforced. IT-related budgets are often up to 30% of expenses, routine business processes are embedded in these systems, and strategic decisions are often based upon the reporting from these systems. Accordingly, the involvement of the internal audit function focusing on delivery of key applications is an essential management practice to ensure appropriate project governance, risk management, and realization of asset value.
The development process is often subject to financial, operational, and political constraints and pressures. The results can be devastating if not properly addressed. Internal Audit can provide major value in reviewing the process by phase. Our contribution can be both in content (internal controls) and governance oversight. Using CobiT® as a framework, we will develop an audit approach that achieves both objectives.
We discuss the:
- Objectives of the IT-Enabled Project Audit
- Use of CobiT® as a resource for control objectives
- Reliance on the standard audit universe
- Key phases in the project life cycle
- Key control components by phase
- Audit process by phase
Learning Objectives:
- How to execute an audit of the various phases of the project
- When to audit the phase
- How to incorporate objective maturity model assessment into the evaluation
- How to report findings to line management and senior management
- When and how often to re-audit the project
- How to integrate audit resources
- Common issues that have arisen at each project phase
Course Outline
Understanding the Project
- The Components of a Business Project
- Defining IT-Enabled Projects
- Program vs. project
- Organizations Involved in Projects
- Project Management’s Role
- Business Impact of Developed Product
- Business Risks Associated with Project
- Systems Development Approaches
- Components of Systems Development
Design Methodology
- Top-Down vs. Bottom-Up
Establishing A Development Framework
- PMBOK
- Typical Activities at Each Phase
- CobiT® as a Systems Development Framework
Assurance Framework
3 Objectives of the IT-Enabled Project Management Review
Audit Scope Attributes and their Components at Each Project Phase
- Governance
- Project Management
- Budget
- Internal Controls
- Business Process
- Third-party providers and other external influences
Audit Approach
Auditing Internal Controls
The Auditor as a Project Customer
Reliance on the Audit Universe
- General Controls
- Application Controls
- Financial Interfaces
Reporting Process
Using a Maturity Model to Establish Objective Assessment
Key Points for Success
Case studies and exercises
*Included in 2 day course only
Additional Information
Who Should Attend
- Internal auditors (IT, operational, financial) seeking to establish audit projects in development
Recommended Prerequisites
At least two years internal audit or relevant experience. Attending Introduction to IT Auditing (AA01) and/or Auditing IT Application Systems (AA02) would be beneficial.
Learning Level
Intermediate
Delivery
Group-Live & Group Internet-Based
Field
Auditing
Advanced Preparation
None
Session Duration
Online: Two 3-hour sessions
On Site: 1 or 2 days
CPE Credits: 8 or 16