7/23/2019 i Tag Development Maintenance
http://slidepdf.com/reader/full/i-tag-development-maintenance 1/2
INFORMATION TECHNOLOGY AUDIT GUIDELINES PAGE 1
Line of Business/Product: Information Technology General Controls Review Audit Date:
Client Name:____________________________________________________
Business/IT Process: System Develoment and !aintenance !anagement
Objectives: The primary objective of the Systems Development/aintenance audit is to determine
if the development of ne! systems and modification of e"istin# systems is defined by policies and procedures$ and appropriately authori%ed& mana#ed and controlled' This includes adherence to asystems development life cycle (SDL)* methodolo#y& separation of duties and appropriate involvementof users in the definition of re+uirements as !ell as testin# of ne! and modified systems'
Prepared By: ,,,,,,,,,,,,,,,,,,,,,,,,,,,
SPECIFIC "# AUDIT OBSERV.
BUSINESS RISK CONTROL OBJECTIVE CONTROL TEST STEP REF. TEST CONCLUSIONS (RESULTS) SUMMARY Y N REF.
-ailure to provide policies. procedures for
applications developmentand maintenance may notresult !ith proper controlsand authori%ations'
nsure that company (the Ban0* provides the application
development and maintenance policies and procedures'
1' Discussed application development andmaintenance !ith the )IO and Senior 2P of
)orporate Information Technolo#yDepartment'
-ailure to establish that IThas practiced a policy ofdevelopment andmaintenance may result innot providin# si#n3offsand authori%ations atevery milestone'
nsure that the company (theBan0* has established a policyfor development andmaintenance that adheres to theSDL) re+uirin# si#n3offs andapprovals for major milestones'
4' Obtained the Ban05s/)ompany5s systemsdevelopment life cycle (SDL)*' Identifymajor milestones and re+uiredapprovals/si#noffs' 6scertain !hether SDL)includes all basic phases (e'#' re+uirementsdefinition& desi#n& codin#& and testin#* and!hether #ranulation into sub3phases isappropriate to client'
-ailure to identify a project plan and completelist of projects may resultthat the ban0 does notfollo! propermethodolo#y to support its
policies . procedures'
nsure that a sample projectfrom a complete list of projectssupports the SDL) components'Proper project mana#ement .
plannin# is supportin# evidence'
7' Obtained listin#s of applicationdevelopment system projects and applicationmaintenance projects and selected jud#mentalsamples of each type'
-ailure to identify asample of compliance tothe SDL) componentsmay result that the ban0does not follo! propermethodolo#y to support its
policies . procedures'
nsure that a sample projectfrom a complete list of projectssupports the SDL) components'
8' -or each project in sample from step 7above& obtained (!here appropriate*supportin# documentation includin# projectinitiation paper!or0& cost3benefit analysis&re+uirements documentation& desi#nspecifications& minutes of !al03throu#h
sessions and all appropriate mana#erial/usersi#n3offs'
7/23/2019 i Tag Development Maintenance
http://slidepdf.com/reader/full/i-tag-development-maintenance 2/2
INFORMATION TECHNOLOGY AUDIT GUIDELINES PAGE 2
Line of Business/Product: Information Technology General Controls Review Audit Date:
Client Name:____________________________________________________
Business/IT Process: System Develoment and !aintenance !anagement
Objectives: The primary objective of the Systems Development/aintenance audit is to determine
if the development of ne! systems and modification of e"istin# systems is defined by policies and procedures$ and appropriately authori%ed& mana#ed and controlled' This includes adherence to asystems development life cycle (SDL)* methodolo#y& separation of duties and appropriate involvementof users in the definition of re+uirements as !ell as testin# of ne! and modified systems'
Prepared By: ,,,,,,,,,,,,,,,,,,,,,,,,,,,
SPECIFIC "# AUDIT OBSERV.
BUSINESS RISK CONTROL OBJECTIVE CONTROL TEST STEP REF. TEST CONCLUSIONS (RESULTS) SUMMARY Y N REF.
-ailure that mana#ementhas not properly adhered
to policies . proceduresthat support the SDL)methodolo#y'
nsure that sample reflects proper approvals and si#n3offs'
9' evie!ed each sample item to ensure thatall re+uired milestones and
approvals/si#noffs& etc' are evidenced in thesample'