Introduction

Did you ever stop to think about how much of an auditor’s work actually revolves around project management? After all, projects are temporary endeavors that have a defined beginning, middle, and end. Each audit you will be involved with will be unique. Each will have different requirements and specifications. This means that CISAs need to understand project management. This includes initiating, planning, executing, controlling, and closing projects.

Lifecycle management also requires that auditors understand the system development lifecycle (SDLC). Auditors can become deeply involved in the SDLC process. Auditors are responsible for helping to ensure that sufficient controls are designed during SDLC and that these controls work as expected. Controls must be tested and the overall design plan must be reviewed. Not all projects will use the same development method. Today many alternate development methods, such as prototyping, rapid application development, and agile development, are used. The auditor must understand each of these to fulfill his job duties. After the rollout of new applications, the auditor’s job is not done. Systems require maintenance, review of changes, and review and redesign of processes. Throughout the lifecycle, auditors play a key role.