This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Controls); and third to assess the controls being provided for the
management of the system's operation (System Management Controls). The first
thrust is pursued by having the auditor attend project and steering committee
meetings, examining project control documentation and conducting interviews. As for
the second thrust, the auditor is limited to examining system documentation, such as
functional specifications, to arrive at an opinion on controls.. The same is true for the
third thrust, the system's operational controls. IT Audit Manual Volume III 72 IT Audit Manual Audit Checklist :
I PROJECT INITIATION PHASE (PI)
At this stage, terms of reference for the project should be formally defined and
the project control parameters established. Procedures involve performing a
preliminary review of the existing system (including manual system) to assess the
need for change and the nature of the suggested changes. The "problem" must
be defined. A potential solution should be conceptualized for reference during
the feasibility study phase. The description of the solution need not be so detailed
that it prejudices the alternatives examined during the feasibility study. At this
time all external and internal constraints (cost, time, legislation, departmental
guidelines, user needs, etc.) should be identified along with their impact on the
problem and the solution. This phase produces a Project Initiation Report.
Audit objective: To establish that project is formally initiated and that
appropriate project control measures exist. Checklist (PI)
PI.1. Review the business and ensure a formal business case exists for the project. PI.2. Ensure that a Project Initiation document exists and it has the approval of the
competent authority. PI.3 If yes, then verify that the Project Initiation document contains at least the following
Broad reasons for undertaking the Project, such as:
The problem to be remedied or process to be improved, and/or
Enhancing the organisation's ability to achieve its goals, and/or
Description of the deficiencies in relevant existing system; and/or
The opportunities that would be provided for increasing economy or
efficiency of operations; and/or
Internal controls and security need...
View Full Document
This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.
- One '10