1. Feasibility Study

• Purpose: Evaluate technical, economic, and social feasibility to determine strategic benefits and ROI.
• Activities: Identify cost savings, justify business needs, build a business case.
• Role of IS Auditor:
  • Review documentation for reasonableness.
  • Verify cost justification and benefit schedules.
  • Ensure alternate solutions are reasonable.
  • Validate business needs for system development or acquisition.

2. Requirements Definition

• Purpose: Define functional, service, and quality requirements.
• Activities: Gather user inputs, study user needs, and create requirement documents.
• Role of IS Auditor:
  • Verify representation of affected users and project team members.
  • Review requirements documentation for completeness and accuracy.
  • Validate Data Flow Diagrams (DFD) and specifications.

3a. System Analysis

• Purpose: Analyze current systems, identify problems, and recommend improvements.
• Activities: Map current processes, decide system design approaches.
• Role of IS Auditor:
  • Verify project initiation approval.
  • Ensure vendor proposals cover project scope (for acquisition).
  • Assess embedded audit routines in the design.

3b. System Design

• Purpose: Finalize system specifications and establish baseline for development.
• Activities: Define hardware, software, interfaces, databases, and security considerations.
• Role of IS Auditor:
  • Review system flowcharts and input/output controls.
  • Assess audit trail adequacy.
  • Verify system design completeness and alignment with requirements.

4. Development

• Purpose: Transform design specifications into a functional system.
• Activities: Coding, documentation, development of manuals, and quality assurance.
• Role of IS Auditor:
  • Ensure documentation is complete.
  • Review QA reports and adherence to coding standards.
  • Assess bug reporting and resolution procedures.

Software Escrow: Ensure necessary proprietary materials (e.g., source code, manuals) are safeguarded by a neutral agent.

5. Testing

• Purpose: Validate system functionality and identify issues.
• Activities: Perform QA Testing, Integration Testing, and User Acceptance Testing (UAT).
• Role of IS Auditor:
  • Review test plans and error reports.
  • Verify data integrity during testing.
  • Ensure participation of relevant users in testing.
  • Validate reconciliation of control totals and converted data.

6. Implementation

• Purpose: Deploy the system using strategies like cut-off, phased, pilot, or parallel implementation.
• Activities: User sign-off, change control adherence, data conversion validation.
• Role of IS Auditor:
  • Verify test plans and acceptance sign-offs.
  • Ensure adherence to change control processes.
  • Validate documentation completeness.
  • Verify accurate data conversion.

7. Maintenance

• Purpose: Ensure system stability, support users, and handle deficiencies or changes.
• Activities: Record issues, track changes, and measure ROI.
• Role of IS Auditor:
  • Verify achievement of system objectives.
  • Review cost-benefit realization.
  • Assess system controls and error logs.
  • Validate authorization of system changes.
  • Ensure emergency access controls are adequate.