SESSION GOAL:  After completing this session, you should understand the difference between auditing the development of an information system and auditing the output of that information system. You should also recognize the critical controls over the systems development process and when it is appropriate for IS auditors to participate in development projects.

• Review the SDLC concept by reading Sannerud, SAC: System Development Life Cycle, ITAudit Forum, April 15, 2003. Printer-friendly version here.
• Review Boritz, Chapter 4. Concentrate on the "Controls over Systems" and "Role for Auditors in the System Development and Acquisition Process" sections.
• Read the following ISACA guidelines
  • Effect of Non-Audit Role on the IS Auditor's Independence
  • Organisational Relationship and Independence
  • System Development Life Cycle Reviews
• Read Oliphant, An Introduction to Computer Auditing - Part Deux, No. 14, Part B, ITAudit Forum, January 1, 2001. Just read the section about auditing the SDLC activities.
  
• Read Berardi and Stucki, SAC: Systems Development Technical Overview, ITAudit Forum, March 15, 2003. Focus on the section about auditing's role in the SDLC activities (near the bottom of the article). Printer-friendly version here.
• Review the following SDLC Audit Programs
  • Systems Development Project Checklist
  • Delta Airlines
• Read Oz, E. 1994. When professional standards are lax: The CONFIRM failure and its lessons. Communications of the ACM 37(10), 29-36. You will need to click on the PDF icon to download the article.
• Read Stanford, The project from hell, Computerworld, September 4, 1995.
• Skim Keil & Mann, The Nature and Extent of IT Project Escalation: Part I, IS Audit and Control Journal in the COURSE MATERIALS section of Blackboard.
• Skim Keil & Mann, The Nature and Extent of IT Project Escalation: Part II, IS Audit and Control Journal in the COURSE MATERIALS section of Blackboard.
• After class, go to the Baylor Electronic Resources and search the Wall Street Journal in ProQuest to find and read Tomsho, R. 1994. "How Greyhound Lines re-engineered itself right into a deep hole," The Wall Street Journal (10/20): A1, A6 (use "real dog greyhound" as your search term). Prepare an audit plan that, if executed in a timely fashion, would have detected the system development and execution flaws soon enough for Greyhound to have avoided them. To minimize the likelihood of failing to identify all the unsuccessful systems development practices, start by making a list of them. Then develop an audit plan that addresses each one. This audit plan is an INDIVIDUAL assignment. Your completed audit plan is due at the beginning of class on July 15.
  

Student Support & Services | Hankamer School of Business | Library Electronic Resources | Registration | Directory
Syllabus | Lectures | Assignments | Project | Groups | Discussions | Webliography | Grades | Orientation |
Announcements | E-mail Dr. Davis | Webmaster | © Baylor University 2003
This page was last modified on May 22, 2003.