Overview

Class Central Tips

This comprehensive course is designed to equip you with the knowledge and skills necessary to effectively audit IT project governance and system development processes. It begins with an overview of project governance and management, emphasizing the roles and responsibilities of key stakeholders, including project sponsors and the Project Management Office (PMO). You will gain a solid understanding of project initiation, planning, and execution phases, learning how to differentiate between auditing project content and project execution. Special focus is given to the project management methodologies, such as Agile and Predictive approaches, and the essential procedures for closing projects, ensuring you are well-versed in each phase of the project lifecycle. The course then transitions to system development and risk management, where you will explore various system development lifecycle (SDLC) models and their associated risks. You will learn how to assess these risks and understand different software development methods, including the use of Computer Aided Software Engineering (CASE) tools and fourth-generation languages (4GLs). Key topics such as business case development, feasibility analysis, and the identification and design of effective data controls are thoroughly covered, preparing you to evaluate system and software development from an IS auditor's perspective. In the final modules, the focus shifts to testing methodologies, data integrity, and change management. You will delve into decision support systems, testing plans, and methodologies to ensure data integrity and accuracy in application systems. The course also covers data migration processes, changeover techniques, and post-implementation reviews (PIR). By the end of the course, you will have a robust understanding of how to audit complex IT projects and system development processes, positioning you for success in the CISA exam and your professional career. This course is ideal for IT auditors, project managers, and professionals preparing for the CISA certification. It is recommended for individuals with a foundational understanding of information systems and project management. No prior CISA experience is required, but familiarity with IT governance and audit principles will be beneficial.

Syllabus

Project Governance and Management

In this module, we will cover the fundamentals of project governance and management, focusing on the roles involved in IT projects and the importance of project sponsorship. You'll learn about the functions of the Project Management Office (PMO) and explore the project lifecycle, including initiation, planning, execution, and closure. We will also discuss the IS auditor’s role in auditing both project content and execution.

System Development and Risk Management

In this module, we will delve into system development and risk management, examining various SDLC models and software development methods. You’ll learn how to perform feasibility analyses to inform business case development and how to use tools like CASE and 4GLs in auditing. Additionally, we will cover techniques for identifying and designing controls to mitigate risks throughout the system development process.

Testing and Data Integrity

In this module, we will focus on the importance of testing and data integrity in system development. You’ll explore various testing methodologies, learn how to create comprehensive testing plans, and assess application systems for data integrity. We will also cover decision support systems and the critical aspects of data migration, ensuring that systems operate accurately and securely post-implementation.

Change Management and Post-Implementation

In this module, we will discuss change management strategies, including various changeover techniques such as parallel, phased, and abrupt transitions. You’ll learn how to implement effective post-implementation procedures, focusing on maintaining operational controls and conducting post-implementation reviews. These practices are essential for ensuring that new systems meet organizational requirements and continue to function as intended after deployment.