Why don’t auditors stop IT development projects going off-the-rails?
Developing systems audits are arguably one of the most difficult types of IT audit assignment. They often involve a cat-and-mouse game of ‘show me’ and ‘watch my lips’, in other words the auditor asks for something truly obscure and weird such as “the business case” or “the risk analysis” or “the security specifications” and someone with nothing better to do is sent into a dark corner to knock one together, quickly. Audited development projects almost invariably involve spending vast amounts of money since IT auditors seldom get the opportunity to audit small projects, particularly end-user developments perceived (by management if not SOX auditors) as low risk. It is an unfortunate truth that in IT, professional, disciplined and effective project management is a welcome relief rather than the rule. An experienced IT auditor has generally witnessed all sorts of disasters at close range through bayonetting a number of development projects. For some obscure reason buried deep in human psy
