Chapter 5 - chapter 8

from page 279 in the book or 348/600 on the pdf

STEERING COMMETTEE
360/696
sys re so re prede dede co te op
365/696
368/696
402/696
Sure, an IT auditor plays a crucial role throughout the software development life cycle (SDLC) to ensure
that the software is developed, deployed, and maintained in a secure and compliant manner. Here are
their roles in each stage:

1. **Planning Phase:**

- **Risk Assessment:** Identifying potential risks associated with the software project and outlining
audit objectives accordingly.

- **Compliance Review:** Ensuring that the project complies with relevant regulations, industry
standards, and internal policies.

2. **Requirements Gathering:**

- **Reviewing Requirements:** Assessing if security, compliance, and risk management considerations

are adequately addressed in the software requirements.

- **Analyzing Controls:** Evaluating the proposed controls and security measures.

3. **Design Phase:**

- **Security Design Review:** Assessing the security architecture and design to identify potential
vulnerabilities or weaknesses.

- **Compliance Check:** Ensuring that the design aligns with regulatory requirements and industry
standards.

4. **Development Phase:**

- **Code Review:** Examining the code for security flaws, vulnerabilities, and adherence to coding
standards.

- **Testing Oversight:** Monitoring the testing process to verify that security and compliance
considerations are being tested appropriately.

5. **Implementation/Deployment Phase:**

- **Configuration Audit:** Verifying that the software is properly configured and deployed according to
security and compliance standards.

- **Change Management Review:** Ensuring that changes made during deployment align with
established controls and procedures.

6. **Operations and Maintenance Phase:**

- **Monitoring and Assessment:** Continuously evaluating the system's performance, security, and
compliance post-deployment.

- **Incident Response:** Assisting in incident response and conducting post-incident reviews to

strengthen controls.

7. **Retirement/Replacement Phase:**

- **Data Handling and Disposal:** Ensuring proper handling and disposal of sensitive data when
retiring or replacing software.

- **Documentation Review:** Reviewing documentation to ensure completeness and accuracy for

future reference or auditing purposes.

Throughout these stages, the IT auditor collaborates with development teams, project managers, and
stakeholders to provide guidance, recommendations, and assurance regarding security, compliance, and
risk management aspects of the software development process.
430
435
443
453
462
473
485
501
507
521
533