Professional Documents
Culture Documents
141 Auditing IT Projects Audit Report Template
141 Auditing IT Projects Audit Report Template
141 Auditing IT Projects Audit Report Template
Conducted in Conformance with the International Standards for the Professional Practice of Internal Auditing
TABLE OF CONTENTS
Audit Issuance Letter.......................................................................................................................1
Executive Summary.........................................................................................................................2
Audit Objective and Scope..............................................................................................................3
Objective......................................................................................................................................3
Scope of Audit.............................................................................................................................3
Scope Changes.............................................................................................................................3
General Background........................................................................................................................4
Key Business / Audit Risks..............................................................................................................5
Audit Details & Observations..........................................................................................................6
Findings and Recommendations......................................................................................................8
Action Plan....................................................................................................................................10
This report provides management with information about the condition of risks and internal controls at one point in time. Future changes in
environmental factors and actions by personnel will impact these risks and internal controls in ways this report cannot anticipate. This document
is CONFIDENTIAL for internal use by management only and should not be used, relied upon, or distributed to any third party without prior
written approval.
EXECUTIVE SUMMARY
Provide a high level, 1 page summary of what the system is, its impact on the business, and a
summary of the findings noted.
Our overall opinion on the [Insert System Name] Audit is:
SCOPE OF AUDIT
The scope of this audit is:
1. The audit of the SDLC process will review each phase of a system implementation
project. The audit will address the following areas: governance and risk management,
compliance with company procedures and regulation, project management methodology,
budget, internal controls, and business processes.
2. To perform other procedures deemed necessary to achieve the audit objectives.
SCOPE CHANGES
Note any scope changes.
GENERAL BACKGROUND
Provide a general background, as some of the people the report is being distributed to may not
have a good understanding of the old process and the new process. Things that you may wish to
include are:
Brief description of system and why a new system was needed discuss pain points
Impact of the system on the overall business (e.g. the vendor management system
processes 1,000 invoices a day and issues 1,000 checks a day, totaling $1 million days in
transactions).
Discuss project objectives, budget to actual results (cost, timeline, labor hours), and
results of metrics / KPIs.
Provide dates: start date of project, date of implementation.
Discuss if system is subject to regulation (e.g. SOX, PCI DSS, HIPAA, Privacy laws,
etc.)
Inadequate project management procedures could lead to scope creep, a poorly designed
system that does not meet the needs of the business or end users, unclear responsibilities,
lack of communication, inadequate monitoring, and undetected deviations from project
scope. All of these have a direct impact on the budgeted dollars and timelines of the
project. It also indicates a lack of management control over capitalizable projects.
Inadequate security controls result in vulnerabilities that may expose data to unauthorized
access, unauthorized disclosure or theft.
Return on investment fails to meet managements expectations; expected benefits are not
realized or not realized timely.
Project Governance
Business Case & Project Planning
System Development Design & Build
Testing
Pre Go-Live & Data Conversion
Training
Support & Maintenance
Project Assessment
Internal Control Assessment
Pre-System Implementation
Post-System Implementation
Recommendation
[Insert Recommendation]
Control Gap
Owners
Management Response
[Insert Managements Response]
Priority
[Insert
low,
medium,
high]
Audit Follow-Up
[If Finding was addressed during the audit, note follow-up procedures performed and whether or not finding has been closed. If not applicable, delete row.]
No.
2
Control Gap
Recommendation
Owners
Audit Follow-Up
Management Response
Priority
ACTION PLAN
Finding
No.
1
2
3
Action to be Completed
Responsibility
Date Completed
A follow up review of managements implementation of actions in response to the recommendations will be performed [Insert Audit
Follow-Up date / quarter].
10