141 Auditing IT Projects Audit Report Template

 [insert company logo]

INTERNAL AUDIT R EPORT EPORT

[INSERT SYSTEM NAME] PRE- & POSTSYSTEM IMPLEMENTATION AUDIT R EPORT EPORT #[INSERT #]

TABLE OF CONTENTS Audit Issuance Letter.......................................................................................................................1 Executive Summary.........................................................................................................................2 Audit Objective and Scope..............................................................................................................3 Objective......................................................................................................................................3 Scope of Audit.............................................................................................................................3 Scope Can!es.............................................................................................................................3 "enera# $ac%!round........................................................................................................................& 'ey $usiness ( Audit )is%s..............................................................................................................* Audit +etai#s , Observations..........................................................................................................indin!s and )ecommendations....................................................................................................../ Action 0#an....................................................................................................................................1

[Update tabe !" !$te$t% a%t]

AUDIT ISSUANCE ISSUANCE LETTER LET TER I%%a$e I%% a$e Date: [I$%e't I$%e 't Date D ate ( Rep!'t D)%t')bt)!$

Insert Addresses At)!$ Ite* O+$e'%

Insert Action Item O4ners 5e Insert System 6ame 0re7 and 0ost7 System Imp#ementation Audit8 Audit8 number Insert Audit 6umber8 is bein! re#eased for !enera# distribution distribution as of tis date. 5e objective9s: and scope of tis en!a!ement en!a!ement is noted in te Audit Objective and Scope section of tis report. A summary summary of te audit procedures  performed is noted in te te Audit Audit +etai#s and Observations Observations section of tis tis report. )esponses ave been obtained from te app#icab#e o4ner for eac recommendation deve#oped from our examination. A## findin!s8 findin!s8 recommendations8 and mana!ement responses 9in teir entirety: entirety: ave been incorporated in te indin!s and )ecommendations section of tis report. A fo##o4 up revie4 of mana!ement;s imp#ementation of actions in response to te recommendations 4i##  be performed Insert +ate. Interna# Audit Audit notes tat sufficient and appropriate audit procedures ave been conducted and evidence !atered to support te accuracy of te conc#usions conc#usions reaced and contained in tis report. 5e conc#usions 4ere based on a comparison of te situations8 as tey existed at te time time a!ainst audit criteria. 5e conc#usions are on#y app#icab#e app#icab#e for te process examined. 5e evidence !atered meets professiona# professiona#

EXECUTIVE SUMMARY   Provide a high level, 1 page summary of what the system is, its its impact on the business, and a  summary of the findings noted. Our overa## opinion on te Insert System 6ame Audit is<

Exce##ent 9no findin!s: "ood 9minor findin!s: Satisfactory 9moderate findin!s:  6eeds Improvement 9si!nificant findin!s:

>nsatisfactory 9materia# findin!s:

AUDIT OBJECTIVE AND SCOPE O,ECTI.E 5e objective of te pre7 and post7imp#ementation revie4 of Insert System 6ame is as fo##o4s< 1. 0rovide 0rovide mana!ement mana!ement 4it 4it an independent independent assessm assessment ent of te pro!ress pro!ress88 ?ua#ity ?ua#ity and attainment of project objectives8 at defined mi#estones 4itin te project8 b ased off of company po#icies and procedures. 2. 0rovide 0rovide mana!ement mana!ement 4it 4it an assessm assessment ent of te te ade?uacy ade?uacy of project project mana!ement mana!ement metodo#o!ies and tat te metodo#o!ies are app#ied consistent#y across a## projects. 3. 0rovide 0rovide mana!ement mana!ement 4it 4it an eva#uation eva#uation of te te interna# interna# contro#s contro#s of propos proposed ed business business  processes at a point in te deve#opment cyc#e 4ere enancements can be easi#y imp#emented and processes adapted. &. 0rovide 0rovide mana!ement mana!ement 4it 4it an assessment assessment of te ade?uacy ade?uacy of security security contro# contro#ss imp#emented. *. 0rovide 0rovide mana!ement mana!ement 4it 4it an eva#uation eva#uation of te te project project metrics metrics ( '0Is '0Is and expected expected  benefits stated 4itin te project business case report.

SCOPE OF AUDIT 5e scope of tis audit is< 1. 5e 5e audi auditt of te S+LC S+LC proc proces esss 4i## 4i## revie4 revie4 eac eac pase pase of a syst system em imp#e imp#eme ment ntat atio ion n  project. 5e audit 4i## address te fo##o4in! areas< !overnance and ris% mana!ement8

GENERAL BACKGROUND 0rovide a !enera# bac%!round8 as some of te peop#e te report is bein! distributed to may not ave a !ood understandin! of te o#d process and te ne4 process. 5in!s tat you may 4is 4is to inc#ude are< • •

•

• •

$rief description of system and 4y a ne4 system 4as needed @ discuss pain points Impact of te system on te overa## business bu siness 9e.!. te vendor mana!ement system  processes 18 invoices a day and issues 18 cec%s a day8 tota#in! 1 mi##ion mi##ion days in transactions:. +iscuss project objectives8 bud!et to actua# resu#ts 9cost8 time#ine8 #abor ours:8 and resu#ts of metrics ( '0Is. 0rovide dates< start date of project8 date of imp#ementation. +iscuss if system is subject to re!u#ation 9e.!. SOB8 0CI +SS8 I0AA8 0rivacy #a4s8 etc.:

KEY BUSINESS / AUDIT RISKS 5e %ey ris%s re#ated to imp#ementin! a system are as fo##o4s< •

•

•

•

Inade?uate project mana!ement procedures cou#d #ead to scope creep8 a poor#y desi!ned system tat does not meet te needs of te business or end users8 unc#ear responsibi#ities8 #ac% of communication8 inade?uate monitorin!8 and undetected deviations from project scope. A## of tese tese ave a direct impact on te bud!eted do##ars and time#ines of te  project. It a#so indicates a #ac% of mana!ement contro# over capita#iDab#e projects. Inade?uate system imp#ementation procedures resu#tin! from poor p#annin!8 poor or insufficient user testin!8 system issues not bein! reso#ved8 inade?uate security measures for bot net4or% and app#ication8 #ac% of communication8 inade?uate#y desi!ned automated contro#s or edit cec%s. 5is 4ou#d ave a direct impact on te system;s abi#ity to inte!rate 4itin te existin! infrastructure8 te functiona#ity of te system8 te  productivity and buy7in of emp#oyees8 data inte!rity8 comp#eteness and accuracy8 te system bein! vu#nerab#e to a security compromise. co mpromise. It a#so indicates a #ac% of mana!ement contro# over te project. Inade?uate security contro#s resu#t in vu#nerabi#ities tat may expose data to unautoriDed access8 unautoriDed disc#osure or teft. )eturn on investment fai#s to meet mana!ement;s expectations expected benefits are not rea#iDed or not rea#iDed time#y. A #ac% of mana!ement contro# over systems cou#d #ead to non7comp#iance of re?uired

AUDIT DETAILS & OBSERVATIONS IA performed performed an audit of te Insert System 6ame System Imp#ementation 0roject 9te F0rojectG: based on te system deve#opment #ifecyc#e8 4ic consisted of te fo##o4in! pases< 1. 2. 3. &. *. -. H. /. .

0roj 0rojec ectt "ove "overn rnan ance ce $usine $usiness ss Case Case , 0roje 0roject ct 0#an 0#annin nin! ! System System +eve +eve#op #opmen mentt @ +esi +esi!n !n , $ui#d $ui#d 5estin! 0re 0re "o7L "o7Liv ivee , +ata +ata Conve Convers rsio ion n 5rainin! Suppo Support rt , =ain =ainte tena nance nce 0roj 0rojec ectt Asse Assess ssme ment nt Intern Interna# a# Contro Contro## Asses Assessme sment nt

0re7 0re7S S stem stem Im #eme #ement ntat atio ion n

0ost 0ost7S 7S stem stem Im Im #eme #ement ntat atio ion n

IA notes te resu#ts of eac pase8 as fo##o4s< 1. 0roj 0rojec ectt "ove "overn rnan ance ce Insert a brief summary of te resu#ts of eac pase. 2. $usine $usiness ss Case Case , 0rojec 0rojectt 0#anni 0#annin! n! 0ase 0ase Insert a brief summary of te resu#ts of eac pase @ sou#d summariDe audit memorandum. 3. System System +eve# +eve#opm opment ent @ +esi +esi!n !n , $ui# $ui#d d 0ase 0ase Insert a brief summary of te resu#ts of eac pase @ sou#d summariDe audit memorandum.

/. 0roj 0roject ect Ass sses essm sment ent 0as 0asee Insert a brief summary of te resu#ts of eac pase @ ma%e sure to inc#ude te 0roject Lead;s identified #essons #earned and Interna# Audit;s Audit;s assessment of eac item noted. . Intern Interna# a# Cont Contro# ro#ss As Asses sessme sment nt Insert a brief summary of te resu#ts of eac pase @ ma%e sure to note any an y contro# deficiencies.

FINDINGS AND RECOMMENDA RECOMMENDATIONS TIONS N!/ 2

Insert indin!

F)$d)$0 & I*pat

Re!**e$dat)!$ Insert )ecommendation )ecommendation

C!$t'! Gap

O+$e'%

)eference Cobit * mana!ement practice ( activity or  oter best practice ( re!u#ation re?uirement

Insert O4ner of indin!

Ma$a0e*e$t Re%p!$%e Insert =ana!ement;s )esponse

P')!')t1 Insert #o48 medium8 i!

Ad)t F!!+-Up

If indin! 4as addressed durin! te audit8 note fo##o47up procedur es performed and 4eter or not findin! as been c#osed. If not app#icab#e8 de#ete ro4.

/

N!/ 3

F)$d)$0 & I*pat

C!$t'! Gap

Re!**e$dat)!$

O+$e'%

Ad)t F!!+-Up



Ma$a0e*e$t Re%p!$%e

P')!')t1

ACTION PLAN F)$d)$0 N!/ 2 3 4

At)!$ t! be C!*peted

Re%p!$%)b))t1

E%t/ C!*pet)!$ Date

Date C!*peted

A fo##o4 up revie4 of mana!ement;s imp#ementation of actions in response to te recommendations 4i## be performed Insert Audit o##o47>p date ( ?uarter.

1