© 2019 SourceMedia. All rights reserved.

Evolving technology calls for more disciplined approach from auditors

The concept of Software Development Life Cycle is a natural mechanism of an organization that develops, co-manages and supports digital code as part of its technology ecosystem. The many rules and theories behind the SDLC processes have existed since the very first time we embarked as humankind to program logic into machines.

As the maturity of our technology increases, along with the ability of humankind to traverse into faster and more efficient coding, an even more disciplined approach to how we approach code in our environments is required.

The basic premise of SDLC processes is not only to achieve, maintain and audit compliance with regulations, but also to ensure all code management in the ecosystem follows good management and development practices. It drives common practice across portfolios of code, and it consistently helps drive the single rule of thumb, which is to reduce cost and increase efficiency, all while being compliant and risk-averse. Delivery in a common methodology, and consistent deliverables to the stakeholders – regardless of the type of platform that is getting developed, enhanced and maintained – is another critical component.

audit trail.jpg
Coaxial cables connect to a computer server unit inside a communications room at an office in London, U.K., on Monday, May 15, 2017. Governments and companies around the world began to gain the upper hand against the first wave of an unrivaled globalcyberattack, even as the assault was poised to continue claiming victims this week.Photographer: Chris Ratcliffe/Bloomberg

The objectives of the ISACA-developed Windows File Server Audit/Assurance Program is primarily to inform management regarding the effectiveness of software assurance governance, application development, verification and review, and deployment. The audit/assurance review will rely upon other IT governance audits, including those covering identity and access management, operational areas and third-party management of software assurance. The software audit/assurance program seeks to:

  • Provide developers and auditors with a methodology for managing and evaluating end-to-end software development
  • Identify control areas in the categories of governance, software development, verification and review, and deployment
  • Evaluate the effectiveness of the enterprise’s existing software development methodology

The software audit/assurance program encompasses the following domains:

  • Governance
  • Software development
  • Verification and review
  • Deployment

Keep in mind there needs to be a framework to abide by and discipline in order to achieve maximum conformance to the rules of code management. Pragmatically, challenging one’s organization not to create red tape that impedes creativity is important. However, one must also regulate the creativity in a streamlined channel, which results in a better environment that is balanced for maximum efficiency of the transformation and the “keeping the lights on” process of a company’s typical software ecosystem.

(This post originally appeared on the ISACA blog, which can be viewed here).

For reprint and licensing requests for this article, click here.