Evolving technology calls for more disciplined approach from auditors
The concept of Software Development Life Cycle is a natural mechanism of an organization that develops, co-manages and supports digital code as part of its technology ecosystem. The many rules and theories behind the SDLC processes have existed since the very first time we embarked as humankind to program logic into machines.
As the maturity of our technology increases, along with the ability of humankind to traverse into faster and more efficient coding, an even more disciplined approach to how we approach code in our environments is required.
The basic premise of SDLC processes is not only to achieve, maintain and audit compliance with regulations, but also to ensure all code management in the ecosystem follows good management and development practices. It drives common practice across portfolios of code, and it consistently helps drive the single rule of thumb, which is to reduce cost and increase efficiency, all while being compliant and risk-averse. Delivery in a common methodology, and consistent deliverables to the stakeholders – regardless of the type of platform that is getting developed, enhanced and maintained – is another critical component.
The objectives of the ISACA-developed Windows File Server Audit/Assurance Program is primarily to inform management regarding the effectiveness of software assurance governance, application development, verification and review, and deployment. The audit/assurance review will rely upon other IT governance audits, including those covering identity and access management, operational areas and third-party management of software assurance. The software audit/assurance program seeks to:
- Provide developers and auditors with a methodology for managing and evaluating end-to-end software development
- Identify control areas in the categories of governance, software development, verification and review, and deployment
- Evaluate the effectiveness of the enterprise’s existing software development methodology
The software audit/assurance program encompasses the following domains:
- Software development
- Verification and review
Keep in mind there needs to be a framework to abide by and discipline in order to achieve maximum conformance to the rules of code management. Pragmatically, challenging one’s organization not to create red tape that impedes creativity is important. However, one must also regulate the creativity in a streamlined channel, which results in a better environment that is balanced for maximum efficiency of the transformation and the “keeping the lights on” process of a company’s typical software ecosystem.
(This post originally appeared on the ISACA blog, which can be viewed here).