Which of the following is MOST important for an IS auditor to assess during a post-implementation review of a newly modified IT application developed in-house?
Which of the following is MOST important for an IS auditor to assess during a post-implementation review of a newly modified IT application developed in-house?
During a post-implementation review of a newly modified IT application developed in-house, it is crucial to assess the sufficiency of implemented controls. This ensures that the necessary measures are in place to manage risks, protect data, maintain system integrity, and ensure compliance with relevant policies, standards, and regulations. Rollback plans, end user manuals, and resource management plans, while important, do not address the immediate need to verify that the controls in place are effective and sufficient.
B. Sufficiency of implemented controls
While rollback plans for changes (Option A) are important for mitigating risks associated with implementation issues or unforeseen consequences of modifications, the sufficiency of implemented controls is of greater importance during a post-implementation review. Assessing the sufficiency of controls ensures that appropriate measures are in place to manage risks, protect data, maintain system integrity, and ensure compliance with relevant policies, standards, and regulations.