Which of the following should be done FIRST when auditing an IT portfolio management process at a large organization?
Which of the following should be done FIRST when auditing an IT portfolio management process at a large organization?
The first step when auditing an IT portfolio management process should be to verify whether the IT project portfolio is kept up to date. Ensuring that the portfolio is current is essential because all subsequent audit activities and analyses, such as conducting walk-through meetings, calculating ROI, or confirming industry best practices, would rely on accurate and relevant data. If the portfolio is not current, any further actions could lead to inaccurate assessments or conclusions.
After verifying the currency of the IT project portfolio (option C), the auditor can then proceed to conduct walk-through meetings with IT project managers (option A) to gather more detailed information about specific projects, their management practices, and challenges. This sequential approach ensures that the audit is thorough and systematically addresses key aspects of the IT portfolio management process. Therefore, option C, verifying whether the IT project portfolio is kept up to date, is the appropriate first step when auditing an IT portfolio management process at a large organization.
When auditing an IT portfolio management process at a large organization, the FIRST step should be: C. Verify whether the IT project portfolio is kept up to date. Ensuring that the IT project portfolio is current is essential before performing other audit activities. If the portfolio is not up to date, any subsequent analysis, such as calculating ROI or assessing best practices, would be based on outdated information, leading to potentially inaccurate or misleading conclusions. Starting with this verification ensures that the audit is based on accurate and relevant data.