- CISA Chapter 3.7.6 “Certification/Accreditation p. 171.
- CISA Chapter 3.8 “Post-Implementation Review ” , pp. 171-172
- CISA Chapter 3.81 “IS Auditor’s Role in Post-Implementation ” , pp. 172-173
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Lei Tian says
A Post Implementation review is conducted after completing the project. Its activities aim to evaluate whether project objectives were met, how effectively the project was run, lessons for the future, and the actions required to maximise the benefits from the project outputs. The Project Manager will use this information to complete the Post Implementation Review document and provide recommendations of ongoing actions required to fully realise the benefits, deliver operational requirements such as training, and enable guidance for future projects based on lessons learned.
Ying Cheng says
After reading the materials, I learn that security accreditation provides a form of QC and challenges managers and technical staff at all levels to implement the most effective security controls possible in an information system, given mission requirements, and technical, operational and cost/schedule constraints. By accrediting an information system, a senior official accepts responsibility for the security of the system and is fully accountable for any adverse impact to the organization if a breach of security occurs. Thus, responsibility and accountability are core principles that characterize accreditation.
Yu Hu says
The thing that I am intereted is Post-Implementation review. The PIR process is an evaluation of whether a standard is achieving its objective by providing financial statement users with relevant information in ways that justify the cost of providing it. It is an important quality control mechanism built into FASB’s standard-setting process which begins after the issuance of select standards. During the PIR process, the Board solicits and considers diverse stakeholder input and other research to evaluate the standards that are issued and whether there are areas of improvements the Board should address.
Yijing Zhan says
I am interested in subsection 3.7.6 because approval is a formal management decision (given by senior officials) that authorizes the operation of the information system and explicitly accepts the organization’s operations, assets or personal risks based on the following facts: A set of agreed protocol security control requirements and implementation.
Xiaohan Chen says
Through reading, I am very interested in the role of IS auditor after implementation. A process of activities in which the IS auditor IS entrusted or authorized to collect and evaluate evidence to determine whether a computer system IS effective in protecting assets, maintaining data integrity, and achieving organizational objectives in the most efficient manner.
Xiaomeng Chen says
IS AUDITOR’S ROLE IN POST-IMPLEMENTATION REVIEW:
1.Determine if the system’s objectives and requirements were achieved.
2.Determine if the cost benefits identified in the feasibility study are being measured, analyzed and accurately reported to management.
3.Review program change requests performed to assess the type of changes required of the system. The type of changes requested may indicate problems in the design, programming or interpretation of user requirements.
4. Review controls built into the system to ensure that they are operating according to design.
5.Review operators’ error logs to determine if there are any resource or operating problems inherent within the system.
6.Review input and output control balances and reports to verify that the system is processing data accurately.
Yujia Hu says
An IS Auditor performing a post-implementation review should be in dependent of the system development process.
#Determine if the system’s objectives and requirements were achieved.
#Determine if the cost benefits identified in the feasibility study are being measured, analyzed and accurately reported to management.
#Review program change requests performed to assess the type of changes required of the system. The type of changes requested may indicate problems in the design, programming or interpretation of user requirements.
# Review controls built into the system to ensure that they are operating according to design.
#Review operators’ error logs to determine if there are any resource or operating problems inherent within the system.
#Review input and output control balances and reports to verify that the system is processing data accurately.
Yalin Zou says
After reading this material, I think safety certification is very interesting. Safety certification provides a formality and is a challenge for both managers and technicians. Through security certification, the organization is fully responsible for the adverse impact of a security violation.
Haoyu Bai says
An IS auditor should perform the following functions when post-implementation review:
• Determine if the system’s objectives and requirements were achieved.
• Determine if the cost benefits identified in the feasibility study are being measured, analyzed and accurately reported to management.
• Review program change requests performed to assess the type of changes required of the system.
• Review controls built into the system to ensure that they are operating according to design. If an EAM was included in the system, this module should be used to test key operations.
• Review operators’error logs to determine if there are any resource or operating problems inherent within the system.
• Review input and output control balances and reports to verify that the system is processing data accurately.
Yiqiong Zhang says
The closure process should determine whether project objectives were met or excused and should identify lessons learned to avoid mistakes and encourage repetition of good practices. In contrast to project closure, a post-implementation review typically is carried out in several weeks or months after project completion, when the major benefits and shortcomings of the solution implemented will be realized. The review is part of a benefits realization process and includes an estimate of the project’s overall success and impact on the business. A post-implementation review is also used to determine whether appropriate controls were built into the system. It should consider both the technical details and the process that was followed in the course of the project, including the following:
Adequacy of the system
Projected cost versus benefits or ROI measurements
Recommendations that address any system inadequacies and deficiencies
Plan for implementing any recommendations
Assessment of the development project process
And it is also important to allow a sufficient number of business cycles to be executed in the new system to realize the new system’s actual ROI.
Tianyu Zhang says
After reading CISA, I was interested in IS auditor’s role in Post-Implementation. An IS auditor performing a post-implementation review should be independent of the system development process. Therefore, an IS auditor involved in consulting with the project team on the development of the system should not perform this review. Unlike internal project team reviews, post-implementation reviews performed by an IS auditor tend to concentrate on the control aspects of the system development and implementation processes.
It is important that all audit involvement in the development project be thoroughly documented in the audit work papers to support an IS auditor’s findings and recommendations. This audit report and documentation should be reused during maintenance and changes to validate, verify and test the impact of any changes made to the system. The system should periodically undergo a review to ensure the system is continuing to meet business objectives in a cost-effective manner and control integrity still exists.
Shengyuan Yu says
Through reading, I learned about certification and I‘m interested in IS Auditor’s Role in Post-Implementation.
Security certification provides a form of QC and challenges managers and technicians at all levels to implement the most effective security control in the information system given task requirements and technical, operational, and cost/plan constraints. Responsibility and accountability are the core principles of certification.
The IS auditor who conducts the post-implementation review should be independent of the system development process. It is important that all audit work involved in the development project must be fully recorded in the audit work file to support the findings and recommendations of the IS auditor.
Zhiyuan Lian says
The review is part of a benefits realization process and includes an estimate of the project’s overall success and impact on the business. A post-implementation project review should be performed jointly by the project development team and appropriate end users. Typically, the focus of this type of internal review is to assess and critique the project process, whereas a post-implementation review has the objective of assessing and measuring the value the project has on the business.
Zijie Yuan says
After reading these material ,I am interested in IS auditor’s role in post-implementation. An IS auditor should perform the following functions:
• Determine if the system’s objectives and requirements were achieved
• Determine if the cost benefits identified in the feasibility study are being measured, analyzed and accurately reported to management.
• Review program change requests performed to assess the type of changes required of the system.
• Review controls built into the system to ensure that they are operating according to design.
• Review operators’ error logs to determine if there are any resource or operating problems inherent within the system.
• Review input and output control balances and reports to verify that the system is processing data accurately.
Yongheng Luo says
I am still interested in the role the IT auditor play in the post-implementation review. Because everyone should understand his or her job duties. The IT auditor who performs the post-implementation review should have no connection to the system development process. Therefore, the IT auditor who consulted with the project team on the development of the system should not perform this review. Unlike internal project team reviews, post-implementation reviews performed by information systems auditors tend to focus on the control aspects of the system development and implementation processes.All audits performed on the development project shall be fully documented in the audit working paper to provide support for the findings and recommendations of the IT auditor. This audit report and documentation should be reused during maintenance and changes to validate, validate, and test the impact of system changes. The business system should be periodically reviewed to ensure that the system is cost-effective and consistently achieving business objectives while maintaining the integrity of the controls.
Yanxue Li says
Certification is a process by which an assessor organization performs a comprehensive assessment against a standard of management and operational and technical controls in an information system. The goal is to determine the extent to which controls are implemented correctly, operating as intended and producing the desired outcome with respect to meeting the system’s security requirements.
A post-implementation review typically is carried out in several weeks or months after project completion, when the major benefits and shortcomings of the solution implemented will be realized. The review is part of a benefits realization process and includes an estimate of the project’s overall success and impact on the business.
An IS auditor performing a post-implementation review should be independent of the system development process. All audit involvement in the development project be thoroughly documented in the audit work papers to support an IS auditor’s findings and recommendations. This audit report and documentation should be reused during maintenance and changes to validate, verify and test the impact of any changes made to the system.
Yuting Yang says
The IS Auditor is entrusted or authorized to collect and evaluate evidence to determine whether the computer system IS effective in protecting assets, maintaining data integrity, and achieving organizational objectives in the most effective manner.
The IS auditor who conducts the post-implementation review shall be independent of the system development process. Therefore, the IS auditor involved in consulting with the project team on system development should not perform this audit. Unlike internal project team reviews, post-implementation reviews performed by IS auditors tend to focus on the control aspects of system development and implementation processes.
Yutong Sun says
Based on the reading of these materials, I receive the knowledge that the implementation of the system is a critial stage of the system, it is at the same important position with the planning of the system, at the stage of planning the system, I learned the plan of the system should contain what activities the planner are outght to complete. In addition, at the stage of the implementation of the system is to test what problems still not be addressed in the aspect of risks and any weakness of its functions, and then, according the findings of these problems, the adminstrators take measurements to handle the problem.
Xuemeng Li says
In order to provide accurate project results information, improve the project, and optimize the release of project resources, the project should be officially closed. The process of closing needs to avoid mistakes and learn from experience, and determine whether the project goals are in agreement or understood. Unlike the end of the project, the post-implementation review is usually carried out within a few weeks or months after the completion of the project in order to collect and identify the main advantages and disadvantages of the solutions that have been implemented.
The post-implementation review is a link in the realization of the process, which will have an impact on the overall goals and final success of the project. After the implementation of the review, determine whether there are appropriate controls in the system, and consider the following: 1.Adequacy of the system. 2.Projected cost versus benefits or ROI measurements. 3.Recommendations that address any system inadequacies and deficiencies. 4.Plan for implementing any recommendations. 5.Assessment of the development project process
Yue Ma says
After reading the materials, the most interesting things I think is an IS auditor role of post-implementation.An IS auditor performing a post-implementation review should be independent of the system development process. Therefore, an IS auditor involved in consulting with the project team on the development of the system should not perform this review. Unlike internal project team reviews, post-implementation reviews performed by an IS auditor tend to concentrate on the control aspects of the system development and implementation processes.
Dacheng Xu says
IS auditors who conduct post-implementation reviews should follow the system development process.
# Determine whether the goals and requirements of the system are met.
# Determine whether the cost benefit determined in the feasibility study is being measured, analyzed and accurately reported to the host.
# Review the executed program change requests to assess the type of changes required by the system. The type of change requested may indicate a problem in design, programming, or interpretation of user needs.
#Check the built-in controls in the system to make sure they operate as designed.
#Check the operator’s error log and replace whether there are any inherent resources or operational problems in the replacement system.
#Check the balance of the input and output controls and report to verify that the system is processing the data correctly.
Shengjie Zhang says
I have summarized a few key points of the post-implementation review
1Adequacy of the system
2Projected cost versus benefits or ROI measurements
The post-implementation review aims to evaluate and measure the value of the project to the business.
Lisheng Lin says
An IS auditor performing a post-implementation review should be independent of the system development process. Therefore, an IS auditor involved in consulting with the project team on the development of the system should not perform this review. Unlike internal project team reviews, post-implementation reviews performed by an IS auditor tend to concentrate on the control aspects of the system development and implementation processes. It is important that all audit involvement in the development project be thoroughly documented in the audit work papers to support an IS auditor’s findings and recommendations. This audit report and documentation should be reused during maintenance and changes to validate, verify and test the impact of any changes made to the system. The system should periodically undergo a review to ensure the system is continuing to meet business objectives in a cost-effective manner and control integrity
still exists.
Ziqiao Wang says
Through reading, I am very interested in the role of the IS auditor after implementation. The auditor plays a greater role in the post-implementation review than I do in front of the reading material. no, no, no. The review is part of the revenue realization process, including estimates of the overall success of the project and its impact on the business.
Weiwei Zhao says
I interested in 3.8,it is about POST-IMPLEMENTATION REVIEpartsW.This part introduces two parts:Adequacy of the system:Projected cost versus benefits or ROI measurements.
Hang Zhao says
3.8 Post-implementation review
After the project is officially closed, it will provide accurate information about the project, improve future projects, and achieve an orderly release of project resources. In the closing process, it should be determined whether the project goal has been reached or has been exempted, and lessons should be summarized to avoid the recurrence of errors.
Taking into account the process followed during the project implementation, including
1. Adequacy of the system
2. Expected cost and benefit or ROI measurement
3. Suggestions to solve system deficiencies and defects
4. Any proposed implementation plan
5. Evaluation of the development project process
The envy review after implementation should be jointly performed by the project development team and the corresponding end user. Under normal circumstances, the focus of this type of internal review is to evaluate and evaluate the project process, with the goal of evaluating and measuring the value of the project to the business.