Project Management Resources - The Institute of Internal Auditors

Project Management Resources
System Conversion Audit article
Internal auditors play a valuable role in ensuring that IT investments are well managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project's life cycle, not just in post-implementation assessments.

Project Management References (PDF)

MetSIG newsletter (PDF) on PMO measurement Managing major projects (PDF) (Page 10 of NAO report "The Millennium Dome") [full report (PDF)also available]Lessons from the Public Accounts Committee's examination of 25 projects (PDF) - (full issue of Focus 9 (PDF) also available)

Tips for managing risk in IT projects (PDF) (figure12 of NAO report "Supporting Innovation: Managing Risk in Government Departments" [full report (PDF) also available]

The Project Management Institute (PMI) provides some excellent materials in support of project management.

Other Project Management Resources

Maturity Models

Project Management Office (PMO) and the SEI CMM

Software Engineering Institute
ROI of Software Process Improvement by David F. Rico

Resources for the PMO and the SEI CMM

SEI CMM Assessment

Software Engineering Institute

ITRB Published Reports

The committee also coordinated the preparation of the third edition of Information Technology Control Guidelines and was involved in various Year 2000 CICA publications. Following reorganization at the CICA in the late 1990s, ITAC's role was broadened to provide support and advice with respect to IT matters as they affect the profession. As such, its focus is now on:

Emerging IT issues that affect, or may affect, assurance services or financial or business reporting, and
Responding, commenting and providing advice and assistance on IT matters affecting the profession, when requested.

Over the past two years, ITAC has prepared:

road map for auditing e-business, outlining IT-related issues that it feels need to be considered by the Assurance Standards Board
A booklet, 20 Questions Directors Should Ask About IT; and
A research report on Electronic Audit Evidence
As part of the research studies program, ITAC is sponsoring the brochure 20 Questions Directors Should Ask About Privacy to guide an organization's board of directors in evaluating personal information privacy issues that might arise in discharging its responsibilities. The brochure might also be of interest to members of other governance bodies, such as audit committees and information technology steering committees. The brochure highlights key questions that directors should ask about their responsibilities with respect to understanding privacy risk, managing privacy risk, implementing a privacy compliance regime and obtaining privacy assurance. The surrounding commentary is drawn from Privacy Compliance: A Guide for Organizations & Assurance Practitioners, also sponsored by ITAC. The guide offers a framework that organizations can use to develop appropriate privacy control systems and discusses the assurance practitioner's role in providing value-added services on privacy.

ITAC is also coordinating a series of white papers on IT topics considered significant to the CA profession and business community:

Audit & Control Implications of XBRL highlights issues that will need to be considered once XBRL is implemented for financial and business reporting.
Security for Wireless Systems focuses on the main issues that need to be considered when wireless networks and devices like cell phones and personal digital assistants are used for transmission of data.
Using an Ethical Hacking Technique to Assess Information Security Risk explores an ethical hacking technique - referred to in the IT community as penetration testing - that organizations are increasingly using to evaluate the effectiveness of information security measures.

OGC's (Office of Government Commerce) Successful Delivery Toolkit describes proven good practice for procurement, programs, projects, risk and service management. The toolkit brings together policy and best practice in a single point of reference. It helps you to ask the critical questions about capability and project delivery; it gives practical advice on how to improve.

AFFIRM Some excellent reports are available. AFFIRM White Papers - Emerging Issues Forum
One of AFFIRM's core objectives is to provide an opportunity for members to participate in the development and implementation of policy effecting federal information technology and information resources management. The featured mechanism to enable such participation is the Emerging Issues Forum. The Emerging Issue Forum (EIF) is open to AFFIRM members and non-members, both federal and industry based. Through the EIF, AFFIRM seeks to select critical emerging issues that require debate, framing, and analysis, and to present reflective implications, findings, and recommendations for consideration by the federal IT/IRM community. To this end, AFFIRM attempts to provide a unique, public/private viewpoint, unconstrained by organizational bounds.

The SANS resources related to audit and security

Quick Search Advanced Search Site Map IIA Popular Pages CIA Exam Content CFSA Individual Memberships Code of Ethics Information Technology		Home / Professional Guidance / Information Technology / IT Resources / Project Management Resources Project Management Resources System Conversion Audit article Internal auditors play a valuable role in ensuring that IT investments are well managed and have a positive impact on an organization. Their assurance role supports senior management, the audit committee, the board of directors, and other stakeholders. Internal auditors need to take a risk-based approach in planning their many activities on IT project audits. With limited audit resources, auditors must focus on the highest-risk project areas, while adding value to the organization. Audit best practices suggest internal auditors should be involved throughout a project's life cycle, not just in post-implementation assessments. Project Management References (PDF) MetSIG newsletter (PDF) on PMO measurement Managing major projects (PDF) (Page 10 of NAO report "The Millennium Dome") [full report (PDF)also available]Lessons from the Public Accounts Committee's examination of 25 projects (PDF) - (full issue of Focus 9 (PDF) also available) Tips for managing risk in IT projects (PDF) (figure12 of NAO report "Supporting Innovation: Managing Risk in Government Departments" [full report (PDF) also available] The Project Management Institute (PMI) provides some excellent materials in support of project management. The Knowledge and Wisdom Center Government Forum Meeting Information Other Project Management Resources American Health Information Management Association American Society for the Advancement of Project Management, Inc. Maturity Models Projects Experts Solutions Berkeley Project Management Office (PMO) and the SEI CMM Software Engineering Institute ROI of Software Process Improvement by David F. Rico Resources for the PMO and the SEI CMM Pragma Systems Corporation Pacificedge Project Management Leadership Group CA Life Cycle Management ADP CMD Corporation SEI CMM Assessment Software Engineering Institute ITRB Published Reports The committee also coordinated the preparation of the third edition of Information Technology Control Guidelines and was involved in various Year 2000 CICA publications. Following reorganization at the CICA in the late 1990s, ITAC's role was broadened to provide support and advice with respect to IT matters as they affect the profession. As such, its focus is now on: Emerging IT issues that affect, or may affect, assurance services or financial or business reporting, and Responding, commenting and providing advice and assistance on IT matters affecting the profession, when requested. Over the past two years, ITAC has prepared: road map for auditing e-business, outlining IT-related issues that it feels need to be considered by the Assurance Standards Board A booklet, 20 Questions Directors Should Ask About IT; and A research report on Electronic Audit Evidence As part of the research studies program, ITAC is sponsoring the brochure 20 Questions Directors Should Ask About Privacy to guide an organization's board of directors in evaluating personal information privacy issues that might arise in discharging its responsibilities. The brochure might also be of interest to members of other governance bodies, such as audit committees and information technology steering committees. The brochure highlights key questions that directors should ask about their responsibilities with respect to understanding privacy risk, managing privacy risk, implementing a privacy compliance regime and obtaining privacy assurance. The surrounding commentary is drawn from Privacy Compliance: A Guide for Organizations & Assurance Practitioners, also sponsored by ITAC. The guide offers a framework that organizations can use to develop appropriate privacy control systems and discusses the assurance practitioner's role in providing value-added services on privacy. ITAC is also coordinating a series of white papers on IT topics considered significant to the CA profession and business community: Audit & Control Implications of XBRL highlights issues that will need to be considered once XBRL is implemented for financial and business reporting. Security for Wireless Systems focuses on the main issues that need to be considered when wireless networks and devices like cell phones and personal digital assistants are used for transmission of data. Using an Ethical Hacking Technique to Assess Information Security Risk explores an ethical hacking technique - referred to in the IT community as penetration testing - that organizations are increasingly using to evaluate the effectiveness of information security measures. OGC's (Office of Government Commerce) Successful Delivery Toolkit describes proven good practice for procurement, programs, projects, risk and service management. The toolkit brings together policy and best practice in a single point of reference. It helps you to ask the critical questions about capability and project delivery; it gives practical advice on how to improve. AFFIRM Some excellent reports are available. AFFIRM White Papers - Emerging Issues Forum One of AFFIRM's core objectives is to provide an opportunity for members to participate in the development and implementation of policy effecting federal information technology and information resources management. The featured mechanism to enable such participation is the Emerging Issues Forum. The Emerging Issue Forum (EIF) is open to AFFIRM members and non-members, both federal and industry based. Through the EIF, AFFIRM seeks to select critical emerging issues that require debate, framing, and analysis, and to present reflective implications, findings, and recommendations for consideration by the federal IT/IRM community. To this end, AFFIRM attempts to provide a unique, public/private viewpoint, unconstrained by organizational bounds. The SANS resources related to audit and security		IT Resources Review some of the latest IT Resources available for IT auditing. GTAG Series Read and download the entire Global Technology Audit Guides (GTAG). GAIT Project Learn more about the ongoing IT auditing guidance project known as the Guide to the Assessment of ITGeneral Controls Scope Based on Risk (GAIT). Information Technology