Top 10 Software Acquisition Auditing Checklist

As most common risks associated with acquiring software are that the selected solution does not satisfy the intended purpose or is not technically feasible. As consequences of a poor software purchase are increased costs, missed deadlines, or neglected requirements. To off set these risks, the IT auditor should evaluate the following controls:

1. Alignment with the company’s business and IT strategy
2. Definition of the information requirements
3. Feasibility studies (cost, bene. ts, etc.)
4. Identification of functionality, operational acceptance, and maintenance requirements
5. Conformity with existing information and system architectures
6. Adherence to security and control requirements
7. Knowledge of available solutions
8. Understanding of the related acquisition and implementation methodologies
9. Involvement and buy-in from the user
10. Supplier requirements and viability