In MIS and IT governance, at which stages of an MIS development life cycle can EDP/IT auditors appropriately contribute independent review and control testing?

Introduction / Context:
Modern organizations embed controls and compliance into systems from the start. EDP (Electronic Data Processing) or IT auditors support this by advising on control design and by independently testing control effectiveness throughout the MIS life cycle. Their involvement reduces risk, improves auditability, and prevents costly rework late in the project.

Given Data / Assumptions:

• MIS development follows phases: planning, analysis/design, implementation, and deployment.
• Controls span governance (policies), design (segregation of duties), and operations (backup, logging).
• Auditors provide independent assessment, not development ownership.

Concept / Approach:
Auditors can add value in each phase. In planning, they review risk assessments and control objectives. In analysis and design, they evaluate proposed controls for access management, change management, and data integrity. In implementation, they test configurations and validate that controls operate as intended, often with computer-assisted audit tools. Continuous involvement ensures traceability from requirements to operating controls, aligning with regulatory expectations and internal policies.

Step-by-Step Solution:

Verification / Alternative check:
Frameworks (e.g., COBIT-inspired practices) encourage early and ongoing control involvement to avoid late-stage compliance gaps.

Why Other Options Are Wrong:
Picking a single phase ignores that control assurance is lifecycle-wide.

Common Pitfalls:
Involving auditors only at go-live; treating control testing as an afterthought rather than a design requirement.

Final Answer:
All of the above