The need for IT audits: Recognizing the risks

Especially for APP and DB migration, IT audit is essential due to several risks:

- Risk of data loss: If the migration is not validated, there is a risk of losing critical data.

- Compatibility risk: Improper migration can prolong system downtime, and the change in architecture may be incompatible with existing infrastructure.

- Service risk: A migrated system may impact other systems due to changes in interfaces or batch jobs. 

- Compliance risk: Failure to meet regulatory standards during migration can lead to legal issues.

So, let's start with the differences between APP migration and DB migration.

1. APP Migration 

APP migration is primarily aimed at improving performance and scalability and meeting changing business needs, which often entails a major overhaul of functionality.

APP migration involves migrating the app stack, including code and configuration files. It may require architectural changes and requires code validation and compatibility testing.

Migrating code and logic may change existing interfaces and batch operations. It may also require significant code changes to rebuild the application or improve the UX.

You need to ensure data consistency and integrity throughout the migration process.

APP migration should consider compatibility of related services (interfaces, batch jobs, etc.) and infrastructure.

It must be verified against management-approved test procedures and acceptable results, which may vary somewhat depending on the development methodology.

2. DB Migration

DB migrations are typically performed for compatibility/performance reasons that involve version upgrades or platform changes.

It essentially involves data and schema migration, and may include ETL processes or tuning or backup/rollback strategies.

Similar to APP Migration in terms of the importance of data consistency and integrity. 

In an IT Audit performed as part of an accounting audit, financially significant tables, account balances, and balance sheets are important verification elements.

DB Migration needs to assess compatibility with existing or new applications. 

The test procedure should consider the following.


For both APP and DB migrations, you should evaluate whether relevant reports, such as interim reports, inspection reports, and completion reports, contain these contents.
You should evaluate if integration tests were performed where system calculations, interfaces, and outputs were tested.
You should evaluate whether user testing was performed to ensure that the system was designed for users and that migration was performed according to their requirements.
Evaluate if test documentation, approvals, and results were thoroughly written and documented.
Evaluate whether stakeholder and executive approvals were obtained by following the appropriate SDLC/project management processes.
Consideration should be given to the SDLC/project management process to determine what approvals should be obtained and at what point.
Evaluate whether go-live has been accomplished based on the test results and migration results compiled primarily by the PI, business management, finance, etc.

Obtain reports related to system implementation for the target project.
Verify that the project reports contain complete and accurate information and that management has reviewed and approved them.
- Evaluate management's signature on test documentation.
- Evaluate whether the reports contain statements about the accuracy and completeness of the data.
- Evaluate the adequacy of the data migration procedures between the old and new systems.
- Evaluate whether management approval exists before the migration is performed.
- Evaluate whether the data migration included all the data that should have been migrated.
- Evaluate whether the data migration is documented and includes details of any anomalies.
- Evaluate whether data migration errors or adjustments are documented and resolved with reporting and follow-up to management.

In addition, consideration should be given to whether robust backup and rollback plans are in place in the event of a migration failure.

IT auditing in the area of migration is an essential audit area to validate data consistency during the migration process, as well as ensuring that other services are not impacted and that compatibility and functionality are intact.