For CSV Auditors: Building a Better Checklist
As a Computer System Validation (CSV) auditor, the business is relying on you to efficiently evaluate their new system so they can quickly put it into use. An effective evaluation needs to be comprehensive, which can be a large and time-consuming task for new implementations.
The key to a CSV audit that is both effective and efficient is the content of your audit checklist. Here are some key elements to include to ensure your success:
Information about the vendor - Examples: length of product on market, vendor certification, vendor strategy
Quality management details - Examples: quality management system, QA/IT engagement in development, internal audit frequency
Software Development Lifecycle details - Examples: SDLC SOPs, traceability matrix, regulatory requirements
Software Development and Testing - Examples: coding standards, change controls, testing standards, test plans and summaries, regression testing, software design
Software Documentation Standards - Examples: Version control, up-to-date documentation, document retention, disaster recovery
Security - Examples: security measures, access authorization
Procedures - Examples: system support, procedure change control, periodic review
Change Management - Examples: system change documentation, risk determining
Support - Examples: maintenance/support agreement, product history and roadmap, helpdesk
Incident Management - Examples: incident handling and timing, user awareness
Data Integrity - Examples: access controls, passwords
Audit Trails - Examples: functionality, exportability
Training & Personnel - Examples: trained staff, staff qualifications, vendors, subcontractors
As a CSV auditor, you play a crucial role in the system implementation process. The business counts on you to perform an effective and efficient audit that enables them to put their new system and processes into place as soon as possible. Building and using a strong audit plan checklist will enable you to meet those expectations with less effort.