Modern practices in software development, such as DevOps, require that the functions of auditors evolve accordingly. Rather than building plans based on last year’s performance and risk assessments, including internal auditors within DevOps allows companies equip themselves with a means to guard against inefficiencies and opportunities to design control procedures that acknowledge the latest processes and tech. When controls are designed and implemented correctly in DevOps, it enables the organization to address the end-to-end traceability of the change.
This paper details the implementation of internal audit in DevOps, the key risks and challenges involved in the process, as well as, controls to mitigate these risks.