I would say that most IT auditors and CAEs are familiar with pre-implementation reviews.
These are audit engagements designed to proactively work with management when there are system implementations. They provide assurance, advice, and insight on the effectiveness of the internal controls and security that will exist when the system is live.
Pre-implementation reviews are not limited to system implementations. The same approach can be used for process re-engineering, the development of a new capability, an acquisition, organization right-sizing, and more.
I really like what is said in this ISACA article, Now Is the Time for IT Auditors to Perform Advisory Pre-Implementation Reviews:
Demand for digital transformation is increasing as enterprises endeavor to offer more innovative products or services and modernize legacy IT environments. This presents an opportunity for IT auditors to champion the advisory pre-implementation review to senior management. During an advisory pre-implementation review, internal audit provides observations and recommendations to management to enhance the control environment prior to the deployment of a digital solution. The advisory pre-implementation review is a proactive approach that allows for course corrections to be made throughout deployment, as opposed to a reactive response…
