Unifying Governance, Risk and Controls Framework Using SDLC, CICD and DevOps

Abstract

This paper aims to study different software development frameworks and propose an efficient and comprehensive framework for handling Software Development Life Cycle (SDLC) in an IT Project. Risks and controls, work products and IT Audit risk parameters for each phase are also analysed. Furthermore, it covers Continuous Integration Continuous Deployment/Deliver (CICD) during support to the project along with management of code, branching strategies, storage of code, and CICD Pipelining. The paper also introduces Development-Operations (DevOps) and teaming structures to orchestrate project’s success. It also depicts the importance of cross functional teams in a DevOps environment.