My Account
Get Started

Auditing Software Development and DevOps

22 Lessons
CPEs 4.5
Auditing

Learn how to audit modern software development and DevOps environments. This course explores SDLC controls, CI/CD pipelines, code repositories, and security testing—helping auditors assess risk, evaluate evidence, and ensure strong governance in fast-paced development settings.

Course video preview

Current Status

Not Enrolled

Get Started

View Pricing & Plans
Access all courses starting at $25/m

Course Description

Course 6 of 9 in our IT Audit Learning Path! Today’s organizations build and deploy software faster than ever through agile development, DevOps, and automation—but that speed introduces new risks and control challenges. Auditing Software Development and DevOps equips auditors and IT risk professionals with the knowledge to confidently evaluate these environments. You’ll explore how software is planned, designed, developed, tested, and deployed, and learn to identify control weaknesses at each stage of the SDLC.

Through real-world examples and walkthroughs of repositories, CI/CD pipelines, and security testing processes, this course demonstrates how to gather audit evidence, assess automated controls, and validate the integrity of modern development workflows. By the end, learners will be prepared to audit software development and DevOps practices with a clear understanding of both the technology and the risks that surround it.

This course covers topics that align with concepts addressed in Domain 3 of the Certified Information Systems Auditor (CISA®) exam framework. It is not affiliated with, endorsed by, or sponsored by ISACA®, nor does it guarantee exam preparation or certification outcomes.

In this course, you'll learn...

Course Objectives

To explain common software development methodologies (Waterfall, Agile, DevOps/CI-CD) and their implications from an audit perspective.

To identify risk and control considerations within the software development lifecycle (SDLC).

To evaluate code repository controls, including access restrictions, change approvals, and segregation of duties.

To assess the role of automated pipelines and CI/CD workflows in managing changes securely.

To understand the principles of security testing (SAST, DAST, threat modeling) and how to evaluate evidence related to these processes.

To conduct walkthroughs and sample tests of development and release processes to identify potential deficiencies.

To recognize common audit findings, red flags, and leading practices when auditing software development and DevOps processes.

How you'll apply these skills...

Evaluate SDLC Controls: Review planning, design, development, and deployment documentation to confirm risks are identified, mitigated, and properly approved at each phase

Inspect Code Repositories: Examine commit histories, pull requests, and branch protections in tools like GitHub or GitLab to verify change reviews and segregation of duties

Assess CI/CD Pipelines: Analyze YAML or JSON pipeline configurations to confirm automated testing, approvals, and rollback mechanisms are enforced

Test DevOps Governance: Determine whether automation, monitoring, and infrastructure-as-code practices maintain proper controls without sacrificing speed or quality

Review Security Testing Evidence: Validate that static and dynamic scans are performed, vulnerabilities are tracked, and remediation is documented and approved

Trace Audit Evidence: Follow code changes end-to-end—from user stories to production deployment—to confirm compliance, accountability, and traceability throughout the lifecycle

Course Instructor

Michael Carroll, CPA, CISA, CISM

Michael is an accounting and information security professional. He is also an Adjunct Professor at several higher education institutions, where he is responsible for teaching various accounting and information technology courses.

Michael earned his MBA in Accounting and B.S. in Accounting / Accounting Information Systems from Canisius University. Additionally, Michael is a Certified Public Accountant (CPA) and a Certified Information Systems Security Professional (CISSP). Michael is a current member of the NYCPA’s Education Committee and has been an Advisory Board Member for the Academy of Finance (AOF) since 2020.

Michael enjoys traveling, hiking, and watching the Buffalo Bills. He has also participated in several marathon events.

Course Content

Integrated Audit Case Study and Wrap-Up 2 Topics
Final Exam: Auditing Software Development and DevOps

Additional Info

Format

5-20 min. videos, 2 quizzes, and a final assessment

Field of study

Auditing

CPE Credits

CPEs 3.0

Prerequisites

Completion of prior courses in Wisdify’s IT Audit Learning Path is recommended.

Corey

Corey is the owner of Wisdify.  He is passionate about learning and development, he loves helping people achieve their professional and personal goals. Corey is a big believer in the power of online learning and community with 15 years of finance and accounting experience.

Joe

Joe is the owner of Wisdify.  He is passionate about learning and development, he loves helping people achieve their professional and personal goals. Joe is a big believer in the power of online learning and community with 20 years of finance and accounting experience.

 

Kelsey Murphy

Kelsey is Wisdify’s expert content developer. Taking feedback from our students, Kelsey creates extremely relevant blog posts and leads the development of Wisdify’s other free resources.

Prior to Wisdify, Kelsey worked as a business technology strategy consultant for Forrester, a global research and advisory firm. While there, she acted as project manager for numerous research-based consulting projects.

Kelsey earned a BA in Economics and Mathematics from Wellesley College.

Madison Bess

Madison oversees the social media strategy at Wisdify and makes sure we stay closely connected with our students, receive their feedback, and provide our students with valuable information.

Prior to Wisdify, Madison successfully ran the social media accounts for multiple companies. She also found time to start her own personal training company (which she still runs).

Madison earned a BA in English from Brigham Young University.

Maryn Coughran

Maryn is a co-founder and leads the marketing and outreach efforts at Wisdify. She ensures we are connecting with our customers, hearing their feedback, and then implementing their suggestions.

Prior to Wisdify, Maryn co-founded (along with Nate) BostonExcel, a Microsoft Excel training company that worked with dozens of companies in virtually every industry. Maryn’s clients included numerous Fortune 1000 companies, prestigious universities, startups and everything in between. She also happened to write and illustrate a children’s book. Let’s just say she’s a woman of many talents.

Maryn earned a BA in Economics from Wellesley College.

The Buckaroos

Gwyn, Jack, and Kate are the adorable tow-heads that lead up Wisdify’s campaigns on cuteness, energy, and sleep-deprivation.