Proximus
Internal Auditor
Freelancer Opportunity
Job title: Internal Auditor
Contract duration: 2025-10-13 to 2025-12-31
Role Description:
The main objective of this audit assignment will be to assess the effectiveness of the Non-Functional Requirements management in Business and Technical Projects (covering among others business continuity, cybersecurity and privacy requirements) to avoid technical debt introduction in newly developed solutions and platforms, and to maximize their service levels.
Perimeter Coverage:
Development/integration made by the Digital Transformation and IT Business Unit as well, as the IT development for the network in the Network Business Unit.
Out-of-scope:
Historical debt: architectural debt (e.g. historical architecture choice), suboptimal configuration, technical debt due to legacy applications not being decommissioned yet.
Debt associated to potentially delayed software maintenance (delayed upgrade).
Use cases developed by Proximus ADA for security and AI are out of scope
More concretely, the audit must provide answers to following questions:
Is the NFR management framework managed within Digital Transformation and IT and Network IT as per good practices of the industry (e.g. ISO, ITIL, COBIT, …)
a. Confirm the existence of effective Generic NFRs, Specific NFRs (by service type), technical NFRs (by technology type)
b. Validate clear and endorsed Roles and Responsibilities in organization to produce, maintain NFRs and enforce them in projects
c. Confirm the effective integration of NFRs in the IT project methodology in use (Impact of agile modus operandi on nonfunctional requirements management are they considered properly by Product owners are NFRs delivery on time, on correct expenditure costs). Assess effectiveness of supporting tools offered to stakeholders of projects to manage their NFRs.
d. Does NFR management framework support architectural governance for future proof IT landscape (e.g. aiming to reduce complexity and redundancy).
e. Is Budget ensuring NFRs management properly quantified, allocated and controlled.
f. Ensure proper knowledge management and awareness of involved stakeholders around technical debt avoidance practices in project.
Investigate the measures taken to avoid or limit the technical debt of recently introduced piece of codes or IT platforms. Are delivered projects respecting at least security, business continuity and privacy by-design good practices (as per policies and standards) thank to the proper identification, design, prioritization, implementation and testing of NFRs. Confirm that Service levels of recently upgraded selling, ordering and servicing applications and systems for our customers have not been impacted by technical debt introduced because of non-mature management of NFRs during projects.
What is the Impact of move-to-cloud strategy on NFRs proper management?
What are the best recommendations to ensure effective, efficient and compliant way to manage NFRs in projects
At the end of the audit, an opinion must be given:
If new technical debt is added in production by running both business and technical projects managed by Digital Transformation and IT and Network IT for which reasons,
What is the (potential) impact on Service Levels Agreements and
Which structural action must be taken to avoid it.
Suggested approach for substantive testing of controls
Assess a sample of projects (spread in main delivery tribes in scope) being recently delivered or being developed, to detect how many NFRs have been selected/produced, prioritized and properly delivered. Conclude about the average technical debt created at any delivered epics/projects. (sample to be validated with key auditees and audit department at time of assignment scoping)