Scribd
Upload
109 views15 pages

Controlling Auditing: and The SDLC

The document discusses controlling and auditing the systems development life cycle (SDLC). It outlines key activities like system authorization, user specification, technical design, and internal audit participation. It then discusses audit objectives related to new system development like verifying SDLC processes are followed and systems are necessary, justified, and free from errors. Audit procedures described include checking for proper authorization and feasibility studies. The document also covers controlling system maintenance through change control, separate test libraries, access controls, and audit trails. Finally, it discusses audit objectives and procedures related to system maintenance.

Uploaded by

Hezeen Mae Maritoria Fuentes
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
109 views15 pages

Controlling Auditing: and The SDLC

The document discusses controlling and auditing the systems development life cycle (SDLC). It outlines key activities like system authorization, user specification, technical design, and internal audit participation. It then discusses audit objectives related to new system development like verifying SDLC processes are followed and systems are necessary, justified, and free from errors. Audit procedures described include checking for proper authorization and feasibility studies. The document also covers controlling system maintenance through change control, separate test libraries, access controls, and audit trails. Finally, it discusses audit objectives and procedures related to system maintenance.

Uploaded by

Hezeen Mae Maritoria Fuentes
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 15

Controlling and Auditing the SDLC

Controlling and Auditing the SDLC

Controlling New System Development

System Authorization Activities


All system must be properly authorized to ensure their economic justification and feasibility.

User Specification Activities

User must be actively involved in the systems development process. The user can and should provide a detailed written description of the logical needs that must be satisfied by the system. The creation of a user specification document often involves the joint efforts of the user and system professional.

Technical

Design Activities

The technical design activities translate the user specification into set of detailed technical specification of a system that meets the user needs.

Internal Audit

Participation

The internal Auditor can serve as a liaison between users and the system

User Test and Acceptance Procedure

System Authorization Activities

Audit Objectives Related to New System Development

Verify that SDLC are applied consistently and in accordance with managements policies. Determine that the system as originally implemented was free from material errors and fraud. Confirm that the system was judged to be necessary and justified at various checkpoints throughout the SDLC. Verify that the system documentation is sufficiently accurate to facilitate audit and maintenance activities.

Audit Procedure Related to New System Development

User and computer services management properly authorized the project. A preliminary feasibility study showed that the project has merit. A detailed analysis of user needs was conducted that resulted in alternative general designs. A cost-benefit analysis was conducted using reasonably accurate figures. The projects documentation shows that the detailed design was an appropriate and accurate solution to the users problem. Test results show that the system was thoroughly tested at both the individual module and the total system level before implementation. There is a checklist of specific problems detected during the conversion period, along with evidence that they were corrected in the maintenance phase. Systems documentation complies with organizational requirements and standards .

Controlling System Maintenance Maintenance Authorization, Testing and Documentation Source Program Library Controls The Worst-Case Situation: No Controls A Controlled SPL Environment

Password Control Separate Test Libraries Audit Trail and Management Reports Program Version Numbers Controlling Access to Maintenance Commands

Audit Objective Related to system Maintenance Maintenance procedures protect applications from unauthorized changes Application are free from material errors Program libraries are protected from unauthorized access

.
System Development Programmers

Source Program Library

Production Load Library

Source Program

Compiler Program

Object Module

Link Edit Program

Program PP Load Module

System Maintenance Programmers

Production Application

Figure 1: Uncontrolled Access to the Source Program Library

System Development S Programmers

Systems Development Test Library Application Program 00

SPL Applicatio n Program 05 Compile and Link Edit

Systems Maintenance S Programmers

Systems Maintenance Test Library Application Program


0 5

Maintenance Request 05 Program Listing 05 Program Change Report 05 0

Application Load Module 05

Documentation File Production

Figure 5.13 Source Program Library under the Control of SPL Management Software

Auditing SPL Software System


System Development Test Library

SPL Management System


Source Program Library (SPL) Application program

Systems Development Programmers

Applicatio n Program 00 Systems Maintenance Test Library

Authorizes and Requests New Applications


System Maintenance Programmers Authorizes and Requests Program Changes User Management

05

Compile and Link Edit the Application Program

Application Program
05

Maintenance Request
#5 Program

Load Library Application Load Module


0 5 Auditor compares the current program version number in the documentation file with the current version number of the production programs. Discrepancies indicate undocumented program changes

Auditor Confirms Maintenance request with user management to verify maintenance authorization and content

Listing
05

Program Change Report


05

Auditor reconciles program maintenance request, program listings and accuracy of program maintenance

Documen -tation File

Audit Procedure Related to System Maintenance Identify Unauthorized Changes Reconcile program version number Confirm maintenance authorization Identify Application Errors Reconcile the source code Review test results Retest the Program

Test Access to Libraries Review Programmer authority tables Test Authority tabe

You might also like