Scribd Logo
Upload

Welcome to Scribd!

  • Phase VII - System Application

    Uploaded by

    Ezekiel Malazzab
    8 views16 pages
    report chap 5 CIS

    Original Title

    ezerpt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    report chap 5 CIS

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views16 pages

    Phase VII - System Application

    Uploaded by

    Ezekiel Malazzab
    report chap 5 CIS

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Phase VII System Application

    Database structures are created and populated with data


    Equipment is purchased and installed
    Employees are trained
    System is documented
    New system is installed
    Engage in implemenatation
    Designers
    Programmers
    Database administrators
    Users
    Accountants
    Testing the Entire System
    When modules are coded and tested, it must brought
    together and tested as a whole.
    When satisfied, formal acceptance document will be
    complete.
    Formal acceptance document reconcile differences and
    assigning responsibility to post-implementation review.
    Documenting the System
    Documentation provide essential information about how system
    works.
    Three Important Groups:
    System designers and programmers
    Computer operators
    End users

    Note that System programmers and computer operators must be


    separated for security and control reasons.
    Designer and Programmer
    System flowchart
    Program Flowchart
    Program Code Listing
    User Scheme
    Novices
    Occasional users
    Frequent light users
    Frequent power users

    User Handbook (Online Documentation)


    Tutorials
    Help Features
    Converting the Databases
    Database conversion is a critical step in implementation phase
    Transfer of data from current form to the format or medium required
    by new system
    Very labor intensive
    Data conversion is risky and must be carefully controlled with these
    precautions:
    Validation
    Reconciliation
    Backup
    Converting to the New System

    Also called cutover, system usually follow three approaches:


    Cold Turkey Cutover (Big Bang Approach)
    Phase Cutover
    Parallel Operation Cutover
    The Auditors Role in System Implementation

    External auditors are prohibited by SOX form direct


    involvement in system implementation but internal auditors
    as stakeholder may get involved in the following ways:
    Provide Technical Expertise
    Specify Documentation Standards
    Verify Control Adequacy and Compliance with SOX
    Post-Implementation Review
    Most important steps in implementation stage
    Reviewed by independent team to measure success system
    and process after all are settled
    Provides internal and external auditor evidence regarding
    adequacy of SDLC in general and its risk
    Valuable post-implementation evidence:
    Systems Design Adequacy
    Accuracy of Time, Cost, and Benefit Estimates
    Phase VIII System Maintenance
    Final phase of life cycle
    Formal process by which application programs undergo
    changes to accommodate changes in user needs
    Five years or longer maintenance period, depends on the
    industry competitiveness
    Represent significant resource outlay compared to initial
    development costs
    Controlling and Auditing the SDLC
    Accuracy of the financial data in the clients databases bears
    directly on the auditors opinion
    In CBIS, financial data are processed (accessed, stored, and
    updated) by computer applications, its program accuracy
    and integrity affects financial data (corrupted or incorrectly
    reported in the FS), which auditors render an opinion
    Auditors seek efficient and effective ways to limit the
    application testing
    Controlling New Systems Development
    Control activities relating to authorization, development, and
    implementation of the original system:
    Systems Authorization Activities
    User Specification Activities
    Technical Design Activities
    Internal Audit Participation
    User Test and Acceptance Procedures
    The Controlling System Maintenance

    Determine that application integrity is still intact


    Programming errors may occur that create incorrect
    information that goes undetected by the user
    Program fraud take root in environment of poorly controlled
    maintenance and undetected for years
    Controllable activities relating to System
    Maintenance
    Maintenance Authorization, Testing and Documentation
    Formal authorization
    Technical specification of the changes
    Retesting the system
    Updating the documentation
    Source Program Library Controls
    Source Program Library (SPL)
    The WORST-CASE Situation: No Controls
    Access to programs is completely unrestricted
    Programs are subject to unauthorized changes
    A Controlled SPL Environment
    SPL System (SPLS), protective features and procedures must
    be explicitly addressed
    SPL requires specific planning and control techniques to
    ensure program integrity.
    Control techniques such as:
    Password Control
    Separate Test Libraries
    Audit Trail and Management Reports
    Program Version Numbers
    Controlling Access to Maintenance Commands
    Audit objective related to system maintenance
    Detect unauthorized program maintenance

    Audit procedures related to system maintenance


    Identify Unauthorized Changes
    Reconcile program version numbers
    Confirm maintenance authorization
    Identify application Errors
    Reconciling the source good
    Reviewing the test results
    Retesting the Progrram
    Test access to libraries
    Review programmer authority tables
    Test authority table

    You might also like