Collins Harp Enterprises
Recommending IT Systems Development Controls
BACKGROUND
‘You are the new information technology (IT) audit specialist at the accounting firm of Townsend and
‘Townsend, LLP. One of the audit partners, Harold Mobley, asked you to evaluate the effectiveness of
general and application IT-related controls for a potential new audit client, Collins Harp Enterprises,
which is a privately-held business. During a round of golf last week, an executive of Collins Harp
Enterprises asked Harold to have someone with good IT training look at the company’s IT’ systems
development process. Harold recently summarized the following information about Collins Harps IT
systems development process based on his recent conversation with Linda Seth, IT Vice President at
Collins Harp.
IT SUMMARY
Because of the company’s unique business processes, Collins Harp Enterprises develops most of
its computer software applications in-house. Over the past several years, Linda Seth has been able
to hire several good software programmers with relatively strong programming experience. She has
assembled a team of five programmers who handle most of the application and systems programming
needs. Because of their strong backgrounds, Ms, Seth involves al five programmers in new application
developments or modifications to existing applications and also involves all of them in operating,
security, utility, and other system software programming and maintenance tasks. The staffs relatively
versatile, and any one of them is able to handle the programming demands of most changes.
Linda notes that because the programmers are typically more “free-spirited,” she prefers to
give the programmers relatively free latitude in the development of new applications or modifications
to existing applications. She comments that the programmers like to view their work as a form
of art. Asa result, she notes that the programmers “attack” the programming logic development
using their own, unique programming style and approach. She believes that such “freedom” for the
programming staff enhances the quality of the application development.
New applications are generally initiated by Linda after she identifies suggestions for changes
to existing applications based on conversations with similar IT personnel at other companies.Because she regularly attends IT development conferences, she believes that she is in the best
position to identify ways to improve current application procedures. Occasionally, non-IT personnel
(like accounting department personnel who work with the accounting systems) identify suggested
changes. Linda notes that she generally hears about application changes or new application ideas
from non-IT personnel in informal settings such as over lunch in the company cafeteria or when
bumping into people in the office hallways. She also monitors emerging trends in the industry, such
as the growing use of cloud computing. When that occurs, she makes a mental note to take back to
her programming staf.
‘When applications are developed or changes are made, the assigned programmer generally
telephones or emails the non-IT personnel primarily responsible for the application to discuss the
programmer's suggested modification and to get their unofficial “blessing” to proceed. Occasionally,
the programmer meets with the respective personnel, if requested. However, the programmers
generally feel that such meetings have limited benefit because users have very little understanding,
of the progeamming logic used
the programmer is making a modification to an existing application, he or she makes copy
of the current version of the software program being used so that they don't have to reprogram the
entire application. Before beginning, the programmer generally tries to meet with the programmer
who was previously involved with any programming associated with this application to get a “big
picture feel” for the application. Given the small size of the programming staff, the programmer
can generally identify the person last involved with this application by talking with the other
programmers. The programmer locates documents related to the programming logic maintained
in the programming department's files. Generally, this documentation includes electronic files and
memos that contain the programmer's notes about his or her programming logic used to program
the software application. The newly assigned programmer is able to recreate a trail of the most
recent modifications to the application from these notes.
Programmers test all application developments and modifications. To increase the
independence of the testing, Linda assigns a different programmer to perform the testing of the
application before implementation. The test programmer creates a fictitious data set by copying.
one of the actual data sets used in the relevant application. The test programmer performs a test
of the new application or modification and documents the results. Linda says that there are tight
controls over program testing because of her detailed reviews of all program test results and personal
approval of each progeam before implementation into live production. And, she adds that copies of
all test results are maintained in the files for subsequent review.
‘Once Linda believes that the program is accurately processing the test data, she approves
the program for implementation into live production. Linda notes that it is a big event for
the programmers when their application is ready for implementation. She comments that the
programmers take pride in the completion of the project and that all the programmers celebrate
once the project programmer announces that he or she has compiled the final version into object
code and forwarded the object code version to the IT Librarian.