Professional Documents
Culture Documents
SYSA – 410
Lecture Five
2
Introduction
• In this lecture, business application development and systems is discussed
through addressing developing a system and change controls.
• Alternative forms and auditing application controls are also addressed in this
lecture as well.
3
Developing a system
• The process of developing a computer system is referred to as Systems Development Life
Cycle (SDLC)
• Steps followed in this process:
• Analyse
• Design
• Code
• Test
• Retest
• Redesign
• Reset
• Run
• Audit
4
Developing a system cont’d
• There are various forms of this SDLC but overall, it splits tasks into the following:
• Feasibility study
• Outline design
• Detailed design
• Code, tests, and implement
• Conversion
• Installation
• Post-implementation review
5
Change control
• Change control’s objective is to manage and control risk
6
Causes of maintenance due to change
controls
• New requests from users and managers
7
Why do systems fail
• Poor support from management.
8
Auditor’s role in systems development
• An auditor needs to make sure that controls within the project management are
adequate and provide assurance that the system delivers as required and
whether business control processes have been incorporated in the design of the
new/ amended system.
9
Information system vendors
• System acquisition usually requires purchasing, leasing or renting computer
resources from IS vendors
• Acquiring IT resources like software still needs active involvement from the user.
10
Advantages of acquiring IT resources
• Lower cost
• Less risk
• High quality
• Less time
11
Request for information
• The initial stage in system acquisition is issuing a Request for Information (RFI).
• RFI is issued early during the overall development process with purposes of
gathering information on the currently available products when the acquisition of
an external package is being considered
12
Requirements definition
• This is the second stage following a successful RFI.
13
Request for proposal
• The third stage in system acquisition is a request for proposal.
• The request for proposal is then sent to a vendor to elicit bids for any of delivery,
tailoring and implementation of the packaged solution.
14
Installation
• Once the contracts have been signed by both parties, it is expected that the
package will be delivered and installation will happen as a matter of course.
15
System maintenance
• System maintenance involves checking, changing and enhancing the system to make it
more useful in obtaining user and organisation goals.
16
System maintenance review
• This is the process of analysing existing systems to ensure they are operating as intended
and may be event or time driven.
• Training
• Reliability
• Mission
17
What are systems
• Systems are defined as a set of elements that interact to accomplish goals and
objectives
18
Characteristics of a system
• Accuracy
• Completeness
• Economy
• Reliability
• Relevance
• Simplicity
• Timeliness
• Verifiability
19
Classification of a systems
• Simple vs complex
• Open vs closed
• Stable vs dynamic
• Adaptive vs non-adaptive
• Permanent vs temporary
20
Conclusion
• The overall concept of an SDLC process is addressed.
• All the tasks that are important in developing or acquiring a system are looked
from an IT audit perspective
21
End of Lecture
• Thank you!
22
References & Further reading
• Cascarino, R.E., 2007. Auditor's guide to information systems auditing. John
Wiley & Sons.
• Champlain, J.J., 2003. Auditing information systems. John Wiley & Sons.
• Hunton, J.E., Bryant, S.M., and Bangranoff, N.A..2004. Core Concepts of
Information Technology Auditing. John Wiley and Sons.
• Weber, R.A.1998. Information Systems Control and Auditing, Pretice Hall
23