Scribd Logo
Upload

Welcome to Scribd!

  • ACCT 4342 - CH 17 - Preclass

    Uploaded by

    Andrea Galeazzi Rosillo
    11 views9 pages
    AIS Notes

    Original Title

    ACCT 4342 - Ch 17 -Preclass

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    AIS Notes

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views9 pages

    ACCT 4342 - CH 17 - Preclass

    Uploaded by

    Andrea Galeazzi Rosillo
    AIS Notes

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Chapter 17

    Auditing IT Controls Part III:


    Systems Development & Program
    Changes
    NOTE: Excludes Application Auditing
    Pre-Class Lecture Notes

    OBJECTIVES:

    Learn the purpose and steps of the


    SDLC
    Review the controls in place for
    system/application development

    ACCT 4342

    System (Application)
    Development

    The multi-stage process of


    developing and/or purchasing
    information systems.
    Not limited to accounting systems
    Methodology used: SDLC System
    Development Lifecycle
    Documentation in the various phases
    of development is BOTH a control
    and evidence of a control; CRITICAL
    ACCT 4342

    Reminder of IT Application Development

    Application
    Developm
    ent
    New App
    Developm
    ent
    ACCT 4342

    Application
    Maintenan
    ce
    4

    Systems (Application) Development Lifecycle

    A logical sequence of activities used


    to:
    identify new systems needs
    develop new systems to support those
    needs

    A model for reducing risk through


    planning, execution, control, and
    documentation
    5 phases
    ACCT 4342

    System (Application) Development


    Life Cycle

    Will not be tested on


    specific phases of
    SDLC on this slide
    this is for reference
    only

    Figure 13-1

    ACCT 4342

    System (Application) Development Controls


    Controllable activities that distinguish an
    effective systems development process
    include:
    Systems authorization
    Before development begins must justify the need
    and authorize activity to begin
    Formal request and approval process

    User specification
    No matter how technical; the system is for the
    users and development done based on needs of
    users.
    ACCT 4342

    System (Application) Development Controls


    Technical design
    User specifications Technical specification
    System Analysis, feasibility analysis and
    detailed system design

    Internal audit participation


    Remember IA should be independent &
    objective and technically qualified
    IA involved to help oversee the process ;
    checkpoint; way to be sure steps and
    procedures followed
    IA involved in all phases of the SDLC

    ACCT 4342

    System (Application) Development


    Controls

    Program testing

    ALWAYS test before you implement


    Tests the logic of the program against
    expected and predetermined results
    Test design is important

    User test and acceptance procedures


    Comprehensive full test of the system
    Users, system professionals, IA
    Document all tests done and results
    Last chance to say NO before it goes live
    ACCT 4342

    You might also like