Professional Documents
Culture Documents
and Auditing
Systems
Maintenance
Maintenance Authorization, Testing,
and Documentation
The benefits achieved from controlling new system development
can be quickly lost during system maintenance if control does
not continue into that phase
Access to programs is
completely unrestricted
Controlling Access to
Maintenance Command
Access to the maintenance commands themselves should be
password-controlled.
Separate Test Libraries
Direct access to the production SPL is
limited to an authorized librarian who
approves all requests to modify, delete,
and copy programs.
Controlling Access to
Maintenance Command
Access to the maintenance commands themselves should be
password-controlled.
Program Version Numbers
With each modification to the
program, the version number is
increased by 1.
Controlling Access to
Maintenance Command
Access to the maintenance commands themselves should be
password-controlled.
Audit Objectives Related to
System Maintenance
(1) maintenance procedures protect applications from
unauthorized changes
Identify Identify
Test Access to
Unauthorized Application
Libraries
Changes Errors
• Reconcile the source code.
• Reconcile program version • Review programmer
• Review test results.
numbers. authority tables.
• Retest the program.
• Confirm maintenance • Test authority table
authorization