Ch04_Systm Develop & Maintennce-1
-
Upload
stephanie-gumapac -
Category
Documents
-
view
216 -
download
0
Transcript of Ch04_Systm Develop & Maintennce-1
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
1/39
Chapter 4:Systems Development &
Maintenance Activities
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
2/39
PARTICIPANTS
Systems professionals
End users
Stakeholders
ACCOUNTANTS Internal
Eternal !imitations of in"ol"ement
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
3/39
ACCOUNTANTS#AU$ITORS
%hy are a&&ountants#auditors in"ol"ed' Eperts in finan&ial transa&tion pro&esses (uality of AIS is determined in S$!C
)o* are a&&ountants in"ol"ed' Users +e,-,. user "ie*s and a&&ountin-
te&hni/ues0
1em2ers of S$!C de"elopment team+e,-,. Control Risk 2ein- minimi3ed0
Auditors +e,-,. audita2le systems0
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
4/39
I,S, A(UISITION
Inhouse de"elopment
Pur&hase &ommer&ialsystems
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
5/39
TREN$S IN CO11ERCIA!
SO5T%ARE
Trends in &ommer&ial soft*are
Relati"ely lo* &ost for -eneral
purpose soft*are Industryspe&ifi& "endors6usinesses too small to ha"e in
house IS staff $o*nsi3in- 7 $$P
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
6/39
Turnkey systems
8eneral a&&ountin- systems Typi&ally in modules
Spe&ialpurpose systems Eample 2ankin-
Offi&e automation systems Purpose is to impro"e produ&ti"ity
6a&k2one systems +ERP0SAP. Peoplesoft. 6aan. 1o"e
9endorsupported systems
)y2rids
TPES O5 CO11ERCIA!
SSTE1S
http://webopedia.internet.com/TERM/E/ERP.htmlhttp://webopedia.internet.com/TERM/E/ERP.html
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
7/39
Ad"anta-es Implementation time Cost
Relia2ility
$isad"anta-es Independen&e
Customi3ation needs1aintenan&e
CO11ERCIA! SSTE1S
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
8/39
SSTE1S $E9E!OP1ENT !I5E
CC!E +S$!C0 Ne* systems
;, Systems plannin-
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
9/39
PURPOSE: To link individual systems projects to the strategic objectives of the firm.
!ink indi"idual proDe&ts to strate-i& o2De&ti"es of the
firm 5i-ure 4< Bp,;4
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
10/39
SSTE1S P!ANNIN8
P)ASE I
!e"el ; F Strate-i& systems plannin- %hy'
;, A &han-in- plan is 2etter than no plan
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
11/39
AuditorHs role in systemsplannin-
Audita2ilitySe&urityControls
SSTE1S P!ANNIN8
P)ASE I
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
12/39
Identify userHs needsPreparin- proposalsE"aluatin- proposalsPrioriti3in- indi"idual proDe&tsS&hedulin- *ork
ProDe&t Plan allo&ates resour&es to spe&ifi&proDe&t
ProDe&t Proposal 8o or not ProDe&t S&hedule represents m-mtHs
&ommitment
SSTE1S P!ANNIN8
P)ASE I
SUMMARY
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
13/39
PURPOSE: Effectively identify and analy!e theneeds of the users for the ne system.
Sur"ey step
$isad"anta-es:Tar pit syndromeThinkin- inside the 2o
Ad"anta-es:
Identify aspe&ts to keep 5or&in- analysts to understand the
system Isolatin- the root of pro2lem symptoms
SSTE1S ANA!SIS
P)ASE II
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
14/39
$ata sour&es
Users
$ata stores
Pro&esses
$ata flo*s
Controls
Transa&tion "olumes
Error rates
Resour&e &osts
6ottlene&ks
Redundantoperations
8atherin- fa&ts
SSTE1S ANA!SIS
P)ASE II
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
15/39
5a&t-atherin- te&hni/ues O2ser"ation Task parti&ipation
Personal inter"ie*s Re"ie*in- key do&uments
+see list. p, ;4@0
Systems analysis report 5i-ure 4= +p,;40
AuditorHs role CAATTs +e,-,. em2edded modules0
SSTE1S ANA!SIS
P)ASE II
CONCEPTUA! SSTE1S $ESI8N
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
16/39
PURPOSE: Develop alternative systems thatsatisfy system re"uirements identified duringsystem analysis
;, Topdo*n +stru&tured desi-n0
Bsee 5i-ure 44. p,;>J Designs general rather than specific Enough details for design to demonstrate differences Example: Figure 4-5 p! "5"
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
17/39
PURPOSE: #rocess that seeks to identify the optimalsolution from the alternatives;, Perform detailed feasi2ility study
Te&hni&al feasi2ility Beistin- IT or ne* IT' !e-al feasi2ility
Operational feasi2ilityDegree of compatibility beteen the firm$s e%isting procedures and personnel skills and re"uirementsof the ne system
S&hedule feasi2ility Bimplementation
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
18/39
ONE-TIME COSTS:
• Hardware acquisition
• Site preparation• Software acquisition
• Sste!s design
• "rogra!!ing
• Testing
• #ata con$ersion
• Training
RECURRING COSTS:
• Hardware !aintenance
• Software !aintenance• Insurance
• Supplies
• "ersonnel
• Allocated e%isting IS
SSTE1 E9A!UATION 7 SE!ECTION
P)ASE I9
'ost()enefit Analysis* 'osts
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
19/39
*+,./0E: In&reased re"enues
In&reased sales ineistin- markets
Epansion into ne*markets
Cost Redu&tion ; !a2or redu&tion Operatin- &ost redu&tion
Supplies o"erhead Redu&ed in"entories !ess epensi"e e/pt, Redu&ed e/pt, maint,
.,*+,./0E 1: In&reased &ustomer
satisfa&tion Impro"ed employee
satisfa&tion 1ore &urrent information Impro"ed de&ision makin- 5aster response to
&ompetitorsH a&tions
1ore effe&ti"e operations 6etter internal and eternal
&ommuni&ations Impro"ed &ontrol
en"ironment
SSTE1 E9A!UATON 7 SE!ECTION
P)ASE I9
'ost()enefit Analysis* )enefits
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
20/39
NP9 ; 2*a#le 4-43 Pay2a&k
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
21/39
PURPOSE: #roduce a detailed description of the proposed system that satisfies systemre"uirements identified during systemsanalysis and is in accordance ith conceptual
design.
User "ie*s $ata2ase ta2les
Pro&esses Controls i,e,. a set of K2lueprintsL
$ETAI!E$ $ESI8NP)ASE 9
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
22/39
$ETAI!E$ $ESI8N P)ASE 9
Quality Assurance
K%alkthrou-hL
(uality assuran&e
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
23/39
$ETAI!E$ $ESI8N P)ASE 9
Detailed Design Report
$esi-ns for input s&reens and sour&e do&uments
$esi-ns for s&reen outputs. reports. operational
do&uments
Normali3ed data2ase
$ata2ase stru&tures and dia-rams
$ata flo* dia-rams +$5$Hs0
$ata2ase models +ER. Relational0
$ata di&tionary
Pro&essin- lo-i& +flo* &harts0
SSTE1 PRO8RA11IN8 7 TESTIN8
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
24/39
SSTE1 PRO8RA11IN8 7 TESTIN8
P)ASE 9I
Program the Application
Pro&edural lan-ua-es E"entdri"en lan-ua-es
OO lan-ua-es Pro-rammin- the system Test the appli&ation M5i-ure 4
Testin- methodolo-y Testin- offline 2efore deployin- online Test data
+hy,
Can pro"ide "alua2le future 2enefits
SSTE1S I1P!E1ENTATION
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
25/39
PURPOSE: Database structures are created and populated ith
data applications are coded and tested e"uipment is purchased and installed employees are trained the systemis documented and the ne system is installed.
Testin- the entire system
$o&umentin- the system Designer and programmer documentation Operator documentation User documentation
,o(ices
Occasional users Freuent light users Freuent po6er users User hand#oo7 *utorials 8elp features
SSTE1S I1P!E1ENTATION
P)ASE 9II
SSTE1S I1P!E1ENTATION
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
26/39
Con"ertin- the data2ases 9alidation Re&on&iliation 6a&kup
Con"ertin- the ne* system8o li"e Auditor in"ol"ement "irtually stopsG Cold turkey &uto"er Phased &uto"er Parallel operation &uto"er
SSTE1S I1P!E1ENTATION
P)ASE 9II
Conversion
SSTE1S I1P!E1ENTATION
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
27/39
Re"ie*ed 2y independent team tomeasure the su&&ess of the system
Systems desi-n ade/ua&y Bsee list p, ;@J A&&ura&y of time. &ost. and 2enefitestimates Bsee list p, ;@J
AuditorHs role
%eHre 2a&kGG Pro"ide te&hni&al epertise Spe&ify do&umentation standards 9erify &ontrol ade/ua&y Eternal auditors
SSTE1S I1P!E1ENTATION
P)ASE 9IIPost-Implementation Review
SSTE1S I1P!E1ENTATION
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
28/39
%eHre 2a&kGG Pro"ide te&hni&al epertise
AIS: 8AAP. 8AAS. SEC. IRS
!e-al So&ial # 2eha"ioral IS#IT +if &apa2le0
Effe&ti"e and effi&ient *ays to limit appli&ationtestin-
Spe&ify do&umentation standards 9erify &ontrol ade/ua&y
COSO SAS No, @ PCAO6 Standard ; Impa&t on s&ope of eternal auditors
SSTE1S I1P!E1ENTATION
P)ASE 9II Auditors Role
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
29/39
PURPOSE: 'hanging systems toaccommodate changes in user needs
J#
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
30/39
"reli!inar
easi'ilit
"ro(ect
Aut)ori*ation
Sste!s
"lanning
Sste!s
Analsis
+onceptual
#esign
Sste!s
Selection
#etailed
#esign
Sste!
I!ple!entation
"ro(ect
"roposal
"ro(ect
Sc)edule
Sste!
Analsis Rpt
##
general-
.R
#iagra!Relational
Model
/or!ali*ed
#ata
easi'ilit
Stud
+ost01enefit
Analsis
Sste!
Selection Rpt
#etailed
#esign Rpt
"rogra!
lowc)arts
"ost0I!pl
Re$iew
#ocu!entationUser
Acceptance Rpt
##
#etail-
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
31/39
A materially flaed financial
application ill eventually corruptfinancial data hich ill then beincorrectly reported in the financial
statements. Therefore theaccuracy and integrity of the -S
directly affects the accuracy of the
client$s financial data.
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
32/39
Systems authori3ation a&ti"ities
User spe&ifi&ation a&ti"ities Te&hni&al desi-n a&ti"ities $o&umentation is e"iden&e of &ontrols $o&umentation is a &ontrolG
Internal audit parti&ipation User test and a&&eptan&e pro&edures Audit o2De&ti"es Audit pro&edures
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Controlling !ew "ystemsDevelopment
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
33/39
Audit o2De&ti"es 9erif' SD0% acti(ities are applied consistentl' and in
accordance 6ith managements policies
9erif' original s'stem is free from material errors andfraud
9erif' s'stem necessar' and $ustified 9erif' documentation adeuate and complete
Audit pro&edures
#ow verify "D$C activities applied consistently% #ow verify system is free from material errors and fraud% #ow verify system is necessary% #ow verify system is &ustified% #ow verify documentation is ade'uate and complete% See page "4 for a list
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Audit ()&ectives * Procedures
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
34/39
5our minimum &ontrols:
5ormal authori3ation Te&hni&al spe&ifi&ations Retestin-
Updatin- the do&umentation
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Controlling "ystems +aintenance
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
35/39
Sour&e pro-ram li2rary &ontrols +hy, +hat trying to prevent, Unauthori3ed a&&ess Unauthori3ed pro-ram &han-es SP!1S 2Figure 4-"; p! "3
SP!1S Controls
Storin- pro-rams on the SP! Retrie"in- pro-rams for maintenan&e purposes $ete&tin- o2solete pro-rams $o&umentin- pro-ram &han-es +audit trail0
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Controlling "ystems +aintenance
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
36/39
Pass*ord &ontrol On a spe&ifi& pro-ram
Separate test li2raries Audit trail and mana-ement reports $es&ri2in- soft*are &han-es
Pro-ram "ersion num2ers Controllin- a&&ess to maintenan&e BSP!
&ommands
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Controlled "P$ ,nvironment
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
37/39
Audit o2De&ti"es $ete&t any unauthori3ed pro-ram
&han-es 9erify that maintenan&e pro&edures
prote&t appli&ations from unauthori3ed&han-es
9erify appli&ations are free from materialerrors
9erify SP! are prote&ted fromunauthori3ed a&&ess
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Audit ()&ectives * Procedures
CONTRO!!IN8 7 AU$ITIN8 T)E
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
38/39
Audit pro&edures 5i-ure 4;4. p,;@ Identify unauthori3ed &han-es
Re&on&ile pro-ram "ersion num2ers Confirm maintenan&e authori3ation
Identify appli&ation errors Re&on&ile sour&e &ode Bafter takin- a sample
Re"ie* test results Retest the pro-ram
Testin- a&&ess to li2raries Re"ie* pro-rammer authority ta2les
Test authority ta2le
CONTRO!!IN8 7 AU$ITIN8 T)E
S$!C
Audit ()&ectives * Procedures
-
8/9/2019 Ch04_Systm Develop & Maintennce-1
39/39
Chapter 4:Systems Development &
Maintenance Activities