Professional Documents
Culture Documents
In-house development
Purchase commercial
systems
PHASE IV
PURPOSE: Process that seeks to identify the optimal
solution from the alternatives
1. Perform detailed feasibility study
Technical feasibility [existing IT or new IT?]
Legal feasibility
Operational feasibility
Degree of compatibility between the firm’s existing
procedures and personnel skills, and requirements
of the new system
Schedule feasibility [implementation]
1. Perform a cost-benefit analysis
Identify costs
Identify benefits
Compare the two
IT Auditing & Assurance, 2e, Hall & Singleton
SYSTEM EVALUATION & SELECTION-
PHASE IV
Cost-Benefit Analysis: Costs
Auditor’s role
Managerial accounting techniques 3
• Escapable costs
• Reasonable interest rates
• Identify one-time and recurring costs
• Realistic useful lives for competing projects
• Determining financial values for intangible
benefits
IT Auditing & Assurance, 2e, Hall & Singleton
DETAILED DESIGN–PHASE V
PURPOSE: Produce a detailed description of the
proposed system that satisfies system
requirements identified during systems
analysis and is in accordance with conceptual
design.
User views
Database tables
Processes
Controls
i.e., a set of “blueprints”
IT Auditing & Assurance, 2e, Hall & Singleton
DETAILED DESIGN– PHASE V
Quality Assurance
• “Walkthrough”
• Quality assurance
• Procedural languages
• Event-driven languages
• OO languages
• Programming the system
• Test the application {Figure 4-8]
– Testing methodology
– Testing offline before deploying online
– Test data
• Why?
• Can provide valuable future benefits
IT Auditing & Assurance, 2e, Hall & Singleton
SYSTEMS IMPLEMENTATION–
PHASE VII
PURPOSE: Database structures are created and populated with
data, applications are coded and tested, equipment is
purchased and installed, employees are trained, the system
is documented, and the new system is installed.
80/20 rule 1
Importance of documentation?
Facilitate efficient changes
Facilitate effective changes (at all!)
Systems System
Analysis Analysis Rpt
Conceptual DFD
Design (general)
Password control
On a specific program
Separate test libraries
Audit trail and management reports
Describing software changes
Program version numbers
Controlling access to maintenance [SPL]
commands
Audit objectives
Detect any unauthorized program
changes
Verify that maintenance procedures
protect applications from unauthorized
changes
Verify applications are free from material
errors
Verify SPL are protected from
unauthorized access
IT Auditing & Assurance, 2e, Hall & Singleton
CONTROLLING & AUDITING THE
SDLC
Audit Objectives & Procedures
Audit procedures
Figure 4-14, p.179
Identify unauthorized changes
Reconcile program version numbers
Confirm maintenance authorization
Identify application errors
Reconcile source code [after taking a sample]
Review test results
Retest the program
Testing access to libraries
Review programmer authority tables
Test authority table
IT Auditing & Assurance, 2e, Hall & Singleton
Chapter 4:
Systems Development &
Maintenance Activities