Ch04_Systm Develop & Maintennce-1

8/9/2019 Ch04_Systm Develop & Maintennce-1

1/39

Chapter 4:Systems Development &

Maintenance Activities


2/39

PARTICIPANTS

Systems professionals

End users

Stakeholders

ACCOUNTANTS Internal

Eternal !imitations of in"ol"ement


3/39

ACCOUNTANTS#AU$ITORS

%hy are a&&ountants#auditors in"ol"ed' Eperts in finan&ial transa&tion pro&esses (uality of AIS is determined in S$!C

)o* are a&&ountants in"ol"ed' Users +e,-,. user "ie*s and a&&ountin-

te&hni/ues0

1em2ers of S$!C de"elopment team+e,-,. Control Risk 2ein- minimi3ed0

Auditors +e,-,. audita2le systems0


4/39

I,S, A(UISITION

Inhouse de"elopment

Pur&hase &ommer&ialsystems


5/39

TREN$S IN CO11ERCIA!

SO5T%ARE

Trends in &ommer&ial soft*are

Relati"ely lo* &ost for -eneral

purpose soft*are Industryspe&ifi& "endors6usinesses too small to ha"e in

house IS staff $o*nsi3in- 7 $$P


6/39

Turnkey systems

8eneral a&&ountin- systems Typi&ally in modules

Spe&ialpurpose systems Eample 2ankin-

Offi&e automation systems Purpose is to impro"e produ&ti"ity

6a&k2one systems +ERP0SAP. Peoplesoft. 6aan. 1o"e

9endorsupported systems

)y2rids

TPES O5 CO11ERCIA!

SSTE1S

http://webopedia.internet.com/TERM/E/ERP.htmlhttp://webopedia.internet.com/TERM/E/ERP.html


7/39

Ad"anta-es Implementation time Cost

Relia2ility

$isad"anta-es Independen&e

Customi3ation needs1aintenan&e

CO11ERCIA! SSTE1S


8/39

SSTE1S $E9E!OP1ENT !I5E

CC!E +S$!C0 Ne* systems

;, Systems plannin-


9/39

PURPOSE: To link individual systems projects to the strategic objectives of the firm.

!ink indi"idual proDe&ts to strate-i& o2De&ti"es of the

firm 5i-ure 4< Bp,;4


10/39

SSTE1S P!ANNIN8

P)ASE I

!e"el ; F Strate-i& systems plannin- %hy'

;, A &han-in- plan is 2etter than no plan


11/39

AuditorHs role in systemsplannin-

Audita2ilitySe&urityControls

SSTE1S P!ANNIN8

P)ASE I


12/39

Identify userHs needsPreparin- proposalsE"aluatin- proposalsPrioriti3in- indi"idual proDe&tsS&hedulin- *ork

ProDe&t Plan allo&ates resour&es to spe&ifi&proDe&t

ProDe&t Proposal 8o or not ProDe&t S&hedule represents m-mtHs

&ommitment

SSTE1S P!ANNIN8

P)ASE I

SUMMARY


13/39

PURPOSE: Effectively identify and analy!e theneeds of the users for the ne system.

Sur"ey step

$isad"anta-es:Tar pit syndromeThinkin- inside the 2o

Ad"anta-es:

Identify aspe&ts to keep 5or&in- analysts to understand the

system Isolatin- the root of pro2lem symptoms

SSTE1S ANA!SIS

P)ASE II


14/39

$ata sour&es

Users

$ata stores

Pro&esses

$ata flo*s

Controls

Transa&tion "olumes

Error rates

Resour&e &osts

6ottlene&ks

Redundantoperations

8atherin- fa&ts

SSTE1S ANA!SIS

P)ASE II


15/39

5a&t-atherin- te&hni/ues O2ser"ation Task parti&ipation

Personal inter"ie*s Re"ie*in- key do&uments

+see list. p, ;4@0

Systems analysis report 5i-ure 4= +p,;40

AuditorHs role CAATTs +e,-,. em2edded modules0

SSTE1S ANA!SIS

P)ASE II

CONCEPTUA! SSTE1S $ESI8N


16/39

PURPOSE: Develop alternative systems thatsatisfy system re"uirements identified duringsystem analysis

;, Topdo*n +stru&tured desi-n0

Bsee 5i-ure 44. p,;>J Designs general rather than specific Enough details for design to demonstrate differences Example: Figure 4-5 p! "5"


17/39

PURPOSE: #rocess that seeks to identify the optimalsolution from the alternatives;, Perform detailed feasi2ility study

Te&hni&al feasi2ility Beistin- IT or ne* IT' !e-al feasi2ility

Operational feasi2ilityDegree of compatibility beteen the firm$s e%isting procedures and personnel skills and re"uirementsof the ne system

S&hedule feasi2ility Bimplementation


18/39

ONE-TIME COSTS:

• Hardware acquisition

• Site preparation• Software acquisition

• Sste!s design

• "rogra!!ing

• Testing

• #ata con$ersion

• Training

RECURRING COSTS:

• Hardware !aintenance

• Software !aintenance• Insurance

• Supplies

• "ersonnel

• Allocated e%isting IS

SSTE1 E9A!UATION 7 SE!ECTION

P)ASE I9

'ost()enefit Analysis* 'osts


19/39

*+,./0E: In&reased re"enues

In&reased sales ineistin- markets

Epansion into ne*markets

Cost Redu&tion ; !a2or redu&tion Operatin- &ost redu&tion

Supplies o"erhead Redu&ed in"entories !ess epensi"e e/pt, Redu&ed e/pt, maint,

.,*+,./0E 1: In&reased &ustomer

satisfa&tion Impro"ed employee

satisfa&tion 1ore &urrent information Impro"ed de&ision makin- 5aster response to

&ompetitorsH a&tions

1ore effe&ti"e operations 6etter internal and eternal

&ommuni&ations Impro"ed &ontrol

en"ironment

SSTE1 E9A!UATON 7 SE!ECTION

P)ASE I9

'ost()enefit Analysis* )enefits


20/39

NP9 ; 2*a#le 4-43 Pay2a&k


21/39

PURPOSE: #roduce a detailed description of the proposed system that satisfies systemre"uirements identified during systemsanalysis and is in accordance ith conceptual

design.

User "ie*s $ata2ase ta2les

Pro&esses Controls i,e,. a set of K2lueprintsL

$ETAI!E$ $ESI8NP)ASE 9


22/39

$ETAI!E$ $ESI8N P)ASE 9

Quality Assurance

K%alkthrou-hL

(uality assuran&e


23/39

$ETAI!E$ $ESI8N P)ASE 9

Detailed Design Report

$esi-ns for input s&reens and sour&e do&uments

$esi-ns for s&reen outputs. reports. operational

do&uments

Normali3ed data2ase

$ata2ase stru&tures and dia-rams

$ata flo* dia-rams +$5$Hs0

$ata2ase models +ER. Relational0

$ata di&tionary

Pro&essin- lo-i& +flo* &harts0

SSTE1 PRO8RA11IN8 7 TESTIN8


24/39

SSTE1 PRO8RA11IN8 7 TESTIN8

P)ASE 9I

Program the Application

Pro&edural lan-ua-es E"entdri"en lan-ua-es

OO lan-ua-es Pro-rammin- the system Test the appli&ation M5i-ure 4

Testin- methodolo-y Testin- offline 2efore deployin- online Test data

+hy,

Can pro"ide "alua2le future 2enefits

SSTE1S I1P!E1ENTATION


25/39

PURPOSE: Database structures are created and populated ith

data applications are coded and tested e"uipment is purchased and installed employees are trained the systemis documented and the ne system is installed.

Testin- the entire system

$o&umentin- the system Designer and programmer documentation Operator documentation User documentation

,o(ices

Occasional users Freuent light users Freuent po6er users User hand#oo7 *utorials 8elp features


P)ASE 9II



26/39

Con"ertin- the data2ases 9alidation Re&on&iliation 6a&kup

Con"ertin- the ne* system8o li"e Auditor in"ol"ement "irtually stopsG Cold turkey &uto"er Phased &uto"er Parallel operation &uto"er


P)ASE 9II

Conversion



27/39

Re"ie*ed 2y independent team tomeasure the su&&ess of the system

Systems desi-n ade/ua&y Bsee list p, ;@J A&&ura&y of time. &ost. and 2enefitestimates Bsee list p, ;@J

AuditorHs role

%eHre 2a&kGG Pro"ide te&hni&al epertise Spe&ify do&umentation standards 9erify &ontrol ade/ua&y Eternal auditors


P)ASE 9IIPost-Implementation Review



28/39

%eHre 2a&kGG Pro"ide te&hni&al epertise

AIS: 8AAP. 8AAS. SEC. IRS

!e-al So&ial # 2eha"ioral IS#IT +if &apa2le0

Effe&ti"e and effi&ient *ays to limit appli&ationtestin-

Spe&ify do&umentation standards 9erify &ontrol ade/ua&y

COSO SAS No, @ PCAO6 Standard ; Impa&t on s&ope of eternal auditors


P)ASE 9II Auditors Role


29/39

PURPOSE: 'hanging systems toaccommodate changes in user needs

J#


30/39

"reli!inar

easi'ilit

"ro(ect

Aut)ori*ation

Sste!s

"lanning

Sste!s

Analsis

+onceptual

#esign

Sste!s

Selection

#etailed

#esign

Sste!

I!ple!entation

"ro(ect

"roposal

"ro(ect

Sc)edule

Sste!

Analsis Rpt

##

general-

.R

#iagra!Relational

Model

/or!ali*ed

#ata

easi'ilit

Stud

+ost01enefit

Analsis

Sste!

Selection Rpt

#etailed

#esign Rpt

"rogra!

lowc)arts

"ost0I!pl

Re$iew

#ocu!entationUser

Acceptance Rpt

##

#etail-


31/39

A materially flaed financial

application ill eventually corruptfinancial data hich ill then beincorrectly reported in the financial

statements. Therefore theaccuracy and integrity of the -S

directly affects the accuracy of the

client$s financial data.

CONTRO!!IN8 7 AU$ITIN8 T)E


32/39

Systems authori3ation a&ti"ities

User spe&ifi&ation a&ti"ities Te&hni&al desi-n a&ti"ities $o&umentation is e"iden&e of &ontrols $o&umentation is a &ontrolG

Internal audit parti&ipation User test and a&&eptan&e pro&edures Audit o2De&ti"es Audit pro&edures


S$!C

Controlling !ew "ystemsDevelopment



33/39

Audit o2De&ti"es 9erif' SD0% acti(ities are applied consistentl' and in

accordance 6ith managements policies

9erif' original s'stem is free from material errors andfraud

9erif' s'stem necessar' and $ustified 9erif' documentation adeuate and complete

Audit pro&edures

#ow verify "D$C activities applied consistently% #ow verify system is free from material errors and fraud% #ow verify system is necessary% #ow verify system is &ustified% #ow verify documentation is ade'uate and complete% See page "4 for a list


S$!C

Audit ()&ectives * Procedures



34/39

5our minimum &ontrols:

5ormal authori3ation Te&hni&al spe&ifi&ations Retestin-

Updatin- the do&umentation


S$!C

Controlling "ystems +aintenance



35/39

Sour&e pro-ram li2rary &ontrols +hy, +hat trying to prevent, Unauthori3ed a&&ess Unauthori3ed pro-ram &han-es SP!1S 2Figure 4-"; p! "3

SP!1S Controls

Storin- pro-rams on the SP! Retrie"in- pro-rams for maintenan&e purposes $ete&tin- o2solete pro-rams $o&umentin- pro-ram &han-es +audit trail0


S$!C

Controlling "ystems +aintenance



36/39

Pass*ord &ontrol On a spe&ifi& pro-ram

Separate test li2raries Audit trail and mana-ement reports $es&ri2in- soft*are &han-es

Pro-ram "ersion num2ers Controllin- a&&ess to maintenan&e BSP!

&ommands


S$!C

Controlled "P$ ,nvironment



37/39

Audit o2De&ti"es $ete&t any unauthori3ed pro-ram

&han-es 9erify that maintenan&e pro&edures

prote&t appli&ations from unauthori3ed&han-es

9erify appli&ations are free from materialerrors

9erify SP! are prote&ted fromunauthori3ed a&&ess


S$!C




38/39

Audit pro&edures 5i-ure 4;4. p,;@ Identify unauthori3ed &han-es

Re&on&ile pro-ram "ersion num2ers Confirm maintenan&e authori3ation

Identify appli&ation errors Re&on&ile sour&e &ode Bafter takin- a sample

Re"ie* test results Retest the pro-ram

Testin- a&&ess to li2raries Re"ie* pro-rammer authority ta2les

Test authority ta2le


S$!C



39/39

Chapter 4:Systems Development &

Maintenance Activities

Ch04_Systm Develop & Maintennce-1

Documents

Transcript of Ch04_Systm Develop & Maintennce-1