Group 6 - IT Deployment Risks Part 3

IT
Deployment
Risks
6 Implementing
Software
Applications
Shania Joyce Gonzales
Ma. Terrisa Kate Bueno
Controlling and
Auditing the
System
Development
Erica Viola Toreja
Donna Jane Delmiguez
April Mae Mapute
Maria Lara Rhodora Cruz
Controlling New Systems
Development
4
Controlling Systems
Maintenance
5
Systems
Maintenance
-the longest period in the SDLC
6
The Controlling Systems
Maintenance
RISKS CONTROLS
 Uncontrolled program changes  Maintenance Authorization,

Testing, and Documentation
- can increase a firm’s
exposure to FS due to  Source Program Library
Controls
• programming errors
• program fraud
7
Maintenance Authorization,
RISKS CONTROLS
 The benefits achieved from  To minimize the potential

controlling new system exposure, all maintenance
development can be quickly actions should require, as a
lost during system minimum, four controls:
maintenance if control does • formal authorization
not continue into that phase.
• technical specification of
 System errors the changes
 Logic may be corrupted either • retesting the system
by
• updating the
• the accidental introduction of documentation.
errors or
• intentional acts to defraud. 8
Maintenance Authorization,
RISKS CONTROLS
 When maintenance  Additional controls, such as

causes extensive changes • involvement by the
to program logic internal auditor and
• the implementation
of user test and
acceptance
procedures, may be
necessary
9
Source Program Library Controls
RISKS CONTROLS
 In spite of the preceding  SPL controls thru SPL

maintenance procedures, management system
application integrity can (SPLMS).
be jeopardized by:  Source Program Library
 Unauthorized access (SPL)
￮ Is a magnetic disks
 Unauthorized where application
program changes program source
code is stored
￮ Is used in larger
computer systems.
10
11
A Controlled SPL
Environment
- To control the SPL,
protective features and
procedures must be
explicitly addressed, and
this requires the
implementation of an SPL
management system
(SPLMS).
12
A Controlled SPL Environment
The black box surrounding the SPL signifies the
SPLMS. This software is used to control four
routine but critical functions:
(1) storing programs on the SPL
(2) retrieving programs for maintenance
purposes
(3) deleting obsolete programs from the
library
(4) documenting program changes to
provide an audit trail of the changes.
13
 You may have recognized the similarities between the SPL
management system and a database management
system.
 This is a valid analogy, the difference being that SPL
software manages program files and DBMSs manage
data files.
 SPLMSs may be supplied by the computer manufacturer
as part of the OS or may be purchased through software
vendors.
 Some organizations, to provide special control features,
develop their own SPL software.
14
 The mere presence of an SPLMS does not
guarantee program integrity.
 Again, we can draw an analogy with the DBMS.
To achieve data integrity, the DBMS must be
properly used; control does not come
automatically, it must be planned.
 Likewise, an SPL requires specific planning and
control techniques to ensure program
integrity.
15
Audit Procedures Related
to System Maintenance
16
 Identify Unauthorized Changes
 Examine audit trail of program
changes
 Confirm that authorization
procedures were followed
• Reconcile program version
numbers
• Confirm maintenance
authorization
17
 Identify Application Errors
 Determine that programs are free
from material errors
• Reconcile the source code
• Review test results
• Retest the program
18
Reconcile the source code
 Purpose: To identify irregularities that

indicate errors, omissions, and
potentially fraudulent programming
code.
 The auditor should
 select a sample of applications
and
 reconcile each program change
with the appropriate authorization
documents.
19
Reconcile the source code
 Each application’s permanent file should

contain the
 current program listing and
 listings of all changes made to the
application.
 Program change authorization
document
 used to state the nature of the
program change
20
21
Review test results
 Purpose: To establish that testing was
sufficiently rigorous to identify any
errors, the auditor should review test
results for each significant program
change.
 Every program change should be
thoroughly tested before being
implemented.
 Program test procedures should be
properly documented (which support
the programmer’s decision to
implement the change) by:
• test objectives
• test data 22
• processing results
23
Retest the program
 Purpose: To confirm its integrity,

the auditor can retest the
application.
24
 Test Access to Libraries
 Review programmer
authority tables
 Test authority table
25
Review programmer authority tables
 Purpose: To ensure that no

irregularities exist, these
authorizations should be matched
against the programmer’s
maintenance authority.
 Programmer’s authority table
- will specify the libraries a
programmer may access
26
 Test Access to Libraries
 Review programmer
authority tables
 Test authority table
27
Test authority table
 The auditor should simulate the

programmer’s access privileges
and then violate the authorization
rules by attempting to access
unauthorized libraries.
28
In two or three
columns
Yellow Blue Red
Is the color of Is the colour of the Is the color of
gold, butter and clear sky and the blood, and
ripe lemons. In the deep sea. It is because of this it
spectrum of located between has historically
visible light, yellow violet and green been associated
is found between on the optical with sacrifice,
green and orange. spectrum. danger and
courage.
29
A picture is worth
a thousand words
A complex idea can be conveyed
with just a single still image, namely
making it possible to absorb large
amounts of data quickly.
30
Want big impact?
Use big image.
31
Lorem
ipsum
Use
diagrams to
explain your Lorem ipsum
congue
ideas Lorem Lorem

ipsum ipsum
32
And tables to
compare data
A B C
Yellow 10 20 7
Blue 30 15 10
Orange 5 24 16
33
Maps
our
office
34
89,526,124
Whoa! That’s a big number, aren’t you proud?
35
89,526,124$
That’s a lot of money
185,244 users
And a lot of users
100%
Total success!
36
Our process
is easy
1 2 3
37
Let’s review some
concepts
Yellow Blue Red
Is the color of Is the colour of Is the color of
gold, butter and the clear sky and blood, danger
ripe lemons. the deep sea. and courage.
Yellow Blue Red

Is the color of Is the colour of Is the color of
gold, butter and the clear sky and blood, danger
ripe lemons. the deep sea. and courage.
38
You can insert graphs from Google Sheets 39
Mobile Place your screenshot here
Show and explain your
web, app or software
project
projects using these
gadget templates.
40
Tablet Place your screenshot here
Show and explain your
project
gadget templates.
41
Desktop Place your screenshot here Show and explain your
project
gadget templates.
42
Thanks!
Any questions?
You can find me at
￮ @username
￮ user@mail.me
43
Credits
Special thanks to all the people who
made and released these awesome
resources for free:
￮ Presentation template by
SlidesCarnival
￮ Photographs by Unsplash
44
Presentation design
This presentation uses the following typographies:
￮ Titles: Poppins Bold
￮ Body copy: Poppins Light
You can download the fonts at:
https://www.fontsquirrel.com/fonts/poppins
You don’t need to keep this slide in your presentation. It’s

only here to serve you as a design guide if you need to
create new slides or download the fonts to edit the
presentation in PowerPoint® 45
SlidesCarnival icons are editable shapes.
This means that you can:

● Resize them without losing quality.
● Change line color, width and style.
Isn’t that nice? :)
Examples:
46
😉
Now you can use any emoji as an icon!
And of course it resizes without losing quality and you can change the
color.
How? Follow Google instructions

https://twitter.com/googledocs/status/730087240156643328
✋👆👉👍👤👦👧👨👩👪💃🏃💑❤😂
😉😋😒😭👶😸🐟🍒🍔💣📌📖🔨🎃🎈
🎨🏈🏰🌏🔌🔑 and many more...
47

Group 6 - IT Deployment Risks Part 3

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Group 6 - IT Deployment Risks Part 3

Hochgeladen von

Copyright:

Verfügbare Formate

IT

 Uncontrolled program changes  Maintenance Authorization,

 The benefits achieved from  To minimize the potential

 When maintenance  Additional controls, such as

 In spite of the preceding  SPL controls thru SPL

 Purpose: To identify irregularities that

 Each application’s permanent file should

 Purpose: To confirm its integrity,

 Purpose: To ensure that no

 The auditor should simulate the

ideas Lorem Lorem

Yellow Blue Red

You don’t need to keep this slide in your presentation. It’s

This means that you can:

Isn’t that nice? :)

How? Follow Google instructions

Das könnte Ihnen auch gefallen