Chapter 5 Part 2 Flashcards
Purpose is to produce a detailed description of the proposed
system that both satisfies the system requirements identified
during systems analysis and is in accordance with the
conceptual design.
PHASE 5: Detailed Design
• independent one made up of programmers,
analysts, users, and internal auditors.
• Job is to simulate the operation of the system to
uncover errors, omissions, and ambiguities in the
design.
Quality assurance group
Select a programming language from among the various
languages available and suitable to the application
PHASE 6: Application Programming and Testing
• requires the programmer to specify the precise
order in which the program logic is executed.
• often called third-generation languages (3GLs)
– FORTRAN, C, and PL1.
A. Procedural Language (e.g. COBOL)
• no longer procedural.
• the program’s code is not executed in a
predefined sequence.
• external actions or “events” that are initiated by
the user dictate the control flow of the program.
B. Event-driven languages (e.g. Visual Basic)
Central to achieving the benefits of the object-
oriented approach.
C. Object-Oriented Languages. (e.g. Java or C++)
Three (3) Benefits of Program system
- Programming efficiency
- Maintenance efficiency
- Control.
Database structures are created and populated with data,
equipment is purchased and installed, employees are
trained, the system is documented, and the new system is
installed.
PHASE 7: System Implementation
• When all modules have been coded and tested,
they must be brought together and tested as a
whole
Testing the Entire System
• provides the auditor with essential information about
how the system works.
Documenting the System
Requirements in documenting the system
- Designer and Programmer Documentation
- Operator Documentation
- User Documentation
- User Handbook
- Tutorials
- Help Features
to debug errors and perform maintenance on
the system.
Designer and Programmer Documentation
Computer operators use documentation called
a run manual, which describes how to run the
system.
Operator Documentation
describing how to use the system.
User Documentation
user documentation often takes the form of a
user handbook, as well as online
documentation.
User Handbook
Online tutorials can be used to train the novice
or the occasional user.
Tutorials
Online help features range from simple to
sophisticated.
- Simple help feature (an error message
displayed on the screen)
- Sophisticated help feature (context-related)
Help Features
User’s Skill Level:
- Novices
- Occasional users
- Frequent light users
- Frequent power users
The process of converting from the old system to the new
one is called the
Cutover
Three (3) Approaches of cutover
- Cold Turkey Cutover (“Big Bang” approach)
- Phased Cutover
- Parallel Operation Cutover
firm switches to the new system and
simultaneously terminate the old system.
- often the easiest and least costly approach.
Cold Turkey Cutover (“Big Bang” approach)
By phasing in the new system in modules, we
reduce the risk of a devastating system failure.
- However, the phased approach can create
incompatibilities between new subsyst
Phased Cutover
involves running the old system and the new system simultaneously for a period of time.
Parallel Operation Cutover
The physical features of the system should be reviewed
to see if they meet user needs.
Systems Design Adequacy.
• A formal process by which application programs
undergo changes to accommodate changes in
user needs.
• Maintenance represents a significant resource
outlay compared to initial development costs.
PHASE 8 : Systems Maintenance
All systems must be properly authorized to ensure their economic justification and feasibility.
Systems Authorization Activities
Users must be actively involved in the systems development process.
User Specification Activities
translate the user specifications into a set of detailed technical specifications of a system that meets the user’s needs.
Technical Design Activities
The internal auditor plays an important role in the control of systems development activities, particularly in organizations whose users lack technical expertise.
Internal Audit Participation
Just before implementation, the individual
modules of the system must be tested as a
unified whole.
User Test and Acceptance Procedures
Access to systems for maintenance purposes
increases the possibility of systems errors.
- Logic may be corrupted either by the
accidental introduction of errors or intentional
acts to defraud.
Maintenance Authorization, Testing, and
Documentation
In spite of the preceding maintenance
procedures, application integrity can be
jeopardized by individuals who gain
unauthorized access to programs.
Source Program Library (SPL) Controls
THE WORST-CASE SITUATION: NO CONTROLS
Two (2) Serious Forms of Exposure:
- Access to programs is completely unrestricted
- Because of these control weaknesses, programs are
subject to unauthorized changes.
Assigning passwords provides one form of
access control over the SPL.
Password Control.
programs are copied into the programmer’s
library for maintenance and testing.
Separate Test Libraries
An important feature of SPL management
software is the creation of reports that enhance
management control and the audit function.
Audit Trail and Management Reports
The SPLMS assigns a version number
automatically to each program stored on the
SPL.
Program Version Numbers
SPL management systems use powerful
maintenance commands to alter or eliminate
program passwords, alter the program version
(modification) number, and temporarily modify
a program without generating a record of the
modification.
Controlling Access to Maintenance Commands
Audit Procedures Related to System Maintenance
- Identify Unauthorized Changes
- Identify Application Errors
- Test Access to Libraries
