Published on

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. CHAPTER 4 : <ul><li>DEVELOPMENT </li></ul><ul><li>AND </li></ul><ul><li>SYSTEM MAINTENANCE ACTIVITY </li></ul>
  2. 2. Objective : <ul><li>To understand the role of auditors in the SDLC </li></ul><ul><li>To understand how control and audit been done in SDLC </li></ul><ul><li>Have the skills with many kind of system documentations and the reason each one been develop </li></ul>
  3. 3. Individuals in the system developments <ul><li>3 type of competitors : </li></ul><ul><ul><li>Professional systems – System analyst ,system engineer and programmer </li></ul></ul><ul><ul><li>End users – Many users from all over the organizations level including the manager, operation staff , accountant and internal auditors </li></ul></ul><ul><ul><li>Stakeholders – Individuals either inside or outside the organizations that have an interest on the systems (not the end user), including accountant, internal and external auditors and the internal committee that supervise the systems development </li></ul></ul>
  4. 4. Individual in the systems development <ul><li>The involving of accountant and auditors are based on two reasons : </li></ul><ul><ul><li>Producing the information systems need a meaningful financial transaction </li></ul></ul><ul><ul><li>Product (Financial information systems - SMP) that been produced by SDLC must have the quality. They to ensure the quality of the processes that produce SMP </li></ul></ul>
  5. 5. Individual in the systems development <ul><li>How is the commitment of the accountant in the SDLC? </li></ul><ul><ul><li>Accountant are user </li></ul></ul><ul><ul><li>Accountant are one of the development group member </li></ul></ul><ul><ul><li>Accountant are auditors </li></ul></ul>
  6. 6. SDLC Plan Analysis Conceptual design Detail design Selections Execute Project & timetable proposal System analyst report All kind of Conceptual design Systems Selection report Detail design systems Full Systems documentations The required documentations Maintenance New systems development
  7. 7. SDLC <ul><li>Objective and SDLC activity/phase sequence are logic and are acceptable by the expert </li></ul><ul><li>The number of SDLC steps from the perspective of auditing are not important even there are a person that come up with the SDLC model that have 4 till 14 activity/phase </li></ul><ul><li>What is important according to auditing are the material and the producing of stabilized application through the process yang </li></ul><ul><li>Based on the figure, there are 7 steps in two main phases :New system development/proposed systems and maintenance </li></ul>
  8. 8. SDLC – Phase & Objective <ul><li>Systems strategies </li></ul><ul><ul><li>Objective : To make a link between a system project/applications with the strategic organization objective </li></ul></ul><ul><li>Systems analysis </li></ul><ul><ul><li>Objective : to study the current systems and analyst the users necessity </li></ul></ul><ul><li>System design (Conceptual level) </li></ul><ul><ul><li>Objective : to create a few of conceptual system design alternative that full fill the necessity of current systems analyst phase </li></ul></ul>
  9. 9. SDLC – Phase & objective <ul><li>Evaluation and choosing systems </li></ul><ul><ul><li>Objective: chose a system (optimizing process) from alternative conceptual design set that will be fully describe in detailed design phase </li></ul></ul><ul><li>Detailed design (Logical level) </li></ul><ul><ul><li>Objective: to make a detail description for a support systems that full fill the systems requirement (that been identified in the systems analyst phase) and with the suitability with conceptual design phase </li></ul></ul>
  10. 10. SDLC – Phase & Objective <ul><li>Systems execute </li></ul><ul><ul><li>Objective: To produce a database structure and data ,coded and application ,buying and assemble devices ,training the worker ,systems documentation and assemble new systems </li></ul></ul>
  11. 11. SDLC – Systems strategy <ul><li>The role of auditors in the systems strategy : </li></ul><ul><ul><li>Evaluate systems strategy. </li></ul></ul><ul><ul><li>History proven that a cautious systems strategy are a cost-effective control technique in the systems development/propose systems </li></ul></ul><ul><ul><li>A full commitment strategy will lower the risk of the produce of a systems that is not necessary , not wanted, not effective and not efficient </li></ul></ul><ul><ul><li>Internal and external auditors interested in making sure that the fully systems strategy are done </li></ul></ul>
  12. 12. SDLC – Systems analysis <ul><li>The role of auditors in systems analysis: </li></ul><ul><ul><li>Auditors firm (either internal or external) are the stakeholder in the systems development/new proposed systems </li></ul></ul><ul><ul><li>Auditing criteria that is complex are usually difficult to be added in the existing systems. </li></ul></ul><ul><ul><li>Therefore the auditors must involved in the analysis necessity for the systems development/new proposed systems </li></ul></ul><ul><ul><ul><li>To make sure is there a room to to bring in the complex auditing criteria </li></ul></ul></ul><ul><ul><ul><li>Which criteria is most suitable to put in </li></ul></ul></ul>
  13. 13. SDLC – Systems design (Conceptual level) <ul><li>The role of auditors in the systems design (Conceptual level): </li></ul><ul><ul><li>Systems audit ability depend to the designs characteristic </li></ul></ul><ul><ul><li>Therefore the special audit characteristic that is in the systems have to be structured </li></ul></ul>
  14. 14. SDLC – Evaluation and selecting the systems <ul><li>The auditors role in the evaluation and selecting the systems: </li></ul><ul><ul><li>Economy effect on the proposed systems are measured accurately </li></ul></ul><ul><ul><li>In general , this matter must be identified: </li></ul></ul><ul><ul><ul><li>Only a escapable cost used in the calculation of savings dividend cost </li></ul></ul></ul><ul><ul><ul><li>Reasonable dividends rate are used in evaluating the value of current cash flow </li></ul></ul></ul><ul><ul><ul><li>One time cost and repeat are finish and reported correctly </li></ul></ul></ul><ul><ul><ul><li>Lives that are useful are used in comparing the potential project </li></ul></ul></ul><ul><ul><ul><li>Intangible benefit that are reasonable are fix through financial values </li></ul></ul></ul>
  15. 15. SDLC – Systems execute <ul><li>The role of auditors in the systems execute: </li></ul><ul><ul><li>Provide a technical specialty l: </li></ul></ul><ul><ul><li>A specific design phase that involving procedure,rules and convention specifications that have been used in the systems. </li></ul></ul><ul><ul><li>To determine the documentations standard : </li></ul></ul><ul><ul><li>In the implementations phase , the auditors are responsible to determine the systems documentations . Financial systems needs to be documented to encourage the standard documentations </li></ul></ul><ul><ul><li>To determine enough control: </li></ul></ul><ul><ul><li>The applications that exist from SDLC must have control according to the SAS 78.It needs the auditors participant in the designing and implementations.Both program even manual procedures must be control </li></ul></ul>
  16. 16. <ul><li>After the systems have been implemented, it will enter the next phase that is maintenance. </li></ul><ul><li>Maintenance phase includes the system changes to get along with the changes in the users need. </li></ul><ul><li>Sometimes the changes are unimportant like the system modification to produce a new report or change the data field. </li></ul><ul><li>Maintenance too can be extended for example a drastic changes to the logic applications and users interface. </li></ul><ul><li>The maintenance period can last for about 10 years ,depends to the organizations. </li></ul><ul><li>A new systems development will be carry out if the old systems is not worth to maintain it. </li></ul>SDLC – Systems maintenance
  17. 17. Control & auditing SDLC <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Involving six activities: </li></ul></ul><ul><ul><li>Systems enforcement activity </li></ul></ul><ul><ul><li>Users specification activity </li></ul></ul><ul><ul><li>Technical design activity </li></ul></ul><ul><ul><li>The involves of internal auditing </li></ul></ul><ul><ul><li>Program testing </li></ul></ul><ul><ul><li>Users and receiving procedures testing </li></ul></ul>
  18. 18. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Systems enforcement activity </li></ul></ul><ul><ul><li>All systems will be well enforced to confirm the systems justification and kesaurann economy for the systems. </li></ul></ul><ul><ul><li>Like for all the transactions material, information systems development enforcement must be the formal steps in the process. </li></ul></ul><ul><ul><li>This needs all the new proposed systems need to be send in the form of report by the users to the professional systems that have the specialty and power to evaluate and approve/reject the proposal. </li></ul></ul>Control & auditing SDLC
  19. 19. <ul><li>Controls to the new systems development: </li></ul><ul><ul><li>Users specifications activity </li></ul></ul><ul><ul><li>User needs to actively involved in the systems development process. </li></ul></ul><ul><ul><li>User needs to provide full description writing about the logical needs that needs to be fill by the systems. </li></ul></ul><ul><ul><li>Users documentations specification preparation must involve the cooperation between users and professional systems. </li></ul></ul><ul><ul><li>However the document will be eternal as long the users need statement about the appeared problem </li></ul></ul>Control & auditing SDLC
  20. 20. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Technical design activity </li></ul></ul><ul><ul><ul><li>This activity translate the users specifications to a set of detail technical specifications systems that fulfill the users need. </li></ul></ul></ul><ul><ul><ul><li>This activity scoop covered the systems analyst, general systems design, probability analyst and detail systems design. </li></ul></ul></ul><ul><ul><ul><li>The activity adequacy measured from the documentations quality that have received from time to time. </li></ul></ul></ul><ul><ul><ul><li>Documentations are the control and a prove of control and it is critical to the systems long term success. </li></ul></ul></ul>Control & auditing SDLC
  21. 21. <ul><li>Control on the new systems development : </li></ul><ul><ul><li>The involves of internal auditors </li></ul></ul><ul><ul><li>Internal auditors are the middle man for the users and professional systems for making sure an effective data transferring. </li></ul></ul><ul><ul><li>Internal auditors group can give the valuable contribute to all the aspect in the SDLC process. </li></ul></ul><ul><ul><li>Auditors will involved in the beginning process to make a conceptual propose based on the control and the systems necessity. </li></ul></ul><ul><ul><li>Auditors will involved in all of the development process phase till the maintenance phase. </li></ul></ul>Control & auditing SDLC
  22. 22. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Program testing </li></ul></ul><ul><ul><li>All the program module need to be tested first before it be implemented. </li></ul></ul><ul><ul><li>Figure 4-9 shows the program testing procedure that involving the main hypothetical fail creation and transaction fail that been processed by the module that been tested. </li></ul></ul><ul><ul><li>The result will be compared with the estimate result to identified the logic error and program. </li></ul></ul>Control & auditing SDLC
  23. 23. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Program testing </li></ul></ul><ul><ul><li>To make it more easier the future testing, examinations data provided when the implementations phase needs to be preserved for recycle. </li></ul></ul><ul><ul><li>This will give the auditors a reference to design and evaluate the audit testing in the future. </li></ul></ul><ul><ul><li>With the basic comparing auditors can determine the code integrity fast. </li></ul></ul><ul><ul><li>If a changing happened, the original examine data can be the prove about the changes and then auditors can give full focus only on that area. </li></ul></ul>Control & auditing SDLC
  24. 24. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Users examine and receiving procedure </li></ul></ul><ul><ul><li>Before the implementations process been done the individuals systems modules will be tested </li></ul></ul><ul><ul><li>A group of examiners from personal users, professional systems and internal auditors that will be examine systems intensively. </li></ul></ul><ul><ul><li>After satisfied with the systems. The systems will be accept formally of the users department. </li></ul></ul><ul><ul><li>The formal examinations and the system acceptance by the users wll be considered by a number of auditors to make it the most important control on the SDLC. </li></ul></ul><ul><ul><li>This is a final step where users can determine that the systems can fulfill the necessity. </li></ul></ul><ul><ul><li>The users acceptance in the new system need to be documented formally. </li></ul></ul>Control & auditing SDLC
  25. 25. <ul><li>Control on the new systems development: Audit objective : </li></ul><ul><ul><li>SDLC activity have been used consistently and based on administration policy. </li></ul></ul><ul><ul><li>Systems that have been implemented free from errors and deceptions. </li></ul></ul><ul><ul><li>Systems must be attached and reasonable in the checkpoints in the SDLC. </li></ul></ul><ul><ul><li>Systems documentation are accurate and complete to give audit amenity and maintenance activities. </li></ul></ul>Control & auditing SDLC
  26. 26. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Audit procedure: </li></ul></ul><ul><ul><li>Auditor must chose a sample of full project and restudied the documentation as a prove it followed the SDLC policy. </li></ul></ul><ul><ul><li>The observation details must have a few aspect that determine: </li></ul></ul><ul><ul><li>Users and computer maintenance administrations well manages the project . </li></ul></ul><ul><ul><li>Analysis on the early kesauran shows that project have a good benefit. </li></ul></ul><ul><ul><li>A detailed analysis on the users necessity been conducted to get the result in the alternative general form. </li></ul></ul>Control & auditing SDLC
  27. 27. <ul><li>Control on the new systems development: </li></ul><ul><ul><li>Audit procedure : </li></ul></ul><ul><ul><li>Low-cost analysis must be done using the accurate and suitable number. </li></ul></ul><ul><ul><li>Project documentations shows the detail design are the solutions to users problem. </li></ul></ul><ul><ul><li>Result shows the examined systems on the individual module and full systems before implementations. </li></ul></ul><ul><ul><li>There is a specific checklist problems that been found in the exchange process with the evidence that the problem have been solve in the maintenance phase. </li></ul></ul><ul><ul><li>Systems documentations must follow the standard and the organizations requirement. </li></ul></ul>Control & auditing SDLC
  28. 28. <ul><li>Systems maintenance control </li></ul><ul><li>Enforcement and maintenance ,examinations and documentations </li></ul><ul><ul><li>The benefits from the new administrators control will disappear instantly when the maintenance systems been done if it not continuously until the phase. </li></ul></ul><ul><ul><li>The access to the systems are for maintenance purpose and will higher the possibility systems error. </li></ul></ul><ul><ul><li>To evade the possibility ,all the maintenance actions must have minimum of 4 controls; formal enforcement , technical specifications on the change, systems retesting and documentations update. </li></ul></ul>Control & auditing SDLC
  29. 29. <ul><li>Systems maintenance systems </li></ul><ul><li>Maintenance, examinations and documentations enforcements </li></ul><ul><ul><li>The size of changes and its potential impact towards the systems will control the degree of control. </li></ul></ul><ul><ul><li>When the maintenance affect the size of changes of the logic program,additional control like the participation of the auditors and the conducting of the users examination and receiving procedures are needed </li></ul></ul>Control & auditing SDLC
  30. 30. <ul><li>Systems maintenance control </li></ul><ul><li>Library source program control </li></ul><ul><ul><li>The applications integration will be affect by an individual that have the illegal access to the program </li></ul></ul><ul><ul><li>In the huge computer systems, applications program source code saved in the magnetic disk called Library Source Codes (LSC) refer figure 4-10 . </li></ul></ul><ul><ul><li>To conduct the applications production, it must fist be compiled and linked to create a load module that can be processed by the computer. </li></ul></ul><ul><ul><li>Load module are free and save from any illegal changing </li></ul></ul>Control & auditing SDLC
  31. 31. <ul><li>Systems maintenance control </li></ul><ul><li>Library source code control </li></ul><ul><ul><li>Program changing (enforcement maintenance and illegal changes) can be access with making the changes with the source code that been save in the LCS and the compiled it back and link it with the program to produce a new load module that attached the changes code. </li></ul></ul><ul><ul><li>Therefore LCS are a sensitive area that’s need to be well control to be taken care of and to preserve the applications integrity. </li></ul></ul>Control & auditing SDLC
  32. 32. <ul><li>Control maintenance systems </li></ul><ul><li>The worst situations – no control </li></ul><ul><ul><li>Figure 4-10 shows the ASP without control. </li></ul></ul><ul><ul><li>This sequence have a potential to create two kind of exposures that is: </li></ul></ul><ul><ul><li>Unlimited access to the systems .Programmer and other user can access any of the program that have been stored in the library and no preparation to detect any intrusions. </li></ul></ul>Control & Auditing SDLC
  33. 33. <ul><li>Systems maintenance control </li></ul><ul><li>The worst situations – no control </li></ul><ul><li>Because of the weakness , the program is bound to the illegal changes. Therefore, there is no basic in depend on the effectiveness of the control ( maintenance enforcement , program testing and documentations). </li></ul><ul><li>The control always conflicted with the effectiveness and operations flexibility. </li></ul><ul><li>Professional systems and auditors must must understand the exposure that exist when the control characteristics not enclosed to access the received control-flexibility trade off between the both need. </li></ul>Control & auditing SDLC
  34. 34. <ul><li>Systems maintenance control </li></ul><ul><li>Controlled LCS environment: </li></ul><ul><ul><li>To control the LCS , the characteristics and security procedures must be enclosed and it needs the LCS management systems (MSLCS) implement . Figure 4-11 are the example of this technique. </li></ul></ul><ul><ul><li>The software used to control 4 routine critical functions: </li></ul></ul><ul><ul><li>Save the program in the LCS. </li></ul></ul><ul><ul><li>To get back the program for maintenance purpose </li></ul></ul><ul><ul><li>To delete the old program in the library. </li></ul></ul><ul><ul><li>Documentations the program changes to provide an audit trace for the changes . </li></ul></ul>Control & auditing SDLC
  35. 35. <ul><li>Maintenance systems control </li></ul><ul><li>Controlled LCS environment: </li></ul><ul><ul><li>LCS needs the specific strategy and control technique to confirm the program integrity. The techniques are: </li></ul></ul><ul><ul><li>Password. </li></ul></ul><ul><ul><ul><li>It is a form of access control on the LCS that is quite similar with the password control that been used in the DBMS to protect the fail . </li></ul></ul></ul>Control & auditing SDLC
  36. 36. <ul><li>Systems maintenance control </li></ul><ul><li>Controlled LCS environment : </li></ul><ul><ul><li>Separate library testing. </li></ul></ul><ul><ul><li>Refer figure 4-11. Program copied in the program library for maintenance and testing . Direct access to the LCS production are to the authentic group members only that approved all the request, editing, delete and copy the program. Password to the program access can be often change and it exposed to the basic knowledge only. </li></ul></ul><ul><ul><li>The name to introduce a program either it is a test program or productions.When a program copied from the LCS productions into the program library it will be named ‘test’ for temporary and when it goes back to the LCS its name will be changed back to the original productions name. </li></ul></ul>Control & auditing SDLC
  37. 37. <ul><li>Systems maintenance control </li></ul><ul><li>Controlled LCS environment: </li></ul><ul><ul><li>Audit trace & management reports. </li></ul></ul><ul><ul><li>The important criteria for the LCS management software that increased the management control capability and audit functions. </li></ul></ul><ul><ul><li>Modified report program are the most useful here where it describe in detail all the program changes( adding & deleting) for each module. </li></ul></ul><ul><ul><li>Editing report must be a part from the documentations fail for each applications to create an audit trace program changes on the applications life cycle. </li></ul></ul><ul><ul><li>When auditing , the report must attached with the maintenance program request to confirm the request changes and only the legal one will be implement. This report can be produce as a hard copy /disk and can be controlled by the password. </li></ul></ul>Control & auditing SDLC
  38. 38. <ul><li>Systems maintenance control </li></ul><ul><li>Controlled LCS environment: </li></ul><ul><ul><li>Program version number. </li></ul></ul><ul><ul><li>MSLCS gives the version number automatically for each stored program. When the program paled first time in the library (when implementation in progress) the version number = 0 will been given to the program .With every modifications on the program version number will be added once a time. </li></ul></ul><ul><ul><li>This characteristic will be combined with the audit trace report that will produce the prove to identified the illegal changes to the program modules.this illegal changes will be mark with the version number to the production load module that cannot be suit with enforcement changed number. </li></ul></ul>Control & auditing SDLC
  39. 39. <ul><li>Systems maintenance control </li></ul><ul><li>Controlled LCS environment: </li></ul><ul><ul><li>Program version number. </li></ul></ul><ul><ul><li>For example if there is 10 changes verified but the production program showed 12 versions then one of the 2 possibility describe this differential i: </li></ul></ul><ul><ul><ul><li>Enforcement changed that not supported by the documentations exist. </li></ul></ul></ul><ul><ul><ul><li>Illegal changes been made on the program which will increase version number. </li></ul></ul></ul>Control & auditing SDLC
  40. 40. <ul><li>Systems maintenance control </li></ul><ul><li>Controlled LCS environment : </li></ul><ul><ul><li>Access control on the maintenance command. </li></ul></ul><ul><ul><li>SPL management systems used the maintenance command to change or delete program password , change program version number (modification) and editing program temporarily with generating a modifications record. </li></ul></ul><ul><ul><li>There is a technical reason to the commands needs , however if the command lost control , maintenance command will cause illegal program modification to happen. Access to the maintenance command need to be control with the password and the right to control the enforcement manage by the administrations or the security. </li></ul></ul>Control & auditing SDLC
  41. 41. <ul><li>Systems maintenance control </li></ul><ul><li>Audit objective: </li></ul><ul><ul><li>To detect the illegal (that will cause a process error and cheating) and to determine : </li></ul></ul><ul><ul><ul><li>Maintenance procedure to protect the applications from any illegal modifications. </li></ul></ul></ul><ul><ul><ul><li>Applications is free from ‘material’ error. </li></ul></ul></ul><ul><ul><ul><li>Program library are protected against any illegal access. </li></ul></ul></ul><ul><ul><li>Checking will be carry out with focusing to the testing on the suitable control to get every objective. Assumption, using the LCS software to control the program maintenance </li></ul></ul>Control & auditing SDLC
  42. 42. <ul><li>Systems maintenance control </li></ul><ul><li>Audit procedures : to determine the illegal changes </li></ul><ul><ul><li>Auditors must check the audit trace on the program changes that is been repaired. This can be ensure doing a control testing like: </li></ul></ul><ul><ul><li>Program version number adaptations : </li></ul></ul><ul><ul><li>Permanent applications fail must contain the suitable enforcement document program modifications with the version number when productions application in progress.Every number of differential between version number with the support document shows that an illegal changes have been done. </li></ul></ul>Control & auditing SDLC
  43. 43. <ul><li>Systems maintenance </li></ul><ul><li>Audit procedure : to determine the illegal changes </li></ul><ul><ul><li>Maintenance enforcement confirmation </li></ul></ul><ul><ul><li>Maintenance enforcement program document must indicate the request changes and the date of changes been done. Needs to be mark and approved by the computer service management and users department. </li></ul></ul><ul><ul><li>Auditors need to verify the facts in the enforcement maintenance and determine about the enforcement from the involved manager. </li></ul></ul>Control & auditing DLC
  44. 44. <ul><li>Systems maintenance control </li></ul><ul><li>Audit procedures: determine the applications error </li></ul><ul><ul><li>Auditors can determine the program are free from material error by conducting this three type of control:: </li></ul></ul><ul><ul><li>Source code adaptations </li></ul></ul><ul><ul><li>Every permanent fail must contain the current program list and the changes list that been made on the applications. </li></ul></ul><ul><ul><li>This document describe detailed about the applications maintenance history. Every changes need to be recorded (program changes enforcement document). </li></ul></ul>Control & auditing SDLC
  45. 45. <ul><li>Systems maintenance control </li></ul><ul><li>Audit procedure: determine the applications error </li></ul><ul><ul><li>Source code adaptations </li></ul></ul><ul><ul><li>Auditors need to choose a sample of applications & adjust every changes with the suitable enforcement document. The modular approach to the systems design give a lots of services to this testing technique.The reduce of complexity towards the module increased the auditors capability to determine the awkward that marks the error , disregarding and fake program code. </li></ul></ul><ul><ul><li>Rechecking on the testing result </li></ul></ul><ul><ul><li>Every program changing need to be tested before implementations . </li></ul></ul>Control & auditing SDLC
  46. 46. <ul><li>Systems maintenance control </li></ul><ul><li>Audit procedure: determine the applications error </li></ul><ul><ul><li>Rechecking the test result </li></ul></ul><ul><ul><li>Program testing procedure needs to be well documented by the testing objective ,examine data and the process result hat will support the programmer decisions to implement the changes. </li></ul></ul><ul><ul><li>Auditors need to restudied the record for every program changes to prove the test are neat to detect any error. </li></ul></ul><ul><ul><li>Program retesting </li></ul></ul><ul><ul><li>Auditors can retest the applications to determine its integrity .The technique will be discuss in chapter 6 </li></ul></ul>Control & auditing SDLC
  47. 47. <ul><li>Systems maintenance control </li></ul><ul><li>Audit procedure: test the access to the library </li></ul><ul><ul><li>Auditor need to strengthen the library program and private library protected by any illegal access trough: </li></ul></ul><ul><ul><li>Restudied the programmer enforcement table </li></ul></ul><ul><ul><li>Auditors can chose a sample of programmer and restudied their access. </li></ul></ul><ul><ul><li>Programmer enforcement table will determine the library that can be access by the programmer. This enforcement must suit the programmer maintenance enforcement to determine the uncertainty. </li></ul></ul>Control & auditing SDLC
  48. 48. <ul><li>Systems maintenance control </li></ul><ul><li>Audit procedure : testing the access on the library </li></ul><ul><ul><li>Enforcement table testing </li></ul></ul><ul><ul><li>Auditors should be the same like the programmer access privilege and then disturb the enforcement rule by trying to access the library illegally. </li></ul></ul><ul><ul><li>Every attempt will be denied by the operation systems </li></ul></ul>Control & auditing SDLC