Information Technology Reference
In-Depth Information
might also include various categories of output such as read only, ability to read and write,
access to summarised or detailed output, and many other ways of accessing information.
Processing controls are also included in order to ensure that data is processed according to
defined requirements. There are various types of processing controls which need to be in-
cluded in the system based on existing or proposed business processes.
Storage controls relate to controls on how data is stored and accessed. Databases normally
have several inbuilt data storage controls. Other controls regarding data storage devices are
environmental controls.
The IS auditor during this stage will be involved in reviewing the proposed controls and
assessing how they meet the needs of the enterprises and the new system. The auditor will
primarily focus on the specifications and proposed controls.
System Design
This activity involves the designing of the system. Using the system specification deve-
loped above, the development team will take up the challenge of designing the proposed
system. The design is basically the structure of the system and how it will interact and in-
tegrate with other systems in the enterprise. The design of the new system would be based
on the specification developed during the system specification stage. The project team dur-
ing this phase will change character from a user-dominated team to a more technical team.
The development team might look at other options, either developing the system internally
or hiring a developer. The team might consider customising an existing system used by a
similar enterprise or one which closely meets the requirements of the enterprise.
The development team might also consider procurement of an off-the-shelf system which
has been developed by software houses. Such a system should be reviewed by the devel-
opment team to ensure that it meets the requirements outlined in the system specification.
The IS auditor would also be interested in finding out if the system is able to incorporate
the controls and security features outlined in the specification.
The IS auditor would look at a number of IT controls as the system is being designed. It
is important that the IS auditor is involved in the design stage as the system is being de-
veloped and not wait until the development is completed. It is recommended that the IS
auditor should review the system stage by stage. The development process should have a
number of checkpoints and milestones. The milestone might be a completion of a module
or sub-module. The IS auditor can review the development of the system after each mile-
stone or checkpoint. The advantage of reviewing each module is that the development team
will be able to rollback if the IS auditor raised issues which impact future modules or if
there are missing system features in the developed modules. It is common to find system
features which have not been developed accordingly to specification.
Search WWH ::
Custom Search