Information Technology Reference
In-Depth Information
One of the critical controls which the IS auditor should review during this activity are ac-
cess controls. These controls concern the rights of users on the system. The review will in-
clude reviewing controls which will be built into the system and those controls around the
system. Inbuilt controls would include password controls, user account controls, and ac-
cess rights to modules in the application system. Users will not have the same rights on the
system, some users will have read-only rights, whilst others will have rights to post trans-
actions and make changes to information stored on the system. Controls around the system
will include authorisation of users to have access to the system and determining what type
and level of access to be granted to various users and groups of users. In some enterprises,
this process is conducted outside the system.
Processing controls are normally imbedded into the application systems. It is also the re-
sponsibility of the IS auditor to ensure that these controls are included into the system dur-
ing the design. Processing controls would include procedures which enable processing of
data as required by various business processes. For example, a business process might be
used to pay commissions to brokers or sales representatives. A control can be designed
which ensures that the right commission is paid by using the right commission rate, product
type, and revenue generated.
Processing controls in some cases support complex processing systems and are also in
themselves complex tools. Checking of all these processes require high-level skills and
knowledge of system logic and possibly knowledge and skills in the platform and program-
ming language which will be used to develop the system. The IS auditor can use various
design tools which are available on the market. These tools can be used to test the design
logic of a particular module or a set of modules. Other tools can be used to test data flows,
database schema, and integration with other systems.
System Deployment
At this stage, the design of the system would have been approved by the development team
and management. This stage is about developing the system. The development team has
the option of developing a system from scratch or customising an existing system.
The development stage which involves coding a new system is normally used where the
enterprise cannot find an existing system which closely meets the system specification or
the enterprise prefers to develop its own system because of various concerns and require-
ments.
Development of a system can be time-consuming and complex. The developers will need
to understand the design and specification of the system before they can start coding. The
coding process itself can also be a long process, but with new technologies coming on the
market, coding has been made easier with various modern and user-friendly coding tools.
Search WWH ::
Custom Search