Information Technology Reference
In-Depth Information
It should be noted that despite the many testing activities and user involvement to review
the new application system, some glitches might still remain and affect the post implement-
ation of the system. The IS auditor will be required to review changes which are being pro-
posed during post implementation.
If changes to the system are made during post implementation, the system documentation
should also be updated to reflect the new changes. The documentation to be updated should
include training manuals, procedures manuals, and any other essential online tools such as
help menus or frequently asked questions (FAQ).
Operation and Maintenance
The post implementation period is usually of a limited duration, and often vendors would
insist on a specific period. After the post implementation period, the system is considered
to be in operation, and all systems should be monitored accordingly.
The IS auditor should also be ready to conduct regular application systems audits. We
should remember that the IS auditor was not involved in the designing of the system but
merely reviewing the various stages of the system development life cycle and ensuring that
the required specifications regarding IT controls, security, and other relevant functions are
implemented according to specifications.
Regular monitoring of the system by IT management is a required activity which would
ensure that management is on top of things regarding the use of the enterprise application
system. In some cases, monitoring tools might be embedded in the system and can be used
by IT management to implement regular or continuous monitoring. The IS auditor would
make use of the collected data during planned IS audits. The IS auditor can also use the
monitoring tools to carry out regular or continuous audits.
During the life of the system, maintenance activities will need to be carried out, such as
software updates, security fixes, and patches. The IT and user teams should put in place
necessary procedures for handling system maintenance.
In order to ensure implementation of a good maintenance program, the enterprise should
have a service-level agreement (SLA) with the vendor or software developer. The SLA can
be used to ensure that the enterprise receives the required and appropriate service from the
vendor. SLAs are contracts which can be difficult to implement in some cases due to differ-
ent interpretations between the software vendor and the enterprise. It is important that both
parties understand the requirements of the SLA by having meetings or involving other spe-
cialists before the contract is signed. The IS auditor should also be involved in the review
of the SLAs and the IS auditors input would add value.
IT management should ensure that the source code is in the possession of the enterprise
or an accepted escrow agent. If this is required, appropriate mutually agreed escrow agree-
Search WWH ::
Custom Search