I-(i) Functional Specifcation

Has the end user agreed that the defned requirement is

correct?
Did the end user participate in the development of the
requirements?
Is there a user sign-of at the end of the requirements
phase?
Do the requirements defne the limits of possible
changes to the data volumes during the expected life of
the application system?
Was an analysis of security requirements carried out at
the requirements analysis stage of the proect?
Have the security requirements been identifed and
agreed prior to development of the application system?
Have appropriate security controls including audit trails
been designed into the application system?
Is an !audit trail" part of the functional specifcation?
Is acceptance criteria defned? If yes verify the system
against it#
I-(ii) Software Development
Is a $roect %anager assigned for the proect?
Is the development methodology divided into a
reasonable number of phases?
&re there management chec'points at the end of each
phase?
Ho( frequently is the progress reported to the $roect
%anager?
I-(iii) Project Management
&re the estimates monitored?
&re variances from schedules for(arded to senior
management for action?
&re the estimates and schedules changed as the
proects )uctuate due to change requests or change in
priority?
Does the proect have a *oft(are +uality &ssurance
$lan?
Is $roect %ilestone updated and $roect schedule
monitored
I-(iv) Program change control
Does the application have a version number?
In ho( many libraries,folders,directories,$-s is the
source stored?
Is the source code pass(ord protected?
$age . of ./
Ho( many programmers have access to the source
code?
0n a sample basis1 does the !*oft(are -hange 2equest"
form tally (ith the actual change made to the soft(are?
Do programmers (rite comments al(ays (ithin the
source code?
Was any !emergency" amendment made to this
application system? If so1 (hen (as it made and (hen
(as it chec'ed and authori3ed?
Is a confguration management tool used for this
application system?
Is the user manual updated after a maor change to the
soft(are?
Is the -hange 2equest form updated and corresponding
entry made in 4ug 5rac'er 67xcel sheet to trac' the
bugs#8

I-(v)-a Testing inepenentl!
Is this application system tested independently in
5echnology Department??
&re end users involved in independent testing?
Does the independent testing include testing of
documentation?
Does the independent testing analy3e the manual
portions of the system?
&re independent test reports prepared?
Does independent testing validate all of the support
systems including operator procedures and bac'up
procedures?
Does the independent testing analy3e the adequacy of
the system of internal control?
Does the independent test group understand the
business nature of the application being tested?
I-(v)-" Testing #rror $onitions
Has a brainstorming session (ith end users been
performed to identify functional errors?
$age 9 of ./
Have functional error conditions been identifed for the
follo(ing cases:
a; 2eection of invalid codes
b; 2eection of out-of-range values
c; 2eection of improper data relationships
d; 2eection of invalid dates
e; 2eection of unauthori3ed transactions of follo(ing
types:
- <ot a valid value
- <ot a valid customer
- <ot a valid product
- <ot a valid transaction type
- <ot a valid price
- <ot a valid date
- <ot a valid => rate
- <ot a valid interest rate
- *pecifc $roect 2equirements
f; &lphabetic data in numeric felds
g; 4lan's in a numeric feld
h; &ll blan' condition in a numeric feld
i; <egative values in a positive feld
; $ositive values in a negative feld
'; <egative balances in a fnancial account
l; <umerics in an alphabetic feld
m; 4lan's in an alphabetic feld
n; ?alues longer than the feld permits
o; 5otals (hich exceed maximum si3e of total felds
p; $roper accumulation of totals @ at all levels for
multiple level;
q; Incomplete transactions @i#e#1 one or more felds
missing;
r; 0bsolete data in the feld @i#e#1 a valid code that is
no( invalid;
s; <e( value (hich (ill become acceptable in future
t; & postdated transaction
u; -hange of a value (hich afects a relationship@e#g#1
!-" in Aulian;
I-(v)-" Testing #rror $onitions - continued
Has the data dictionary list of feld specifcations been
used to generate invalid specifcations?
Have the architectural error conditions been tested:
a; $age over)o(
b; 2eport format conformance to design layout
c; $osting of data to correct portion of reports
d; $rinted error messages represent actual error
condition
e; &ll instructions are executed
f; &ll paths are executed
g; &ll internal tables are tested
$age B of ./
h; &ll loops are tested
i; &ll !perform" type of routines are tested
; &ll compiler (arning messages have been adequately
addressed
'; 5he correct version of the program has been tested
l; Cnchanged portions of the system (ill be revalidated
after any part of the system has been changed
I-(v)-c Testing States
Has the state of an empty table been validated?
Has the state of an insuDcient quantity been validated?
Has the state of a negative balance been validated?
Has the state of duplicate input been validated?
Has the state of entering the same transaction t(ice
been validated?
Has the state of concurrent update been validated?
I-(vi) Implementation an ata conversion
&re application defects apparent before the system is
placed into production?
Is the end user a(are of application defciencies before
they are placed into production?
&re there adequate library controls to ensure that the
proper version of the soft(are is installed?
&re detailed implementation plans prepared before
going live?
I-(vii) Training
&re operations personnel trained in operating the ne(
application?
&re the training materials consistent (ith the updated
soft(are?
&re ne( employees given a(areness training?
&re the training needs assessed?
Is the operations staf informed of ho( to handle all
abnormal conditions for ne( applications @e#g#1 abnormal
terminations or out-of-control conditions?
I-(viii) %ac&-up an recover!
Ho( frequent is the data bac'-up?
Ho( frequent is the program bac'-up?
&re copies of program and data stored of-site?
Is the bac'-up tested on a separate machine to confrm
recovery?
&re storage media recopied regularly to ensure
readability?
Is there a procedure for recovery and business continuity
$age / of ./
including manual (or' required in case of a disaster?
Ho( long does it ta'e to set up the application on a ne(
machine?
I-(i') (ccess control ) securit! ) custo!
Is the anti-virus prevention system operational on the
computer that is running this application?
&re the source programs protected from unauthori3ed
access?
Is system documentation protected from unauthori3ed
access?
Has all confdential information been identifed?
Have the potential consequences of unauthori3ed
disclosure been assessed?
&re only those (ho have a !need to 'no(" authori3ed to
access?
Is information transmitted over telecommunication
net(or's encrypted?
Is access to authenticator 'eys and authentication
routines restricted to authori3ed persons?
&re storage media containing sensitive data and
programs stored in a securely loc'ed area and protected
from unauthori3ed removal?
Is test data protected and controlled?
Is a terminal loc'up used to prevent unauthori3ed access
after a pre-determined number of incorrect attempts to
access the system have been made?
Does the system automatically shut do(n the terminal
in question and allo( intervention only by specially
assigned department supervisors?
Is each user limited to certain types of transactions?
&re commands controlling operation of the application
restricted to:
- limited number of personnel
- limited number of terminals
Does senior management periodically revie( the
terminal authority levels in the event of a purported or
real security violation?
Has the security oDcer initiated a revie( program to
ascertain (hether controls are fully operational?
Does terminal hard(are include the follo(ing?
- 5erminal authori3ation?
- 5erminal log for transactions?
I-(') Segregation of uties
&re development and testing facilities separated from
operational systems?
&re duties separated to ensure that no one individual
performs more than one of the follo(ing operations?
$age E of ./
Data origination?
Data input?
Data processing?
0utput distribution?
&re the functions of preparer and verifer adequately
segregated?
I-('i) Frau etection an prevention
&re confrmations received through telecommunication
net(or's chec'ed promptly against source documents?
&re the authori3ation limits for individual staf revie(ed
regularly?
Is the use of utility programs @e#g#1 Data =ile Ctility1
<et(or' *nifer; restricted and closely controlled?
&re the computer cloc's synchroni3ed for accurate
recording?
&re movements in inactive accounts revie(ed regularly?
II * (i) Source ocument origination
&re source documents designed to minimi3e errors and
omissions?
Is access to source documents and blan' input forms
restricted to authori3ed personnel?
&re source documents and blan' input forms stored in a
secure location?
Is authori3ation from t(o or more accountable
individuals required before source documents and blan'
input forms are released from storage?
II-(ii) Source ocument authori+ation an transmission
&re authori3ing signatures used for all types of
transactions?
Is evidence of approval required for specifc types of
critical transactions @e#g#1 control bypassing1 system
overrides1 manual adustments;
&re there satisfactory controls over the physical
transmission of authori3ed source documents?
II-(iii) Source ocument error-hanling
&re there documented procedures for handling source-
document errors?
Do they include the follo(ing?
- 5ypes of error conditions
- -orrection procedures to follo(
- %ethods for reentry of documents
II-(iv) Source ocument retention
$age F of ./
&re source documents retained so that data lost or
destroyed during subsequent processing can be re-
created?
Does each type of source document have a specifc
retention period pre-printed on the document?
&re source documents stored logically to facilitate
retrieval?
Is a copy 'ept in the originating department (henever
the source document leaves the department?
Is access to records in the originating department
restricted to authori3ed personnel?
When source documents reach their expiration dates1
are they removed from storage and destroyed in
accordance (ith security classifcations?
III-(i) Data entr! * authori+ation (Software relate)
Is pass(ord control used to prevent unauthori3ed use of
the terminal?
&re non-displaying facilities used (hen 'eying
pass(ords?
&re pass(ords changed periodically?
&re pass(ords deleted once a person is transferred or
leaves the ob#
Is a report produced immediately (hen unauthori3ed
system accesses are attempted by (ay of terminal
devices?
Does this report include the follo(ing:
- Gocation of the device?
- Date and time of violation?
- <umber of attempts?
- Cser Identifcation?
III-(ii) Data entr! * completeness an accurac!
%ust all documents entered into the computer be signed
or mar'ed to indicate that they (ere in fact entered into
the system1 to protect against or reuse of the data1
(hether available or other(ise?
Does terminal hard(are include the follo(ing:
- 5ime-stamped messages?
- 2ecord counts?
III-(iii) Data valiation an eiting (Software relate)
&re pre-programmed 'eying formats used to ensure that
data is recorded in the proper feld1 format1 etc?
&re help fles used (ith on-line dialogue to reduce the
$age H of ./
number of data entry errors?
&re all input data felds subected to data validation and
editing (hen an error is detected in an earlier feld of the
same transaction?
III-(iii) Data valiation an eiting (Software relate) -
continued
&re the follo(ing chec'ed for validity on all input
transactions?
- -odes?
- -haracters?
- %issing data?
- 7xtraneous data?
- Gimit chec's?
- 2ecord mismatches?
- *equence?
- 4alancing of quantitative data?
- -ross-footing of quantitative data?
- /-digit year?
- 7urocurrency?
&re overrides and bypasses restricted to oDcers?
&re overrides and bypasses automatically recorded and
submitted to oDcers for analysis?
Does the application prevent entry of duplicate records?
In ICI applications and data entry screens1 are radio
buttons used for mutually exclusive options?
III-(iv) Data input error hanling (Software relate)
&re transaction reections caused by data entry errors
recorded?
&re debit and credit type entries used instead of delete
or erase type commands to correct reected transactions
on the suspense fle?
Is the application designed to reect delete or erase type
commands?
III-(iv) Data input error hanling (non-technical)
Do documented procedures explain ho( to identify1
correct1 and reprocess data reected by the application?
&re errors displayed or printed immediately on detection
for immediate correction by terminal operator?
Do error messages provide clear1 understandable1 cross-
referenced corrective actions for each type of error?
&re error messages produced for each transaction
containing data not meeting edit requirements?
$age J of ./
&re error messages produced for each input data feld
not meeting edit requirements?
&re transaction reections1 caused by data entry errors1
corrected by the terminal operator?
&re transaction reections1 not caused by data entry
errors1 corrected by the user originating the transaction?
Does the user department independently control data
reected by the application?
Is the automated suspense fle used to control follo(-up1
correction1 and re-entry of transactions reected by the
application?
Is the automated suspense fle used to produce analysis
of the follo(ing for management revie(?
- Gevel of transaction errors?
- *tatus of uncorrected transactions?
III-(iv) Data input error hanling (non-technical) -continued
&re these analyses used by management to ma'e sure
that corrective action is ta'en (hen error levels become
too high?
&re these analyses used by management to ma'e sure
that corrective action is ta'en (hen uncorrected
transactions remain far too long on the suspense fle?
&re reports made to progressively higher levels of
management if these conditions (orsen?
&re all corrections revie(ed and approved by oDcers
before re-entry?
I,-(i) Data processing integrit! (Software relate)
&re there chec's to ensure that the correct program and
data fles are used? @e#g#1 by using a utility in the
operating system;
Is there a logging type facility @audit trail; in the
application to assist in reconstructing data fles?
Does the application protect against concurrent fle
updates?
&re transactions date- and time-stamped for logging
purposes?
Is a history log printed out as (ell as displayed on a
terminal?
Does the history log include the follo(ing:
- Hard(are failure messages?
- *oft(are failure messages?
- $rocessing halts?
- &bnormal termination of obs?
- 0perator interventions?
- 7rror messages?
- Cnusual occurrences?
- 5erminal failure messages?
- 5erminal startup?
$age K of ./
- 5erminal shutdo(n?
- &ll input communication messages?
- &ll output communication messages?
Is the log routinely revie(ed by oDcers to determine the
causes of problems and the correctness of actions
ta'en?
&re periodic balances made at short intervals to ensure
that data is being processed accurately?
Is of-line fle balancing performed on the follo(ing:
- 4atch counts?
- 2ecord counts?
- $re-determined control totals?
- 0ther? @specify;
Does each input transaction have a unique identifer
@transaction code; directing it to the proper application
program for processing?
Do programs positively identify input data as to type?
@alpha or num#;
&re computer generated control totals@run-to-run totals;
automatically reconciled bet(een obs to chec' for
completeness of processing?
&re there controls to prevent operators from
circumventing fle chec'ing routines?
I,-(i) Data processing integrit! (Software relate)
-continued
&re internal trailer labels containing control totals @e#g#1
record counts1 pre-determined control totals; generated
for all computer fles and tested by the application
programs to determine that all records have been
processed?
&re fle completion chec's performed to ma'e sure that
application fles have been completely processed?
Do data processing controls ensure that :
- output counts from the system equal input
counts to the system?
- program interfaces require that the sending
program output counts equal the receiving program
input counts?
- system interfaces require the sending
system"s output counts to equal the receiving
system"s input counts?
- system interfaces require that shared fles
meet the control requirements of both the sending
and receiving systems?
Is there a daily automatic chec'ing of 'ey felds?
I,-(i) Data processing integrit! (non-technical)
Do documented procedures explain the methods for
$age .L of ./
proper data processing of every application program?
Is there a logging type facility @audit trail; in the
application to assist in reconstructing data fles?
Is a history log printed out as (ell as displayed on a
terminal?
Is the log routinely revie(ed by oDcers to determine the
causes of problems and the correctness of actions
ta'en?
&re periodic balances chec'ed at short intervals to
ensure that data is being processed accurately?
&re signifcant samples of updated records chec'ed
manually each day for accuracy?
I,-(iii) Data processing valiation an eiting (Software
relate)
&re batch control totals generated by the application to
validate the completeness of batches received?
&re record counts generated by the application to
validate the completeness of data input?
&re pre-determined totals generated by the application
to validate the completeness of data input?
Does a direct update to fles cause the follo(ing to
occur:
- & record is created and added to a bac'up
fle1 containing a before-and-after picture of the record
being altered?
- 5he transaction is recorded on the
transaction history fle together (ith the date and time
of entry and the originator"s identifcation?
I,-(iv) Data processing error hanling (Software relate)
Do documented procedures explain ho( to identify1
correct1 and reprocess data reected by the application?
Is every data item that is reected by the application
automatically (ritten on an automated suspense fle?
Does the automated suspense fle include the follo(ing?
- -odes indicating error type?
- Date and time the transaction (as entered?
- Identity of the user (ho originated the
transaction?
- Identity of the terminal from (here the data
(as input?
&re record counts automatically created by suspense fle
processing to control these reected transactions?
&re pre-determined control totals automatically created
by suspense fle processing to control these reected
transactions?
&re transaction reections transmitted to the users
$age .. of ./
originating them so that corrective action can be ta'en?
Is the automated suspense fle used to control follo(-up1
correction1 and re-entry of transactions reected by the
application?
Is the automated suspense fle used to produce analysis
of the follo(ing for management revie(?
- Gevel of transaction errors?
- *tatus of uncorrected transactions?
&re these analyses used by management to ma'e sure
that corrective action is ta'en (hen error levels become
too high?
&re these analyses used by management to ma'e sure
that corrective action is ta'en (hen uncorrected
transactions remain on the suspense fle too long?
&re reports made to progressively higher levels
management if these conditions (orsen?
&re debit and credit type entries used instead of delete
or erase type commands to correct reected transactions
on the suspense fle?
Is the application designed to reect delete or erase type
commands?
Do valid correction transactions purge the automated
suspense fle of corresponding reected transactions?
&re invalid correction transactions added to the
automated suspense fle along (ith the corresponding
reected transactions?
&re record counts appropriately adusted by correction
transactions?
&re pre-determined control totals appropriately adusted
by correction transactions?
&re the procedures for processing corrected transactions
the same as those for processing original transactions1
(ith the addition of supervisory revie( and approval
before re-entry?
,-(i) -utput "alancing an reconciliation (Software relate)
Is message content validated before it is displayed1
(ritten1 or printed on the output device?
&re all activities of the day summari3ed and printed for
each terminal device?
&re these activity reports used to provide an audit trail
for the reports?
&re these reports revie(ed by oDcers to determine the
correctness of output production?
Is the application using 0pen Data 4ase -onnectivity
@0D4-;? What are they?
Does the application have &pplication $rogram
Interfaces @&$I;?
$age .9 of ./
,-(ii) -utput "alancing an reconciliation (non-technical)
Do documented procedures explain the methods for
proper balancing and reconciliation of reports?
0n each report1 does the application identify the
follo(ing:
- 5itle or name of product?
- $rocessing program name or number?
- Date and time prepared?
- $rocessing period covered?
- Cser name and location?
- -ounts developed during processing?
- 7nd-of-ob indication?
- *ecurity classifcation1 if any?
,-(ii) -utput "alancing an reconciliation (non-technical)
-continued
Has a priority system been established so that critical
output can be transmitted on time?
-an transactions be traced for(ard to the fnal reports?
-an transactions be traced bac'(ard to the original
source documents?
,-(iii) -utput istri"ution
&re there documented procedures explaining the
methods for proper handling and distribution of reports?
&re duties separated from input and authori3ation?
&re users questioned periodically to determine their
continued need for the products and the number of
copies received?
,-(iv) -utput error hanling
Do documented procedures explain the methods for user
department reporting and control of output errors?
Is the user notifed immediately of output problems?
&re the reports from re-run obs subect to the same
quality revie( as (ere the original erroneous reports?
,-(v) -utput retention
Have record and document retention periods been
established?
&re the periods reasonable for bac'up and audit
$age .B of ./
purposes?
&re appropriate methods @e#g#1 degaussing1 shredding;
used to dispose of unneeded records and documents?
Is access to records and documents restricted to
authori3ed individuals?
&re reports periodically revie(ed to determine (hether
they are still needed by the user?
Is the dual-custody technique used to control
accountable documents @e#g#1 cheque1 bond1
identifcation card stoc'; during the follo(ing periods:
- In storage?
- In transit?
- Waiting to be used by the application?
- 4eing used by the application?
- Waiting for distribution?
- Waiting for destruction?
- Waiting for transit bac' to storage?
Is access to accountable documents restricted to
authori3ed personnel?
$age ./ of ./