Biometric

devices
Central
system
administrator
Screening
router

Proxies
Message
transaction
log
Noise
systems
development
life cycle
(SDLC)
technical
design
activities

internal
auditor

formal testing
and
acceptance
event

maintenance
phase of the
SDLC.
source
program
library
No controls

separate
passwordcontrolled

The ultimate in user

identification procedures
The discretionary access
privileges that allow users to
browse data
that examines the source and
destination addresses that are
attached to incoming message
packets. The firewall accepts or
denies access requests based on
filtering rules that have been
programmed into it.
Another name given to security
applications
The log in which all incoming
and outgoing messages as well
as attempts
The random signal that can
interfere with message signal
as a multiphase process by
which organizations satisfy their
formal information needs
translate user specifications into
a set of detailed technical
specifications for a system that
meets the users needs. The
scope of these activities includes
systems analysis, feasibility
analysis, and detailed systems
design
can serve as a liaison between
users and the systems
professionals to ensure an
effective transfer of knowledge
to be the most important
control over the systems
development process. This is the
last point at which the user can
determine the systems
acceptability prior to it going
into service
This is the longest period in the
SDLC, often spanning several
years.
application program modules
are stored in source code form
on magnetic disks
In this situation, access to
application programs is
completely unrestricted
a strict separation is maintained
between the production
programs that are subject to

libraries

maintenance in the SPL and

those being developed.

program
modification
reports,

The most useful of these

are____ which describe in
detail all program changes
(additions and deletions) to
each module.
necessary to achieve each of
these objectives are
examined in the following
section.
Their function is to retrieve
applications from the
program libraries for
maintenance and to restore
the modified programs to the
library.
which ensure that the
application creates an
adequate audit trail
which determine that an
application processes each
record only once.
which ensure that the
application creates an
adequate audit trail. T
which identify missing data
within a single record and
entire records missing from a
batch.
Ensure that mathematical
calculations are accurate and
posted to the correct
accounts
Verify that individuals
programmed procedures
attempting to access is valid
) is a variant of the test data
approach. conducted with a
set of test transactions
containing all possible
transaction types. These are
processed through repeated
iterations during systems
development
performs an electronic walkthrough of the applications
internal logic.
approach is an automated
technique that enables the
auditor to test an
applications logic and

tests of
controls

library
access
privileges
only to
system
librarians.
Audit trail
tests,
Redundancy
tests
Audit trail
tests,
Completenes
s tests,

Accuracy
test

Access test

Base case
system
evaluation
(BCSE

tracing

The
integrated
test facility
(ITF)

Parallel
simulation

generalized
audit
software
(GAS).
Embedded
audit module
(EAM)

GENERALIZE
D AUDIT
SOFTWARE

controls during its normal

operation
involves creating a program
that simulates key features or
processes of the application
under review. The simulated
application is then used to
reprocess transactions t
Simulation packages are
commercially available and
are sometimes a feature of
___
techniques use one or more
programmed modules
embedded in a host
application to select, for
subsequent analysis,
transactions that meet
predetermined conditions.
GAS is the most widely used
CAATT for IT auditing

1. User personnel
2. System professionals
3. Internal auditors
The auditors objectives are to determine
that
(1) maintenance procedures protect applications
from unauthorized
changes,
(2) applications are free from material errors, and
(3) program libraries are protected
from unauthorized access.

Audit Procedures for Identifying

Unauthorized Program Changes
1. RECONCILE PROGRAM VERSION

NUMBERS
2. CONFIRM MAINTENANCE

AUTHORIZATION.
Audit Procedures for Identifying Application
Errors

Pg 725

1. reconcile the source code

2. review the test results
3. retest the program

5 Sdlc activities
1.
2.
3.
4.
5.

System authorization acti.

User specification acti.
Technical design acti.
Internal audit participation
Program testing

3 test team

Controls relevant to financial reporting.

1. input controls
2. processing controls
3. output controls