Please enable JavaScript.
Coggle requires JavaScript to display documents.
COMPUTERS - Coggle Diagram
COMPUTERS
A purchased package system
a. Specification and selection of packages:
i. Discussions with other users;
ii. Observing operation of package;
iii. Questioning other users of package:
iv. Facilities offered by program;
v. Freedom from program errors;
vi. Speed and efficiency;
vii. Ease of use;
viii. Quality of support.
b. Implementation and testing of packages:
i. Testing:
ii. Independent testing;
iii. Review of experiences of other users.
iv. Implementation:
Involvement of:
a. User departments;
b. Data processing;
c. Management;
d. Quality assurance.
c. General important information to consider when purchasing a package:
i. Package must meet user requirements:
ii. Prepare statement of requirements;
iii. Measure available packages against requirements.
iv. Keep in mind:
v. Minimum changes should be made to package;
vi. If modifications is necessary, use normal rules w.r.t. system development;
vii. Possibility of future amendments (e.g. tax updates);
viii. Quality of maintenance service from supplier.
d. Advantages of purchased systems:
i. Less implementation time (immediate implementation);
ii. Lower cost and cost is predetermined;
iii. Tested thoroughly – thus very reliable.
e. Disadvantages of purchased systems:
i. Dependent on vendors for maintenance;
ii. Too general /inflexible to cater for needs;
iii. Change maintenance difficult/impossible;
iv. Written overseas (Vat and Tax differs).
system maintenance controls: complete, valid, properly tested and info is backed-up and can be restored.
Completeness:
To ensure all approved requests for changes are processed
• Achieved by:
o Pre-numbered change request forms
o Do regular sequence checks; or
o Enter change forms in a register
o Outstanding requests reviewed by senior official
Validity:
Requests should be approved by correct level of authority depending on importance
• User requirements
• Reviewed by data processing department
• Documented
Organisation and Management controls:
Computer department is to be represented on the Board of Directors/Governing Body;
• CIS manager should report to senior management;
• Top Management should be committed to controls and to implement management controls
such as establishing an Internal Audit department;
• Computer steering committee set IT policies and exercise control over IT activities;
• The rotation of operator duties;
• System development staff not assigned to operator duties;
• At least two operators per shift (scheduling of staff);
• Staff should take regular leave;
• Training of staff and career development;
• Supervision and review
Segregation of duties:
Functional:
o Separate CIS Department
• Operational:
o SOD between:
▪ System analysts
▪ Programmers
▪ Operators
• Normal SOD between:
o Transaction initiation
o Authorisation
o Processing
o Safeguarding
• Independent person must correct error
System Development and Implementation Controls:
Self-developed system
a. Project authorisation and management:
i. The project should be authorised and managed properly;
ii. There should be a development plan that is fully authorised;
iii. The IT Steering committee, that is made up of senior management from both
user and computer departments should authorise the project/development.
iv. The steering committee must ensure that :
The project is authorised;
Timetables are adhered to;
Budgets are achieved;
Quality requirements are met.
v. There should be involvement from the following departments during development.
1. User department:
a. To ensure that departmental requirements are incorporated into the new system
b. Internal / external auditors must be involved in the process to ensure proper controls are implemented.
2. Data processing department:
a. To assist/ensure technical soundness;
b. To ensure the system is compatible with other systems;
c. To test all operational aspects.
3. Quality control department:
a. Ensure the correct standard of design is used;
b. To ensure proper testing is done;
c. To ensure that the programme is documented.
vi. A feasibility study should be performed to determine if the company should buy/self-develop a programme. a cost versus benefit analysis should also be done.
vii. A project team will do the following:
The day to day management of the project;
Ensure the project is developed in stages;
Prepare timetables for each stage of the development.
viii. Project should be authorised after feasibility study is conducted.
b. System specification and user needs:
i. Here you will define the way the system must work to ensure it will meet the specifications of the user and the business.
ii. There are two methods of specifying systems:
1. Traditional method:
a. Written systems specification by means of discussions between the data processing department and users.
2. Prototype systems:
a. Design a prototype;
b. Allow the user department to try it out;
c. Refine the design through a series of prototypes
System design and programming standards:
i. These standards will:
Ensure system interacts properly with existing systems and system software.
Ensure that appropriate control-related programmed procedures are built in.
Ensure there is supervision over system design;
Ensure the system complies with predetermined standards;
It should always be done on a program library and not live data.
d. Testing of new system:
i. Testing of a self-developed system should be carried out in 3 stages:
Program testing:
a. Checking the logic of the program to their specs.
System testing:
a. Ensure the logic of various individual programs links together to form a system in-line with the detailed system description.
Live testing:
a. Parallel running:
i. New system in parallel with old system;
ii. Problem: cost of double processing, difficulty of comparison (e.g additional info)
b. Pilot running:
i. Introduce system for only small portion.
e. Conversion to new system:
i. General controls during conversion to the new system (self-developed / purchased)
Planning and preparation:
a. Prepare timetables for conversion;
b. Define methods used (e.g. parallel / pilot);
c. Determine cut-off dates;
d. Prepare data files for conversion (e.g. Standing data);
e. Training of staff;
f. Balance files on old system ;
g. Prepare premises (constant power / air-con).
Control over conversion of data by data control group:
a. Supervision by senior management;
b. Auditor involvement.
Update system documentation:
a. System flowcharts;
b. System descriptions;
c. Operating manuals.
Testing:
a. Balancing old files with new files;
b. Third party confirmations;
c. Follow up of exception reports;
d. Comparison with data run on old system (parallel);
e. Manual comparison of data;
f. Approval by users.
Backup of new system
Post-implementation review.