What could happen should there be no control in the systems development and systems maintenance? A properly functioning systems development process ensures that only needed applications are created, that they are properly specified, that they possess adequate controls, and that they are thoroughly tested before being implemented. The systems maintenance process ensures that only legitimate changes are made to applications and that such changes are also tested before being implemented. These processes establish the accuracy of the new applications and preserve their integrity throughout the period. Thus, if the auditor can verify that the processes mentioned are effectively controlled, the auditor can limit the extent of application controls and substantive testing that needs to be done. This is why controls are very important during the systems development and systems maintenance.
In a worst-case scenario wherein there is no control existing or whatsoever, two serious forms of exposures are cited by John Hall:
? Access to programs is completely unrestricted. Programmers and others can access any programs stored in the library, and there is no provision for detecting an unauthorized intrusion.
? Because of these control weaknesses, programs are subject to unauthorized changes. Hence, there is no basis for relying on the effectiveness of other controls (e.g. maintenance authorization, program testing, and documentation). With no provision for detecting unauthorized access to the SPL (Source Program Library), program integrity cannot be verified.
Given the company's very nature ? a bank ? data integrity is a must. Without the proper controls implemented, data quality is sacrificed. The very role of an auditor in the SDLC is defeated.
Why are a ...