SYSTEMS DEVELOPMENT CONTROLS


These are intended to ensure that we have a valid system of processing whenever new applications are devised, meeting the requirements of management and user department. These aims are achieved by:

(a) The use of standard documentation;

(b) The use of standard procedures whenever possible;

(c) Specifying rigid authorisation procedures whenever new applications are envisaged or existing programs amended or extended;

(d) The adoption of adequate testing routines prior to implementation and;

(e) Instituting a comprehensive system of program and document security.

The stages of systems development may be briefly summarised as follows:

i. Feasibility: A committee which would usually include the EDP manager and head of the user department concerned will consider the feasibility of each proposed application from the view points of financial viability and technical capability. The decision therefore rests on the familiar cost benefit equation. The benefits of the new application must be weighed against the cost. If the project is assumed feasible, then the next stage is commenced. It may be advisable to inform the auditor to obtain his input at this stage because the auditor is an expert on systems of internal controls, he is also very knowledgeable on the requirements of the Companies Acts as far as proper books of accounts are concerned. He may also have requirements that need to be taken into consideration and he may also know the best suppliers of the equipment that would be more suitable for the company's needs.

ii. Systems Analysis: The systems analysts are highly trained members of the development personnel. They will consider every new application from every relevant angle taking into account the needs of all those affected by the proposed changes. The external auditor should be consulted at this point on particular features which he requires to be included. This will save the problem of the loss of audit trail that frequently occurs. Once all the users including the auditor have been consulted as to their specific needs and the manner in which their work will be affected by the new procedures and documentation, the systems analyst then set out the program requirements in the form of flow charts known as block diagrams. These must be approved before programming can begin.

iii. Programming: Compared with systems analysis which requires a certain degree of creativity and imagination, programming is a mechanical exercise mainly requiring strict adherence to the logical steps which one by one make up the program.

iv. Program testing: Program testing is divided into desk checking which as the name suggests takes place at the desk rather than on the computer. Here each instructon is tested by the programmers for logic, consistency and accuracy with reference to created test data. As each logic error is discovered the necessary corrections are made. This is called debugging. The use of test packs. Created data designed to highlight as many problems and potential logic errors as possible are punched and run on the computer against the new program. The output will then be closely compared with pre-prepared hand written results and any further errors revealed will be corrected. Pilot running: In this case the new programs are tested against batches of live data covering the range of possible inputs as comprehensively as possible. Once again this is compared with manually prepared results. The chief programmer will then inform the EDP manager that the program has been thoroughly tested and debugged and is performing the task it was designed for.

v. Parallel running: This stage requires the new system and the existing system to operate side by side for a lengthy period during which results are compared. This is designed to ensure that the program responds correctly to the real processing requirement of the user department involved, that adequate computer time will be available, that any errors remaining can be eliminated and that the user department staff get used to the new routines and documentation. It may be useful to get the auditor in to carry out a few tests to enable him assess the adequacy of the controls incorporated in the systems design.

vi. File conversion: Assuming that all the previous five stages have been successful and have been duly approved, then all the files need to be converted into computer format. This is usually a troublesome and time consuming exercise and before the manual records are destroyed, it is important to ensure that the converted files are accurate, complete and up-to-date.