The implementation phase of the systems development life cycle (SDLC) is the most expensive and time-consuming phase of the entire life cycle. Implementation is expensive because so many people are involved in the process; it is time consuming because of all the work that has to be completed. In a traditional plandriven systems development project, physical design specifications must be turned into working computer code, and the code must be tested until most of the errors have been detected and corrected. In a systems development project governed by agile methodologies, design, coding, and testing are done in concert, as you learned in previous chapters. Regardless of methodology used, once coding and testing are complete and the system is ready to “go live,” it must be installed (or put into production), user sites must be prepared for the new system, and users rely on the new system rather than the existing one to get their work done.
I think 3.6 is interesting because this section is related to the business applications implemented by the system . When running a website or application, e-commerce is the main profit driver. Without a safe and efficient e-commerce system, companies cannot sell their products or services. For enterprises, the security settings of these systems are critical to prevent any data from being destroyed. If customer information is leaked, this may permanently damage the company’s online and offline reputation. In addition, companies with more employees may consider having their own email domain. Again, this system must be very secure. Any hacker can send phishing emails to damage an organization’s system from the inside.
The goal of the training program is to ensure that end users are self-sufficient in the operation of the system. What I find interesting is the end user training part. It tells us that the most important key in end user training is to ensure that training is considered early in the development process and a training project plan is created. In order to develop a training strategy, an organization must appoint a training administrator who will identify users who need to be trained on their specific job functions.
I think 3.5.5 is interesting to me because this section introduces the role of auditors in information systems. It auditors need to participate in the review “testing” stage and perform the following tasks: Check the completeness of the test plan; show evidence of user participation and consider re-running key tests; coordinate control of total volume and conversion data; review error reports to ensure the accuracy of identifying incorrect data and resolving errors; verify the correctness of cycle processing (Month-end, year-end processing, etc.); verify the accuracy of key reports and outputs used by management and other stakeholders; visit the end users of the system to let them understand the new methods, procedures and operating instructions; review the system and End user documentation to determine its completeness and verify its accuracy; check the accuracy of parallel test results; verify whether the system security meets the design requirements through development and execution of access tests; review unit and system test plans to determine whether to plan And implemented internal control tests; audit UAT to ensure that the accepted software has been delivered to the implementation team. Suppliers should not be able to replace this version; review procedures for recording and tracking error reports.
System implementation is made up of many activities. The six major activities we are concerned with in this chapter are coding, testing, installation, documentation, training, and support. The purpose of these steps is to convert the physical system specifications into working and reliable software and hardware, document the work that has been done, and provide help for current and future users and
caretakers of the system.
Through the reading material, I was interested in the IT auditor’s role in information systems, identifying important application system components and transaction flows through the system, and deepening the understanding of the application system by evaluating available documents and conducting appropriate personnel interviews. I think it is necessary to interview people, and it will be interesting to meet people in different positions. This is followed by the analysis of accumulated information, the implementation of appropriate audit procedures, the analysis of test results and other audit evidence, and finally the comparison of effective programming standards and analysis procedures to ensure the implementation of the information system.
Software Testing is a method to check whether the actual software product matches expected requirements and to ensure that software product is Defect free. Software testing is the process of evaluating and verifying that a software product or application does what it is supposed to do. The benefits of testing include preventing bugs, reducing development costs and improving performance.
It involves execution of software/system components using manual or automated tools to evaluate one or more properties of interest. The purpose of software testing is to identify errors, gaps or missing requirements in contrast to actual requirements.
Software Testing is Important because if there are any bugs or errors in the software, it can be identified early and can be solved before delivery of the software product. Properly tested software product ensures reliability, security and high performance which further results in time saving, cost effectiveness and customer satisfaction.
This section relates to business applications implemented by the system. If customer information is compromised, it could permanently damage a company’s online and offline reputation. Vendor should not be able to replace this version; Process for viewing records and tracking error reports. Finally, effective programming standards and analysis procedures are compared to ensure the implementation of the information system.
1.Information systems implementation is when the system is installed and moved into the production environment after appropriate system and users’ acceptance testing. This is the stage at which: • End users are notified. • Data entry or conversions occur. • Training takes place. • Post-implementation reviews occur.
2. IS AUDITOR’S ROLE IN INFORMATION SYSTEMS TESTING
• Review the test plan for completeness;
• Reconcile control totals and converted data.
• Review error reports for their precision in recognizing erroneous data and resolution of errors. • Verify cyclical processing for correctness (month-end, year-end processing, etc.).
• Verify accuracy of critical reports and output used by management and other stakeholders.
• Interview end users of the system for their understanding of new methods, procedures and operating instructions.
• Review system and end-user documentation to determine its completeness and verify its accuracy during the test phase.• Review parallel testing results for accuracy.
• Verify that system security is functioning as designed by developing and executing access tests.
• Review unit and system test plans to determine whether tests for internal controls are planned and performed.
• Review the UAT and ensure that the accepted software has been delivered to the implementation team. The vendor should not be able to replace this version.
• Review procedures used for recording and following through on error reports.
After reading CISA, I was interested in IS auditor’s role in information systems testing. Testing is crucial in determining that user requirements have been validated, the system is performing as anticipated and internal controls work as intended. Therefore, it is essential that an IS auditor be involved in reviewing this phase and perform the following:
1)Review the test plan for completeness;
2) Reconcile control totals and converted data.
3)Review error reports for their precision in recognizing erroneous data and resolution of errors. 4)Verify cyclical processing for correctness.
5) Verify accuracy of critical reports and output used by management and other stakeholders.
6) Interview end users of the system for their understanding of new methods, procedures and operating instructions.
7)Review system and end-user documentation to determine its completeness and verify its accuracy during the test phase.
8)Review parallel testing results for accuracy.
9) Verify that system security is functioning as designed by developing and executing access tests.
10)Review unit and system test plans to determine whether tests for internal controls are planned and performed.
11) Review the UAT and ensure that the accepted software has been delivered to the implementation team. The vendor should not be able to replace this version.
12) Review procedures used for recording and following through on error reports.
I think that the more interesting part of chapters is CISA 3.7 system change procedure and the program migration process Following implementation and stabilization, a system enters into the ongoing development or maintenance stage. This phase continues until the system is retired. The phase involves those activities required to either correct errors in
the system or enhance the capabilities of the system.
In this regard, an IS auditor should consider the following some standards, for example Whether change control is a formal procedure for the user and the development groups, and Whether the change control log ensures all changes shown were resolved.
I am more interested in data migration.
When the source system and the target system are located on different hardware or OS platforms and use different file or database structures, conversion is usually required. Since the conversion process requires a lot of analysis, design and planning, it may become a project in the project.
In this easy process, you also need to pay attention to some risks, such as disrupting conventional operations, violating data security and confidentiality, conflicts and disputes between legacy and migration operations, data inconsistencies and loss of data integrity during the migration process.
System implementation is made up of many activities. The six major activities we are concerned with in this chapter are coding, testing, installation, documentation, training, and support. The purpose of these steps is to convert the physical system specifications into working and reliable software and hardware, document the work that has been done, and provide help for current and future users and caretakers of the system.
Software testing begins early in the SDLC, even though many of the actual testing activities are carried out during implementation. Define each person’s role is also important during the testing.
After reading the material, I am most interested in the data migration of chapter 3.7.1. The data conversion process must provide some means such as audit trails and logs which allows for the verification of accuracy and completeness of the converted data. Following factors needs to be considered during a data migration project – how long the migration will take, the amount of downtime required, and the risk to the business due to technical compatibility issues, data corruption, application performance issues, and missed data or data loss. These factors should be evaluated before migration in order to avoid migration challenges.
The process of testing in Information Systems Implementation is very important. The purpose of system testing is to confirm and evaluate whether the system meets the requirements. The definition is to install and move the system into the production environment after the appropriate system and user acceptance test.
Testing can help participants fix the project during development (check whether there are predictable specific language errors in the code program), instead of discovering the risk of defects in production, thereby reducing the risk. For example, the user acceptance test is the final stage of the software testing process, which is a laborious and important cycle. UAT will directly involve the direct and expected users of the software, and meeting user needs happens to ensure that the software can be applied in actual scenarios. The IS Auditor also plays a role in checking the integrity of the test plan during the testing of the information system. All in all, testing can help to prove that the functions of all parties required by the system are feasible, reasonable, and capable of fulfilling the requirements.
I’m more interested in end-user training. The goal of a training plan is to ensure that the end user can become self-sufficient in the operation of the system. One of the most important keys in end-user training is to ensure that training is considered and a training project plan is created early in the development process. To develop the training strategy, an organization must name a training administrator. The training administrator will identify users who need to be trained with respect to their specific job functions.
Consideration should be given to the following format and delivery mechanisms: Case studies; role-based training; lecture and breakout sessions; modules at different experience levels; practical sessions on how to use the system; remedial computer training; online sessions on the web or on a CD-ROM.
I am interested in the role the IT auditor plays in the Information Systems Implementation. Testing is critical, so IT auditor participation is needed. IT auditor must determine whether user requirements have been validated, the system is performing as expected, and internal controls are working as expected and performing the following tasks:
Review the integrity of the test plan:Indicate evidence of user involvement, such as user-developed test protocols and/or user-signed results; Consider reconfiguring to run important tests
Check control totals and conversion data.
Review error reports to see how accurate they are in identifying incorrect data and parsing errors.
Verify the correctness of periodic processing (monthly end processing, yearly
end processing, etc.)
Verify the accuracy of key reports and outputs used by management and other stakeholders.
Interviews with end users of the system to obtain their understanding of new methods, procedures and operating instructions.
Review system and end user documentation to determine their completeness and verify the accuracy of the group phase of the test.
Review the accuracy of parallel test results.
Verify that system security is maintained as designed by developing and executing access tests
Review unit and system test plans to determine if internal coordination operations have been planned and executed.
Review the UTA and ensure that accepted software has been delivered to the implementation team. Vendor cannot replace this version.
Review procedures for recording and following up error reports
After reading the article of System Implementation, the instersting things I found from this article are contained the following content. Initially, the first insteresting one is the information of the article tells me what the kinds of threats which organizations and the adminstrators of their system might face, Also the article shows me that the implementation of the system is not a simple phase, it is a necessary that the success of the adoption of the system is in relation to the feelings of its users, it should give a clear definition of the functions that can be helpful for the users’ works.
After reading the material, I was most interested in data migration. When the source and target systems are on different hardware or OS platforms and use different file or database structures, conversion is usually required. The data transformation process must provide methods, such as audit trails and logs, to verify the accuracy and integrity of the converted data. There are also risks to be aware of, such as breach of conventional operations, breach of data security and confidentiality, conflicts and disputes between legacy and migration operations, data inconsistencies, and possible loss of data integrity during migration.
Identify important application system components and transaction flows throughout the system, and deepen your understanding of the application system by evaluating available documents and conducting appropriate personnel interviews. . Next is the analysis of accumulated information, the implementation of appropriate audit procedures, the analysis of test results and other audit evidence, and finally the comparison of effective programming standards and analysis procedures to ensure the implementation of the information system.
I am interested in the software life cycle
Any software starts from the most obscure concept: design office process processing for a certain company; design a business letter printing system and put it on the market. This concept is not clear, but it is a prototype of the highest-level business requirements. This concept will be accompanied by a purpose. For example, the purpose of a “bank billing system” is to improve work efficiency. This purpose will become the core idea of the system and the criterion for judging the success or failure of the system. In 1999, government departments installed a large number of OA systems, and people who have learned a little about Lotus Notes have made a fortune (not to mention IBM), but the more general situation is that the original processing mode of many government departments has not changed. Instead, a set of automated processes is added. The original intention of improving work efficiency has led to completely different results. Is this kind of software successful?
From the moment the concept is proposed, the software product has entered the software life cycle. After experiencing requirements, analysis, design, implementation, and deployment, the software will be used and enter the maintenance phase, until it gradually dies out due to lack of maintenance costs. Such a process is called the “Life Cycle Model” (Life Cycle Model).
Effective and efficient development and maintenance of complex IT systems require strict configuration, change and release management processes to be implemented and followed within an organization. These processes provide systematic, consistent, and explicit control over the attributes of the IT components that make up the system (hardware, software, firmware, and network connectivity, including physical connection media lines, optical fibers, and radio frequency [RF]). Understanding the configuration status of the computing environment is very important for the reliability, availability and security of the system, as well as timely maintenance of these systems. Is auditors should understand the tools available to manage configuration, change, and release management, as well as the controls to ensure security between developers and the production environment. Configuration management involves the whole system hardware and software life cycle (from requirement analysis to maintenance) to identify, define and baseline software items in the system, so as to provide the basis for problem management, change management and release management.
The implementation phase of the system development life cycle (SDLC) is the most expensive and time-consuming phase in the whole life cycle. In order to ensure the safety of the whole process, we need effective testing methods. Software testing is a method to check whether the actual software product meets the expected requirements and to ensure that the software product is defect-free. When implementing this approach, we also need to pay attention to some risks, such as breaking regular operations, violating data security and confidentiality, and conflicts and disputes between legacy and migration operations. E-commerce is the main profit driver when running a website or application.
This chapter introduces many of the activities carried out during implementation, including coding, testing, installation, documentation, user training, and support for a system after it is installed.
And implementation is neither simple nor mechanical.Systems security is also an important element of implementation and should be designed, as well as, acknowledged as an ongoing maintenance issue.We discuss the preparation of test cases and the alpha and beta testing process for the WebStore.
Compared with the tests in MSAD, the tests introduced in CISA are more for the tests that IT auditors need to perform:
1. For software testing, there are two methods,
Bottom-up: Start testing from basic units such as programs or modules, and then complete the testing of the entire operating system from bottom to top.
From top-to-bottom: The test executes the opposite test route in the search order of vertical priority or horizontal priority.
2. Data integrity test: is a set of substantive tests designed to check the accuracy, completeness, consistency and authorization of the data stored in the current system.
Relational integrity testing: performed at the level based on data elements and records.
Referential integrity test: Define the relationship between entities in different database tables maintained by the DBMS.
3. Data integrity and ACID principles of the online transaction processing system:
Atomicity, consistency, isolation, durability
4. Application system testing: including analyzing computer applications, testing computer applications, or controlling or selecting and monitoring data processing transactions. Testing control through the application of audit procedures is very important to ensure the function and effectiveness of the control
Ying Cheng says
The implementation phase of the systems development life cycle (SDLC) is the most expensive and time-consuming phase of the entire life cycle. Implementation is expensive because so many people are involved in the process; it is time consuming because of all the work that has to be completed. In a traditional plandriven systems development project, physical design specifications must be turned into working computer code, and the code must be tested until most of the errors have been detected and corrected. In a systems development project governed by agile methodologies, design, coding, and testing are done in concert, as you learned in previous chapters. Regardless of methodology used, once coding and testing are complete and the system is ready to “go live,” it must be installed (or put into production), user sites must be prepared for the new system, and users rely on the new system rather than the existing one to get their work done.
Yu Hu says
I think 3.6 is interesting because this section is related to the business applications implemented by the system . When running a website or application, e-commerce is the main profit driver. Without a safe and efficient e-commerce system, companies cannot sell their products or services. For enterprises, the security settings of these systems are critical to prevent any data from being destroyed. If customer information is leaked, this may permanently damage the company’s online and offline reputation. In addition, companies with more employees may consider having their own email domain. Again, this system must be very secure. Any hacker can send phishing emails to damage an organization’s system from the inside.
Lei Tian says
The goal of the training program is to ensure that end users are self-sufficient in the operation of the system. What I find interesting is the end user training part. It tells us that the most important key in end user training is to ensure that training is considered early in the development process and a training project plan is created. In order to develop a training strategy, an organization must appoint a training administrator who will identify users who need to be trained on their specific job functions.
Yijing Zhan says
I think 3.5.5 is interesting to me because this section introduces the role of auditors in information systems. It auditors need to participate in the review “testing” stage and perform the following tasks: Check the completeness of the test plan; show evidence of user participation and consider re-running key tests; coordinate control of total volume and conversion data; review error reports to ensure the accuracy of identifying incorrect data and resolving errors; verify the correctness of cycle processing (Month-end, year-end processing, etc.); verify the accuracy of key reports and outputs used by management and other stakeholders; visit the end users of the system to let them understand the new methods, procedures and operating instructions; review the system and End user documentation to determine its completeness and verify its accuracy; check the accuracy of parallel test results; verify whether the system security meets the design requirements through development and execution of access tests; review unit and system test plans to determine whether to plan And implemented internal control tests; audit UAT to ensure that the accepted software has been delivered to the implementation team. Suppliers should not be able to replace this version; review procedures for recording and tracking error reports.
Chang Cui says
System implementation is made up of many activities. The six major activities we are concerned with in this chapter are coding, testing, installation, documentation, training, and support. The purpose of these steps is to convert the physical system specifications into working and reliable software and hardware, document the work that has been done, and provide help for current and future users and
caretakers of the system.
Xiaohan Chen says
Through the reading material, I was interested in the IT auditor’s role in information systems, identifying important application system components and transaction flows through the system, and deepening the understanding of the application system by evaluating available documents and conducting appropriate personnel interviews. I think it is necessary to interview people, and it will be interesting to meet people in different positions. This is followed by the analysis of accumulated information, the implementation of appropriate audit procedures, the analysis of test results and other audit evidence, and finally the comparison of effective programming standards and analysis procedures to ensure the implementation of the information system.
Xiaomeng Chen says
Software Testing is a method to check whether the actual software product matches expected requirements and to ensure that software product is Defect free. Software testing is the process of evaluating and verifying that a software product or application does what it is supposed to do. The benefits of testing include preventing bugs, reducing development costs and improving performance.
It involves execution of software/system components using manual or automated tools to evaluate one or more properties of interest. The purpose of software testing is to identify errors, gaps or missing requirements in contrast to actual requirements.
Software Testing is Important because if there are any bugs or errors in the software, it can be identified early and can be solved before delivery of the software product. Properly tested software product ensures reliability, security and high performance which further results in time saving, cost effectiveness and customer satisfaction.
Yalin Zou says
This section relates to business applications implemented by the system. If customer information is compromised, it could permanently damage a company’s online and offline reputation. Vendor should not be able to replace this version; Process for viewing records and tracking error reports. Finally, effective programming standards and analysis procedures are compared to ensure the implementation of the information system.
Haoyu Bai says
1.Information systems implementation is when the system is installed and moved into the production environment after appropriate system and users’ acceptance testing. This is the stage at which: • End users are notified. • Data entry or conversions occur. • Training takes place. • Post-implementation reviews occur.
2. IS AUDITOR’S ROLE IN INFORMATION SYSTEMS TESTING
• Review the test plan for completeness;
• Reconcile control totals and converted data.
• Review error reports for their precision in recognizing erroneous data and resolution of errors. • Verify cyclical processing for correctness (month-end, year-end processing, etc.).
• Verify accuracy of critical reports and output used by management and other stakeholders.
• Interview end users of the system for their understanding of new methods, procedures and operating instructions.
• Review system and end-user documentation to determine its completeness and verify its accuracy during the test phase.• Review parallel testing results for accuracy.
• Verify that system security is functioning as designed by developing and executing access tests.
• Review unit and system test plans to determine whether tests for internal controls are planned and performed.
• Review the UAT and ensure that the accepted software has been delivered to the implementation team. The vendor should not be able to replace this version.
• Review procedures used for recording and following through on error reports.
Tianyu Zhang says
After reading CISA, I was interested in IS auditor’s role in information systems testing. Testing is crucial in determining that user requirements have been validated, the system is performing as anticipated and internal controls work as intended. Therefore, it is essential that an IS auditor be involved in reviewing this phase and perform the following:
1)Review the test plan for completeness;
2) Reconcile control totals and converted data.
3)Review error reports for their precision in recognizing erroneous data and resolution of errors. 4)Verify cyclical processing for correctness.
5) Verify accuracy of critical reports and output used by management and other stakeholders.
6) Interview end users of the system for their understanding of new methods, procedures and operating instructions.
7)Review system and end-user documentation to determine its completeness and verify its accuracy during the test phase.
8)Review parallel testing results for accuracy.
9) Verify that system security is functioning as designed by developing and executing access tests.
10)Review unit and system test plans to determine whether tests for internal controls are planned and performed.
11) Review the UAT and ensure that the accepted software has been delivered to the implementation team. The vendor should not be able to replace this version.
12) Review procedures used for recording and following through on error reports.
Yue Ma says
I think that the more interesting part of chapters is CISA 3.7 system change procedure and the program migration process Following implementation and stabilization, a system enters into the ongoing development or maintenance stage. This phase continues until the system is retired. The phase involves those activities required to either correct errors in
the system or enhance the capabilities of the system.
In this regard, an IS auditor should consider the following some standards, for example Whether change control is a formal procedure for the user and the development groups, and Whether the change control log ensures all changes shown were resolved.
Shengyuan Yu says
I am more interested in data migration.
When the source system and the target system are located on different hardware or OS platforms and use different file or database structures, conversion is usually required. Since the conversion process requires a lot of analysis, design and planning, it may become a project in the project.
In this easy process, you also need to pay attention to some risks, such as disrupting conventional operations, violating data security and confidentiality, conflicts and disputes between legacy and migration operations, data inconsistencies and loss of data integrity during the migration process.
Zhiyuan Lian says
System implementation is made up of many activities. The six major activities we are concerned with in this chapter are coding, testing, installation, documentation, training, and support. The purpose of these steps is to convert the physical system specifications into working and reliable software and hardware, document the work that has been done, and provide help for current and future users and caretakers of the system.
Software testing begins early in the SDLC, even though many of the actual testing activities are carried out during implementation. Define each person’s role is also important during the testing.
Zijie Yuan says
After reading the material, I am most interested in the data migration of chapter 3.7.1. The data conversion process must provide some means such as audit trails and logs which allows for the verification of accuracy and completeness of the converted data. Following factors needs to be considered during a data migration project – how long the migration will take, the amount of downtime required, and the risk to the business due to technical compatibility issues, data corruption, application performance issues, and missed data or data loss. These factors should be evaluated before migration in order to avoid migration challenges.
Xuemeng Li says
The process of testing in Information Systems Implementation is very important. The purpose of system testing is to confirm and evaluate whether the system meets the requirements. The definition is to install and move the system into the production environment after the appropriate system and user acceptance test.
Testing can help participants fix the project during development (check whether there are predictable specific language errors in the code program), instead of discovering the risk of defects in production, thereby reducing the risk. For example, the user acceptance test is the final stage of the software testing process, which is a laborious and important cycle. UAT will directly involve the direct and expected users of the software, and meeting user needs happens to ensure that the software can be applied in actual scenarios. The IS Auditor also plays a role in checking the integrity of the test plan during the testing of the information system. All in all, testing can help to prove that the functions of all parties required by the system are feasible, reasonable, and capable of fulfilling the requirements.
Yanxue Li says
I’m more interested in end-user training. The goal of a training plan is to ensure that the end user can become self-sufficient in the operation of the system. One of the most important keys in end-user training is to ensure that training is considered and a training project plan is created early in the development process. To develop the training strategy, an organization must name a training administrator. The training administrator will identify users who need to be trained with respect to their specific job functions.
Consideration should be given to the following format and delivery mechanisms: Case studies; role-based training; lecture and breakout sessions; modules at different experience levels; practical sessions on how to use the system; remedial computer training; online sessions on the web or on a CD-ROM.
Yongheng Luo says
I am interested in the role the IT auditor plays in the Information Systems Implementation. Testing is critical, so IT auditor participation is needed. IT auditor must determine whether user requirements have been validated, the system is performing as expected, and internal controls are working as expected and performing the following tasks:
Review the integrity of the test plan:Indicate evidence of user involvement, such as user-developed test protocols and/or user-signed results; Consider reconfiguring to run important tests
Check control totals and conversion data.
Review error reports to see how accurate they are in identifying incorrect data and parsing errors.
Verify the correctness of periodic processing (monthly end processing, yearly
end processing, etc.)
Verify the accuracy of key reports and outputs used by management and other stakeholders.
Interviews with end users of the system to obtain their understanding of new methods, procedures and operating instructions.
Review system and end user documentation to determine their completeness and verify the accuracy of the group phase of the test.
Review the accuracy of parallel test results.
Verify that system security is maintained as designed by developing and executing access tests
Review unit and system test plans to determine if internal coordination operations have been planned and executed.
Review the UTA and ensure that accepted software has been delivered to the implementation team. Vendor cannot replace this version.
Review procedures for recording and following up error reports
Yutong Sun says
After reading the article of System Implementation, the instersting things I found from this article are contained the following content. Initially, the first insteresting one is the information of the article tells me what the kinds of threats which organizations and the adminstrators of their system might face, Also the article shows me that the implementation of the system is not a simple phase, it is a necessary that the success of the adoption of the system is in relation to the feelings of its users, it should give a clear definition of the functions that can be helpful for the users’ works.
Yuting Yang says
After reading the material, I was most interested in data migration. When the source and target systems are on different hardware or OS platforms and use different file or database structures, conversion is usually required. The data transformation process must provide methods, such as audit trails and logs, to verify the accuracy and integrity of the converted data. There are also risks to be aware of, such as breach of conventional operations, breach of data security and confidentiality, conflicts and disputes between legacy and migration operations, data inconsistencies, and possible loss of data integrity during migration.
Dacheng Xu says
Identify important application system components and transaction flows throughout the system, and deepen your understanding of the application system by evaluating available documents and conducting appropriate personnel interviews. . Next is the analysis of accumulated information, the implementation of appropriate audit procedures, the analysis of test results and other audit evidence, and finally the comparison of effective programming standards and analysis procedures to ensure the implementation of the information system.
Shengjie Zhang says
I am interested in the software life cycle
Any software starts from the most obscure concept: design office process processing for a certain company; design a business letter printing system and put it on the market. This concept is not clear, but it is a prototype of the highest-level business requirements. This concept will be accompanied by a purpose. For example, the purpose of a “bank billing system” is to improve work efficiency. This purpose will become the core idea of the system and the criterion for judging the success or failure of the system. In 1999, government departments installed a large number of OA systems, and people who have learned a little about Lotus Notes have made a fortune (not to mention IBM), but the more general situation is that the original processing mode of many government departments has not changed. Instead, a set of automated processes is added. The original intention of improving work efficiency has led to completely different results. Is this kind of software successful?
From the moment the concept is proposed, the software product has entered the software life cycle. After experiencing requirements, analysis, design, implementation, and deployment, the software will be used and enter the maintenance phase, until it gradually dies out due to lack of maintenance costs. Such a process is called the “Life Cycle Model” (Life Cycle Model).
Lisheng Lin says
Effective and efficient development and maintenance of complex IT systems require strict configuration, change and release management processes to be implemented and followed within an organization. These processes provide systematic, consistent, and explicit control over the attributes of the IT components that make up the system (hardware, software, firmware, and network connectivity, including physical connection media lines, optical fibers, and radio frequency [RF]). Understanding the configuration status of the computing environment is very important for the reliability, availability and security of the system, as well as timely maintenance of these systems. Is auditors should understand the tools available to manage configuration, change, and release management, as well as the controls to ensure security between developers and the production environment. Configuration management involves the whole system hardware and software life cycle (from requirement analysis to maintenance) to identify, define and baseline software items in the system, so as to provide the basis for problem management, change management and release management.
Ziqiao Wang says
The implementation phase of the system development life cycle (SDLC) is the most expensive and time-consuming phase in the whole life cycle. In order to ensure the safety of the whole process, we need effective testing methods. Software testing is a method to check whether the actual software product meets the expected requirements and to ensure that the software product is defect-free. When implementing this approach, we also need to pay attention to some risks, such as breaking regular operations, violating data security and confidentiality, and conflicts and disputes between legacy and migration operations. E-commerce is the main profit driver when running a website or application.
Weiwei Zhao says
This chapter introduces many of the activities carried out during implementation, including coding, testing, installation, documentation, user training, and support for a system after it is installed.
And implementation is neither simple nor mechanical.Systems security is also an important element of implementation and should be designed, as well as, acknowledged as an ongoing maintenance issue.We discuss the preparation of test cases and the alpha and beta testing process for the WebStore.
Hang Zhao says
Compared with the tests in MSAD, the tests introduced in CISA are more for the tests that IT auditors need to perform:
1. For software testing, there are two methods,
Bottom-up: Start testing from basic units such as programs or modules, and then complete the testing of the entire operating system from bottom to top.
From top-to-bottom: The test executes the opposite test route in the search order of vertical priority or horizontal priority.
2. Data integrity test: is a set of substantive tests designed to check the accuracy, completeness, consistency and authorization of the data stored in the current system.
Relational integrity testing: performed at the level based on data elements and records.
Referential integrity test: Define the relationship between entities in different database tables maintained by the DBMS.
3. Data integrity and ACID principles of the online transaction processing system:
Atomicity, consistency, isolation, durability
4. Application system testing: including analyzing computer applications, testing computer applications, or controlling or selecting and monitoring data processing transactions. Testing control through the application of audit procedures is very important to ensure the function and effectiveness of the control