Explain the process for auditing system development.

AUDITING SYSTEM DEVELOPMENT

Auditing system is a crucial component of each company. It is essential to meet the objectives
like assurance, compliance and so many others. The auditing system can be either manual or
computer aided. With the manual auditing system the development must include planning the
audit, determine audit objectives, map systems and data flows, identify key controls, understand
application’s functionality, perform applicable tests, avoid/consider complications, include
financial assertions ,consider beneficial tools and complete the report. But however, with
computer aided auditing the System Development Life Cycle with a corresponding method has to
be chosen.

Overview of SDLC
SDLC is a process followed for a software project, within a software organization. Consists of a
detailed plan describing how to develop, maintain, replace and alter or enhance specific software.

Software Development Life Cycle (SDLC) is a process used by the software industry to design,
develop and test high quality software.

Waterfall

A cascade SDLC model, in which development process looks like the flow, moving step by step
through the phases of analysis, projecting, realization, testing, implementation, and support. This
SDLC model includes gradual execution of every stage completely. This process is strictly
documented and predefined with features expected to every phase of this software development life
cycle model.

Iterative

Does not need the full list of requirements before the project starts. The development process may tart
with the requirements to the functional part, which can be expanded later. The process is repetitive,
allowing to make new versions of the product for every cycle.

Spiral

It is a combination of the Iterative and Waterfall SDLC models with the significant accent on the risk
analysis. The main issue of the spiral model – is defining the right moment to make a step into the
next stage.
V-shaped

This is a very strict model and the next stage is started only after the previous phase. This is also
called “Validation and verification” model. Every stage has the current process control, to make sure
that the conversion to the next stage is possible.

Agile

Separate the product into cycle and Agile delivers working product very quickly.

Big Bang

Removing most of its resource at development and Big Bang work best for small project.

Auditor's involvement in SDLC

i) Plan
Auditors are often called on to provide expertise in evaluating the feasibility of projects
during the planning process As auditors, must examine the systems planning phase of the
SDLC since careful systems planning helps to prevent unnecessary development costs .A
careful system planning is a cost-effective activity in reducing the risk of creating unneeded,
unwanted, inefficient and ineffective systems

ii) Analyse
The auditor’s expertise makes them important players in the design of a good well-controlled
system. Internal control standards Audit trail requirements External reporting requirements
Double entry system

iii) Design
Making sure that the current system’s weak points are eliminated while preserving its
strengths Conceptual system (able to adhere to the double entry rule), and the systems
professionals are responsible for the physical system. If important accounting considerations
are not conceptualized at this point, they may be overlooked and expose the organization to
potential loss. The audit ability of a system depends in part on its design characteristics

iv) Develop
v) Implement
Auditors implement the newly designed system Conducting follow up studies. Acquiring
resources for the new system training new or existing employees to use it. Companies
 conduct follow up studies on an on-going basis in order to determine whether the new system
is successful and, of course, to identify any new problems with it.
vi) Maintain

IS standard and guidelines on SDLC.

i) System Initiation
ii) System Requirement Analysis
iii) System Design
iv) System Implementation
v) System Testing & Acceptance
vi) System Construction (Procurement)
vii) System Maintenance