Dd1 has a detailed systems design document been

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: iew the detailed specifications and technical requirements. Documented system test plans and implementation and conversion plans should also be produced at this stage, and, in addition, a plan on how the activities in the implementation and installation phases will be coordinated. Audit Objective: To ascertain that a detailed system design is developed from the functional specification created in the general system design. DD.1 Has a Detailed Systems Design document been prepared and released? Verify that it covers at least the following: system flow and description, by function data dictionary system files system inputs, including design of forms and video screens system outputs, including design of forms, reports and video screens system interface specifications system software specifications hardware specifications communications specifications system management utility specifications audit, control, and security specifications conversion specifications Ensures that file requirements for at least the following files are being structured as per system and user requirement and the organizations data dictionary rules: master, transaction, command, programme, control, table, report, print, log, transmission. common processing module specifications Input control and output control issues like : does the application include control features, to help ensure that only specifically authorised persons can input transaction and master data into the system, such as access control matrix and logical access controls (including passwords and biometrics) are in place depending on the security needs of the organization. do audit trails and controls provide the possibility of protecting the users against discovery and misuse of their identity by other end users (e.g. by offering anonymity, pseudonymity, unlinkability or unobservability) without jeopardising the systems security. do input routines trap the userid, logon etc that permit authorised persons to identify the end user responsible for that element are controls in place to ensure that all items entered can be accounted for, such as having the system automatically attach a sequential number to each item; IT Audit Manual Volume III 81...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online