- Modules should interact with a control module rather than with each other. - To facilitate testing and modification, each module should have only one entry and exit point. 3.5 Procedures design: Individuals who interact with a newly-designed AIS need procedures to cover: - Input preparation - Transaction processing - Error detection and correction - Controls - Reconciliation of balances - Database access - Output preparation and distribution - Computer operator instructions Procedures may take the form of: - System manuals - User instruction classes - Training materials - Online help screens Procedures may be written by: Development teams, Users AND Teams representing both groups 3.6 Controls design: Improperly controlled input, processing, and database functions produce information of questionable value. Controls must be built into an AIS to ensure effectiveness, efficiency and accuracy. Controls should: - Minimize errors. - Detect and correct errors when they do occur. 4. System implementation and conversion 4.1 Systems implementation:installing hardware and software and getting the AIS up and running. Phases include: Developing a plan, Preparing the site, Installing and testing hardware and software, Selecting and training personnel, Completing documentation and Testing the system 4.2 Test the system: Inadequate system testing has contributed to the failure of systems. Trial run in realistic circumstances for: - Documents and reports - User input - Operating and control procedures - Processing procedures - Computer programs Should also test: Capacity limits and Backup and recovery procedures Verspreiden niet toegestaan | Gedownload door Ewout Vlug ([email protected])lOMoARcPSD
21 Forms of testing: - Walk-throughs - Processing test transactions - Acceptance tests Systems conversion:process of changing from the old AIS to the new. Convert: Hardware, Software, Data files and Procedures. Process complete when new AIS is routine, ongoing part of the system. Data conversion: can be time-consuming, tedious, and expense. Data files may need to be modified in three ways: - Files may be moved to a different storage medium (e.g., tape to disk). - Data content may be changed (e.g., fields added or deleted). - A file or database format may be changed. 5. Operation and maintenanceCodes on Information Security: Aimed to development of a system of generally accepted practices for dealing with information security issues from both an organizational and a technical point of view. Code serves as a management standard or as a benchmark. E.g., certification may take place on the basis of a code on information security. COBIT: Control Objectives for Information and related Technology: Sources Information security standards. The COBIT 5 Framework: - Helps enterprises create optimal value from IT by maintaining a balance between realising benefits and optimising risk levels and resource use.
You've reached the end of your free preview.
Want to read all 27 pages?
Verspreiden niet toegestaan, Ewout Vlug, door Ewout Vlug, Gedownload door Ewout