Bank Holding Corporation
Essay by 24 • November 26, 2010 • 879 Words (4 Pages) • 1,255 Views
What could happen should there be no control in the systems development and systems maintenance? A properly functioning systems development process ensures that only needed applications are created, that they are properly specified, that they possess adequate controls, and that they are thoroughly tested before being implemented. The systems maintenance process ensures that only legitimate changes are made to applications and that such changes are also tested before being implemented. These processes establish the accuracy of the new applications and preserve their integrity throughout the period. Thus, if the auditor can verify that the processes mentioned are effectively controlled, the auditor can limit the extent of application controls and substantive testing that needs to be done. This is why controls are very important during the systems development and systems maintenance.
In a worst-case scenario wherein there is no control existing or whatsoever, two serious forms of exposures are cited by John Hall:
* Access to programs is completely unrestricted. Programmers and others can access any programs stored in the library, and there is no provision for detecting an unauthorized intrusion.
* Because of these control weaknesses, programs are subject to unauthorized changes. Hence, there is no basis for relying on the effectiveness of other controls (e.g. maintenance authorization, program testing, and documentation). With no provision for detecting unauthorized access to the SPL (Source Program Library), program integrity cannot be verified.
Given the company's very nature - a bank - data integrity is a must. Without the proper controls implemented, data quality is sacrificed. The very role of an auditor in the SDLC is defeated.
Why are accountants and auditors involved with SDLC or Systems Development Life Cycle? The role of Ms. Johnson in the SDLC is vital. The SDLC is of interest to her particularly for two main reasons: the creation of an information system entails significant financial transactions and second is that accountants and auditors are with the nature of the products that emerge or are produced by the SDLC. Her characterization of the role as internal auditor is but normal in the entire cycle. The only problem is that she is newly appointed as the head of the internal audit department. At the very start of the SDLC, the auditor must be involved. The recommendations she raised in the memo she submitted to the Operating vice Presidents of Subsidiary Banks is just a reiteration of her very role in the SDLC.
The SDLC is like a manufacturing process, as described by John Hall, which produces a complex process through a series of stages. The transactions must be planned, authorized, scheduled, accounted for, and controlled. The role of Ms. Johnson is to ensure the integrity of the process because everything that is involved in the development has financial resource implications. Another is that the quality of accounting information rests directly on the SDLC activities that produce accounting information systems. These systems are used to deliver accounting information to internal and external users. The responsibility of Ms. Johnson is again to ensure that the systems employ the proper accounting conventions and rules, and possess adequate controls. The concern here again is the quality of the process that produces the accounting system.
Thus in every step of the SDLC, the accountant has roles to play. The recommendations of Ms. Johnson during the System Planning, User Specification, Technical Specifications,
...
...