Chapter 5 Programming Management Controls Programs could be time bombs How much we we know about programs? How much do we trust programs?
How people make programs? The Life Cycle Planning Control Design Coding Testing Operation and maintenance
Program Complexity Risk Factor Use formula Use of algorithmic models Expert Judgment Analogy Top-down Bottom up
Systems subsystems systems subsystems ….
Good Design= Good Controls See Table 5-2 Can you Audit your spread sheet? What are macros? Coding: Top down, high level module first Bottom down, low level module first Threads, order of functionality No documentation = inviting danger!
How much should we know about programming? till you are sure
IS Auditors always do testing Decide boundaries of test Goals of test (this should come first!) Type of test, stupid black box test Conduct the test Evaluate results Document the test
Types of test varies with your case and ability Desk checking, examine module codes Examine structure and walk thoroughs Design and code inspection Big bang vs. incremental(subset testing)
Whole Program Testing Function testing, does it work? Performance test, fast enough Acceptance test by non- programmers Installation test, does it run on XYZ computer and network?
Programming control measures See page 183, items 1-7
Weak Programming Controls Invites: