Auditor's Guide to IT Auditing, Second Edition by Richard E. Cascarino

CHAPTER EIGHTEEN

Development, Acquisition, and Maintenance of Information Systems

THIS CHAPTER INVESTIGATES the development, acquisition, and maintenance of Information Systems (IS) through Information Technology (IT) project management involving the planning, organization, human resource deployment, project control, monitoring, and execution of the project plan. The traditional methods for the system development life cycle (SDLC) (analysis, evaluation, and design of an entity’s SDLC phases and tasks) are examined, as are alternative approaches for system development such as the use of software packages, prototyping, business process reengineering, or computer-aided software engineering (CASE). In addition, system maintenance and change-control procedures for system changes together with tools to assess risk and control issues and to aid the analysis and evaluation of project characteristics and risks are discussed.

PROGRAMMING COMPUTERS

Computers are electronic adding machines that are told what to do and how to add up by pre-defined instructions called programs. Commercial computers are programmed in binary (base 2) mode, which consists of 1s and 0s as shown below. In the early days of computers, programmers coded each instruction as a combination of 1s and 0s and entered these directly into the computers. It took about six months to write a fairly basic program. This was the first-generation language.

This was obviously ...