CHAPTER TWENTY-ONE

Audit and Control of Purchased Packages and Services

THIS CHAPTER LOOKS at the audit and control of purchased packages to introduce those elements critical to the decision taken to make or buy software. This includes a knowledge of the systems-development process and an understanding of the user’s role in training required so that the outsource decision on the factors surrounding it may be made to best effect.

Application software may come from a variety of sources including external software suppliers as well as internal development, and in today’s environment as many as 60 percent of implemented systems are packages.

At the conclusion of the system-design stage, the organization possesses complete specifications for both the logical and physical design of the proposed information system and should have selected the business design that best meets the organization’s needs. The make-or-buy decision must now be made depending on a variety of criteria including time constraints, skills availability, costs, and support capabilities. Vendors of possible systems will be furnished with a request for proposal (RFP) detailing the functional and performance requirements of the business system so that an alternative may be costed and evaluated. Sometimes, during this stage, as proposals from vendors are solicited and evaluated, new information becomes available to the organization that modifies its criteria for system selection.

In many cases, a standard package, combined ...

Get Auditor's Guide to IT Auditing, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.