Audit Serve, Inc.

 

Technical Articles
Conferences
Audit Programs
Audit Serve Seminars
Consulting Services
Audit Vision Email Newsletter Free!
What's New
Contact Us

 

The Worldwide Connection for Audit, Security, Control and SOX Professionals

Using Software Management Products as a Checkpoint to Enforce SDLC Deliverable Compliance

By: Mitchell H. Levine, CISA
Audit Serve, Inc.

                                                              

Low Cost & Highly Skilled 
IT Audit and SOX Consulting Resources Available Immediately
Call Mitch Levine at (203) 972-3567 or 
email levinemh@auditserve.com for additional information


Software management products used across various operating platforms share common control objectives. These products provide a controlled change migration process by allowing individuals to use the product to migrate software changes to predefined libraries. Source/load integrity is maintained for all compliable type of modules by first predefining compile procedures that are to be used and then securing the libraries which store these modules. The libraries storing the changed modules are secured from changes at a specific point in the software development life cycle to allow for user acceptance testing and program integrity reviews to occur. Typically the securing of the project's software changes occurs prior to entering the user acceptance test ph ase. Depending on the organizational structure of the environment, an independent control function (i.e., Quality Assurance or Change Control Group) performs the migration of the project's modules to the user acceptance test libraries and the control process of un-securing libraries to allow changes to occur based on problems identified in the user acceptance test.

By having an independent control function to enforce the software integrity prior to the user acceptance test, this checkpoint can be used to ensure that all SDLC (Software Development Life Cycle) deliverables that are required prior to this phase have be en developed appropriately. Therefore, prior to allowing a project to enter the user acceptance test environment, the deliverables from the Analysis (i.e., Functional Specifications), Design (i.e., Design Specifications), and Construction (i.e., Program Specifications) phases and the user acceptance test plan from the Testing phase should have been completed and available for review

Based on personal experiences of spending half of my time in the last five years working as a consultant for software development groups, many projects' SDLC deliverables are created at the end of a project to meet the requirements of the compliance review which occurs at later stages of a project. Establishing a review checkpoint of these SDLC deliverables earlier in the project's life cycle ensures that these deliverables are developed to support their intended purpose.

In summary, in order to establish the SDLC compliance checkpoint the following should be in place:

Software Management Product capabilities

  • Ability to perform software migration using pre-defined libraries which does not require the development group to have update access to these libraries.
  • A function is available to allow developers to freeze (i.e., secure) an individual project's components.
  • The function of promoting the project's components to the user acceptance test can be assign to installation designated individuals.

Control/Organizational Processes

  • A separate function performs the migration to the user acceptance test environment. Project managers can also perform this function only if they themselves are not responsible for coding.

    For a free proposal to perform an audit of your organization or provide SOX support & testing services, contact Mitchell Levine of Audit Serve at (203) 972-3567 or via e-mail at Levinemh@auditserve.com.

    Copyright  2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.

    This article appeared in a past issue of the Audit Vision E-Mail Newsletter.
 
 

Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US

This website has been optimized for Netscape and Internet Explorer 4.0 and above.  Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000  All rights reserved.  27 Pine Street, Suite 700, New Canaan, CT 06840 USA.