Audit Serve, Inc.

The Premier Audit, Security and Sarbanes-Oxley Consulting Company

Alternative Project Initiatives for 
Controlling the UAT Environment 
 (Part 2 of 2)

By: Mitchell H. Levine, CISA
Audit Serve, Inc.

                                                             

Low Cost & Highly Skilled 
IT Audit and SOX Consulting Resources Available Immediately
Call Mitch Levine at (203) 972-3567 or 
email levinemh@auditserve.com for additional information

The first article in this series discussed UAT control initiatives which related to security access controls to preserve the integrity of the UAT test and the enforcement of SDLC requirements to perform UAT Testing. 

Quality UAT Environment

The most important project initiative for the establishment of the UAT environment is to provide a quality UAT environment to support the type of testing performed by an organization. This requires an analysis to be performed to identify the type of test being performed by the various business areas. One might think that test requirements are defined at an application level but business functions to be tested could cut across multiple applications. An inventory should be established of the business processes which require testing which is prioritized based on risk and the frequency of changes. These business processes should then be tied to the application which they utilize.

The type of testing required for each business process also needs to be defined. If the application is making frequent complex changes which can only be validated through the execution of a batch report, then an
integrated test environment needs to be supported. If the business processes are laden which extensive data interfaces then the test environment would need to extend through these interfaces.

An additional critical decision is whether an investment will be made to construct a regression test environment in which predefined transactions are established which represent the critical processing paths which is saved in a manner in which it can be restored. In this way, once a change is made to an application, the same test data can be used to ensure that the application functions as intended.

During an audit, an assessment should be made as to whether the test environment meets the requirements of the business. This would require the same analysis as described above.


Test Coordination

The UAT environment is intended to be used by the user community and should not be an extension of the developers test environment. However,  in many cases, multiple software changes would need to be tested at the time.  These multiple software changes could involve testing of data which could conflict with other changes being tested. In addition, one software change may need to have a data refresh (i.e., either from production or from the
regression test bed). These type of decisions needs to be coordinated otherwise someone's test could be impacted. For a large organization, it is common to have a test coordinator to perform these types of coordination activities with all possible impacted areas. Not having the right person to approve UAT data refreshes could lead to disastrous results.

Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US

This website has been optimized for Netscape and Internet Explorer 4.0 and above.  Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000  All rights reserved.  27 Pine Street, Suite 700, New Canaan, CT 06840 USA.