Page 49 - ITGC_Audit Guides
P. 49
Multiple service providers. Working with multiple software service providers may further
complicate data management as information flows from one application to another.
The following risk factors, related to application changes, are categorized by three root causes:
informal methodology, incorrect logic, and increasing volatility. Addressing the root cause may
correct symptomatic exceptions and promote remediation:
Informal Methodology/Ad Hoc Changes
Unrealistic ROI expectations inhibit submission of emerging ideas.
Ambiguous system requirements.
Changes applied to the wrong version of source code.
Recurring changes to the same program/application.
Delays in delivery of the solution.
Unconsidered inter-relationships during an emergency change.
Lack of user involvement during testing.
Lack of user review and diligence subsequent to applying the change.
Incorrect/Poor Logic Designed into Programs
Business-critical applications that are changed in-house as an interim fix.
Errors introduced as a result of delivering a change based on an incomplete understanding of
the solution.
Unrestricted access to source code.
Lack of change control and monitoring tools.
Insufficient testing.
Increasing Volatility of the Application
Growing frequency of changes and interruptions in service due to maintenance (applications
that change every week).
Growing volume of changes (applications that draw the most maintenance).
Increasing the quantity of key reports, and the changes made to key reports.
The number of emergency changes that occur.
41 — theiia.org
