Pertemuan 16 Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007

advertisement
Matakuliah : A0214/Audit Sistem Informasi
Tahun
: 2007
Pertemuan 16
SYSTEM IMPLEMENTATION
Bina Nusantara
The System Implementation Process
•
•
•
•
•
•
•
•
•
•
Bina Nusantara
Implementation approach
System testing
User processes and procedures
Management reports and controls
Problem management/reporting
User acceptance testing
Help desk and production support training and readiness
Data conversion and data correction processes
Operational procedures and readiness
Security
System Testing
Bina Nusantara
User Processes and Procedures
• Should be reviewed an approved as part of acceptance testing.
• User reference materials should be designed for all levels of user
expertise and should instruct them on the user of the application.
Bina Nusantara
Management reports and controls
• The development of management reports and their associated
controls needs to be included within the scope of the system
implementation.
• The reports generated should be aligned with business
requirements.
• The reports should be relevant to ensure effectiveness and
efficiency of the report development effort.
Bina Nusantara
Problem management/reporting
• A problem management system should consist of audit trails for problems and
their solutions, timely resolution, prioritization escalation procedures, incident
reports, accessibility to configuration, information coordination with change
management, and a definition of any dependencies on outside services.
• The problem management process should ensure that all unexpected events
(error, problems, etc.) are recorded, analyzed, and resolved in a timely manner.
Bina Nusantara
User Acceptance Testing
User acceptance testing is a key to application controls. It ensures that the
application fulfills the agreed upon functional expectation of the users, meets
established usability criteria, and satisfies performance guidelines prior to being
implemented into production.
• Acceptance Team
• Agreed Upon Requirements
• Management Approval
Bina Nusantara
Help desk and production support training and readiness
• Help desk an production support processes ensure that any problems experienced
by the user are appropriately resolved in a timely manner
• It should provide the ability for customers to ask questions and receive effective
answers.
• Help requests should be monitored to ensure that all problems are resolved in a
timely manner.
• All problems should be recorded with the help desk to allow for their complete
analysis and resolution.
Bina Nusantara
Data conversion and data correction processes
• Conversion is the process whereby this information is either entered manually or
transferred programmatically from the old system to the new system.
• A data conversion plan defines how the data is collected and verified for
conversion.
• Test to be performed include comparing the original and converted files and
checking the compatibility of the converted data with the new system, and
ensuring transactions affecting both converted and not yet uncoverted data.
Bina Nusantara
Data conversion and data correction processes
• The data conversion process often gets intermingled with data cleanup.
• Data cleanup is a process that companies embark upon to ensure that the most
accurate and complete data gets transferred into the new system.
• Ideally, the data cleanup effort should happen prior to the planning for data
conversion. This allows the conversion programmers to focus on converting the
data as opposed to coding for data differences.
Bina Nusantara
Operational procedures and readiness
• System documentation ensures maintainability of the system and its components and
minimizes the likelihood of errors.
–
–
–
–
–
–
–
Source of the data
Data attributes
Input screens
Data validations
Data selection
Security procedures
Description of calculations
Bina Nusantara
- Program design
- Interfaces to other application
- Control procedures
- Error handling
- Operating instructions
- Archive, purge, & retrieval
- Backup, storage, & recovery
IT Disaster / Continuity Plan
• IT continuity plans should be reviewed to ensure that the company plans
incorporate the resources necessary to recover the new application.
• Disaster recovery requirement area:
– Processor requirements
– Disk storage
– Operating system versions
• Recovery procedures related to the new application should be tested as soon as
possible after it is put into production.
Bina Nusantara
Security
• When new systems are developed, appropriate security access
controls need to be developed.
• The goal of application security is to safeguard information against
unapproved disclosure or modification and damage or loss.
Bina Nusantara
Download