Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007 Pertemuan 16 SYSTEM IMPLEMENTATION Bina Nusantara The System Implementation Process • • • • • • • • • • Bina Nusantara Implementation approach System testing User processes and procedures Management reports and controls Problem management/reporting User acceptance testing Help desk and production support training and readiness Data conversion and data correction processes Operational procedures and readiness Security System Testing Bina Nusantara User Processes and Procedures • Should be reviewed an approved as part of acceptance testing. • User reference materials should be designed for all levels of user expertise and should instruct them on the user of the application. Bina Nusantara Management reports and controls • The development of management reports and their associated controls needs to be included within the scope of the system implementation. • The reports generated should be aligned with business requirements. • The reports should be relevant to ensure effectiveness and efficiency of the report development effort. Bina Nusantara Problem management/reporting • A problem management system should consist of audit trails for problems and their solutions, timely resolution, prioritization escalation procedures, incident reports, accessibility to configuration, information coordination with change management, and a definition of any dependencies on outside services. • The problem management process should ensure that all unexpected events (error, problems, etc.) are recorded, analyzed, and resolved in a timely manner. Bina Nusantara User Acceptance Testing User acceptance testing is a key to application controls. It ensures that the application fulfills the agreed upon functional expectation of the users, meets established usability criteria, and satisfies performance guidelines prior to being implemented into production. • Acceptance Team • Agreed Upon Requirements • Management Approval Bina Nusantara Help desk and production support training and readiness • Help desk an production support processes ensure that any problems experienced by the user are appropriately resolved in a timely manner • It should provide the ability for customers to ask questions and receive effective answers. • Help requests should be monitored to ensure that all problems are resolved in a timely manner. • All problems should be recorded with the help desk to allow for their complete analysis and resolution. Bina Nusantara Data conversion and data correction processes • Conversion is the process whereby this information is either entered manually or transferred programmatically from the old system to the new system. • A data conversion plan defines how the data is collected and verified for conversion. • Test to be performed include comparing the original and converted files and checking the compatibility of the converted data with the new system, and ensuring transactions affecting both converted and not yet uncoverted data. Bina Nusantara Data conversion and data correction processes • The data conversion process often gets intermingled with data cleanup. • Data cleanup is a process that companies embark upon to ensure that the most accurate and complete data gets transferred into the new system. • Ideally, the data cleanup effort should happen prior to the planning for data conversion. This allows the conversion programmers to focus on converting the data as opposed to coding for data differences. Bina Nusantara Operational procedures and readiness • System documentation ensures maintainability of the system and its components and minimizes the likelihood of errors. – – – – – – – Source of the data Data attributes Input screens Data validations Data selection Security procedures Description of calculations Bina Nusantara - Program design - Interfaces to other application - Control procedures - Error handling - Operating instructions - Archive, purge, & retrieval - Backup, storage, & recovery IT Disaster / Continuity Plan • IT continuity plans should be reviewed to ensure that the company plans incorporate the resources necessary to recover the new application. • Disaster recovery requirement area: – Processor requirements – Disk storage – Operating system versions • Recovery procedures related to the new application should be tested as soon as possible after it is put into production. Bina Nusantara Security • When new systems are developed, appropriate security access controls need to be developed. • The goal of application security is to safeguard information against unapproved disclosure or modification and damage or loss. Bina Nusantara