Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Systems Under Development (Audit Guide) - March 1, 1991


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.


Appendix E: Audit Program for the Detailed Design Stage

Stage: 4. Detailed Design

Objective: 4.A To ascertain that a detailed system design is developed from the functional specification created in the general design.

Criterion: 4.A.1 Programming specifications are addressed in a Detailed System Design Report or similar document.

Audit Step: 4.A.1.1 Has a Detailed Systems Design document been prepared and released?

Y N N/A Comments XREF
         

Audit Step: 4.A.1.2 Verify that it covers at least the following:

  • system flow and description, by function
  • data element dictionary
  • system files
  • system inputs, including design of forms and video screens
  • system outputs, including design of forms, reports and video screens
  • system interface specifications
  • system software specifications
  • hardware specifications
  • communications specifications
  • system management utility specifications
  • audit, control, and security specifications
  • common processing module specifications
  • conversion specifications
Y N N/A Comments XREF
         

Audit Step: 4.A.1.3 Review system specifications for each application within the system for clarity, completeness, and consistency.

Y N N/A Comments XREF
         

Audit Step: 4.A.1.4 Review flow charts, decision tables, or narratives to assess the reasonableness of program logic incorporated in applications.

Y N N/A Comments XREF
         
Criterion: 4.A.2 The accuracy and completeness of Detailed System Design specifications has been acknowledged by the appropriate level of user and Data Processing management.

Audit Step: 4.A.2.1 Has the Detailed System Design document been reviewed by the Steering Committee/Sign Off Authorities? Have they signified acceptance? Note any conditional acceptance for follow-up in later stages.

Y N N/A Comments XREF
         
Criterion: 4.A.3 The data dictionary/directory has been updated to reflect the contents of the Detailed System Design document.

Audit Step: 4.A.3.1 Has the data dictionary/directory been updated to contain the detailed system specifications?

Y N N/A Comments XREF
         
Criterion: 4.A.4 Testing has been addressed in a Test Plan or similar document.

Audit Step: 4.A.4.1 Has a program and system test plan been developed and released?

Y N N/A Comments XREF
         

Audit Step: 4.A.4.2 Verify that it covers at least the following both for program and system testing, and for volume and operational testing:

  • overview of the software to be tested, including vendor software and conversion software and the work environment it operates in
  • test schedule
  • locations, including any special travel and accommodation requirements
  • materials and supplies including equipment, software, storage facilities (magnetic and physical), personnel, documentation, test input, sample output, and special forms
  • training requirements
  • list of user requirements to be tested
  • list of operational requirements to be tested
  • overview of test progression
  • description of the test to be performed on each requirement including the type of input to be used, the method for recording results, constraints such as equipment or personnel availability, evaluation criteria and any data manipulation required for reporting purposes
Y N N/A Comments XREF
         

Audit Step: 4.A.4.3 Compare the information included in the test plan with one of the following standards or guides:

  • The Institute for Electrical and Electronics Engineers System Test Plan Standard and Unit Test Plan Standard.
  • Auerbach's A Standard for Testing Application Software.
Y N N/A Comments XREF
         
Criterion: 4.A.5 The accuracy and completeness of the Test Plan has been acknowledged by the appropriate level of user and by Data Processing management.

Audit Step: 4.A.5.1 Has the Test Plan document been reviewed by the Steering Committee/Sign Off Authorities?

Y N N/A Comments XREF
         
Criterion: 4.A.6 The testing covers all user requirements.

Audit Step: 4.A.6.1 Are all of the items in the User Requirements document being tested? Appropriate tests may include: walk throughs, simulations and prototypes. Where items are not being tested, check that a suitable explanation has been provided and accepted by the Steering Committee/Sign Off Authorities.

Y N N/A Comments XREF
         
Criterion: 4.A.7 All required skills continue to be available to the project.

Audit Step: 4.A.7.1 Do the skills of the staff being employed on the project (as Team Members or Steering Committee/Sign Off Authority members) continue to meet the requirements specified in the Personnel Skills Summary?

Y N N/A Comments XREF
         
Criterion: 4.A.8 Dates for Committee meetings and the items to be discussed at each meeting continue to be addressed in a Steering Committee Meeting Schedule or similar document.

Audit Step: 4.A.8.1 Has a Steering Committee Meeting Schedule document been prepared and released to all interested parties including EDP and user management?

Y N N/A Comments XREF
         

Audit Step: 4.A.8.2 Attend or review the minutes of the Committee meetings and note the following: - EDP and user management representatives attended each meeting, and - meetings are held regularly.

Y N N/A Comments XREF
         
Criterion: 4.A.9 The status of the project compared to the budget and schedule contained in the General Design Stage Status document has been addressed in a Detailed Design Stage Project Status Report or similar document.

Audit Step: 4.A.9.1 Has a Detailed Design Stage Status document been prepared and released.

Y N N/A Comments XREF
         

Audit Step: 4.A.9.2 Verify that the status document contains at least the following:

  • actual resources used to date, compared to planned, with reasons for variance
  • actual milestones achieved to date, compared to planned, with reasons for variance
  • detailed plan for the Implementation stage, including the following activities:
    • designing the structures, logic, and flow of each system component
    • designing all data bases and files
    • estimating system performance and resource requirements and confirming that service levels will be met
    • designing conversion tools
    • coding and testing programs
    • purchasing and testing vendor software
  • integrating programs into subsystems and systems
    • developing user manuals and procedures
    • developing conversion, training and operational manuals
    • conducting volume and operational tests
    • documenting programs and systems
    • updating project plans and budgets
    • updating the cost/benefit analysis
    • obtaining management approval
  • preliminary plan for the Installation Stage including reference to the following:
    • conversion of files
    • training
    • instruction manuals
    • redeployment of staff
    • cut-over
  • updated budget and reasons for any changes
  • updated schedule and reasons for any changes
  • updated cost/benefit analysis
  • recommendation to continue or discontinue the project
Y N N/A Comments XREF
         

Audit Step: 4.A.9.3 Verify actual resource use in source documents.

Y N N/A Comments XREF
         

Audit Step: 4.A.9.4 Verify that the updated budget and schedule are in keeping with the updated cost/benefit analysis.

Y N N/A Comments XREF
         

Audit Step: 4.A.9.5 Verify the updated cost/benefit analysis against the cost/benefit analysis from the previous stage and from source documents.

Y N N/A Comments XREF
         

Audit Step: 4.A.9.6 Does the updated cost/benefit analysis take into consideration the human resource impact requirements?

Y N N/A Comments XREF
         
Criterion: 4.A.10 The accuracy and completeness of the Detailed Design Stage Status document and agreement with it has been acknowledged by the appropriate level of user and by Data Processing management.

Audit Step: 4.A.10.1 Has the Detailed Design Stage Status document been reviewed by the Steering Committee/Sign Off Authorities and have they signified an acceptance of it?

Y N N/A Comments XREF
         
Criterion: 4.A.11 A human resources impact analysis has been performed.

Audit Step: 4.A.11.1 Has a human resources impact analysis been performed?

Y N N/A Comments XREF
         

Audit Step: 4.A.11.2 Have the results from the analysis been reviewed by the Steering Committee/Sign Off Authorities?

Y N N/A Comments XREF
         

Objective: 4.B To ensure that the data processed and stored by the system is complete, accurate and authorized.

Criterion: 4.B.1 Processing control techniques outlined in the Processing Controls Specifications Report have been included for testing in the Test Plan or similar document.

Audit Step: 4.B.1.1 Has a Test Plan been prepared and released?

Y N N/A Comments XREF
         

Audit Step: 4.B.1.2 Verify that it addresses the control requirements outlined in the Processing Control Specifications (See objective 3.B.1).

Y N N/A Comments XREF
         

Objective: 4.C To ensure that the system will operate efficiently and effectively.

Criterion: 4.C.1 Control techniques to satisfy the requirements outlined in the System Management Controls Specifications document have been included for testing in the Test Plan or similar document.

Audit Step: 4.C.1.1 Has a Test Plan been prepared and released?

Y N N/A Comments XREF
         

Audit Step: 4.C.1.2 Verify that it addresses the control requirements outlined in the System Management Control Specifications document (see objective 3.C.1).

Y N N/A Comments XREF