Makumoney Ltd. is a financial services firm offering a wide range of products and services to its
Question:
Makumoney Ltd. is a financial services firm offering a wide range of products and services to its customers. It relies heavily on its information systems to provide up-to-date advice to its customers and to keep abreast of changes in the financial services marketplace, especially new products that might appeal to its customers. Given the volatility of the marketplace, Makumoney spends approximately 70 percent of its information systems budget on maintaining its existing information systems.
You are the senior information systems auditor in a firm of external auditors, and your firm has just won the tender for the audit of Makumoney Ltd. Given the material expenditures of Makumoney on information systems maintenance, during your first interim audit work you interview the programming manager about the procedures in place to undertake maintenance work on programs. She informs you that the following procedures are used:
a. Requests for maintenance to a program must come from users, although users might be acting on the advice of the information systems staff who support their systems. All requests are made on a standard form and submitted to her.
b. Unless the requests are urgent, each week she reviews them and prepares a report for the user who requested the maintenance indicating how much it will cost and the time frame in which the maintenance can be undertaken. She seeks the advice of the programmer with most knowledge of the program to cost the proposed maintenance. Providing the user who requests the maintenance is willing to meet the cost from their budget, the maintenance is then scheduled. She prepares a formal approval of maintenance, which must be countersigned by the user requesting the maintenance before work can proceed.
c. Each month she prepares a report for the vice president of information systems summarizing what maintenance work is being undertaken and the status of the work. The vice president uses this report to brief the information systems steering committee on any matters that may be of interest.
d. When the maintenance work is approved, the programming manager assigns a programmer to do the work. Where possible she chooses the programmer who is most familiar with the program to be modified to undertake the maintenance work. When the programmer has been assigned, she authorizes the operations manager to establish a test copy of the program under the programmer's account.
e. The programmer who undertakes the work is responsible for testing the program and notifying the programming manager when the program is ready for production release. The programming manager then reviews the work undertaken by the programmer to ensure it complies with the quality standards that have been established to govern programming work.
f. When the programming manager is satisfied with the maintenance work, she formally asks the user who requested the maintenance to undertake their own tests of the modified program. Occasionally these tests identify problems with the maintenance work, and the programmer corrects the program accordingly, g. When the person who requests the change is satisfied with the maintenance work, he or she signs an acceptance form. The programming manager then authorizes the operations manager to release the test version of the program into production use.
When you ask the programming manager whether she is satisfied with these procedures, she indicates she believes they work well. She argues they allow timely maintenance, which is important in a firm like Makumoney. Moreover, she points out the person who requests the maintenance must accept full responsibility for the maintenance because they must pay for the maintenance as well as carry out tests on and sign off on the work. Although users sometimes become disgruntled about the extent of the responsibility they must bear, she believes they nevertheless perceive the information systems department as being responsive to their needs.
Required. To what extent will you rely on controls over program maintenance in planning the remainder of your audit work? Justify your position. What tests of controls, if any, would you undertake?
Step by Step Answer: