1 / 27

Chapter 17

Chapter 17. Code Review, Test Data, and Code Comparison. Audit Evidence Collection and Evaluation. What was expected to happen / not happen? What did happen?/not happen? What type of evidence do we have? Is the evidence reliable? What is the exposure and $ of risk.

lacey
Télécharger la présentation

Chapter 17

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 17 Code Review, Test Data, and Code Comparison

  2. Audit Evidence Collection and Evaluation • What was expected to happen / not happen? • What did happen?/not happen? • What type of evidence do we have? • Is the evidence reliable? • What is the exposure and $ of risk

  3. Evidence Collection Techniques • Program Code Review • obtain program source-code listings to evaluate the quality of the program code • Test Data • design a sample of data to be executed by the program • Code Comparison • compare two versions of a program’s source or object code to determine if attributes are common

  4. Where Do Program Defects Occur? Tentative Conclusions • a small number of program modules will have a large number of faults • Requirement specifications and design errors are as prominent as coding errors • Design errors relate to interface problems with users

  5. Objectives of Code Review • Identify erroneous code • Identify unauthorized code • Identify ineffective code • Identify inefficient code • Identify nonstandard code

  6. Source-Code Review Methodology 1. Source Code Selection 2. Review Programming Standards 3. Understand the Program Specifications 4. Obtain Source Code 5. Review Programming Language Used 6. Review Source Code 7. Formulate Flaw Hypotheses

  7. Review Source Code

  8. COBOL Reserved Words Select If Redefines Go To Open/Close Go To…Depending On File Status Perform…Until Invalid Key Search/Search All Accept Inspect Display Evaluate…When Copy Call

  9. Benefits & Costs of Code Review • Primary Benefit • provides a level of detailed knowledge about a program that auditors will find difficult to acquire using other evidence-collection techniques • Primary Disadvantage • Cost

  10. Black-Box Test-Data Design Methods • user interface errors • errors in interfacing w/ external systems or databases • efficiency problems • initialization errors • termination errors

  11. Equivalence Partitioning • The objective during test-data design is to select a test-data design element that falls within the class and one that falls outside the class.

  12. Decision Tree for Test-Data Design

  13. White-Box Test-Data Design Methods • Focus is on whether defective execution paths exist in a program • Primary goal is to identify the control structure underlying the code • full statement coverage • full branch coverage • full path coverage

  14. Fig 17-8

  15. Loop Testing • Tested as part of a basis path testing strategy • Types of Loops • Simple loops have no other loops embedded within their control structure • Nested loops have other loops embedded within their control structure

  16. Automated Aids • Test data/file generators • Test capture/playback tools • Test coverage/execution path monitor tools • Test drivers/harnesses • Test output comparators • Static analyzers

  17. Benefits & Costs of Test Data • Major Benefit • allows auditors to examine the quality of program code directly • Major Disadvantage • often time-consuming and costly

  18. Program Code Comparison • Provides some assurance that the correct version of software is being audited • Provides some assurance that any software used as an audit tool is the correct version of the software

  19. Types of Code Comparison • Source-code Comparison • software provides meaningfullisting of any discrepancies between two versions of source code • Object-code Comparison • software provides listing of any discrepancies between two versions of source code (does not identify nature and cause of discrepancies)

  20. Benefits & Costs of Code Comparison • Primary Benefit • easy was of identifying changes made to programs • neither costly to purchase nor to execute • Primary Cost • does not provide any evidence directly on the quality of the code being compared

More Related