This book provides guidelines for the EDP auditor working on a software maintenance project. The focus is on the importance of software maintenance activities and their associated risks and exposures, how to allocate audit resources while taking into account these risks and exposures, and effective auditing procedures.
This book is organized into four parts: Part 1 (four chapters) describes the data processing environment in which software maintenance activities are performed; Part 2 (two chapters) provides control guidelines for auditor purposes; Part 3 (six chapters) describes auditing methods and procedures for auditing software maintenance; and Part 4 (three chapters) assesses the future direction of the software maintenance environment and the resultant auditing approaches.
The book adequately fulfills its basic purpose and has convinced me that the topic of auditing the maintenance of software deserves more attention than it is usually given--a chapter, or less, in a book on auditing software. The book is well written and the material is technically sound. The writing style makes the material being discussed interesting, which is sometimes difficult to do when the topic is maintenance or auditing. The major criticism I have is that Part 2, Control Guidelines, should be longer than 28 pages. There should be more discussion about controls rather than an enumeration of the types of controls. Also, more references should be included to allow the reader, whether programmer or auditor, to be directed to more detailed coverage of the material. This book is definitely worth reading, especially for the internal auditor who is new to the maintenance aspects of software.