Comprehensive Audit Plan : ACC 574 Assignment 5

Comprehensive Audit Plan :  ACC 574 Assignment 5

Make recommendations on the requirements for the feasibility study and discuss the Pros and cons for the design of SDLC with a recommendation for an optimal time frame for each stage.

A feasibility study is a basic audit procedure that helps the organization in compliance and preparation of a final audit. A feasibility study answers the basic question; can it be accomplished given the current resources? The feasibility study enables the management to determine all the resources necessary for the accomplishment of the tasks and the viability of the project (Kendall, & Julia, 2005). The following are the basic requirements for a feasibility study.

  • Analysis of the existing information system

For an organization to develop a new and advanced system, the existing system must be analyzed in detail in order to identify its weaknesses in detecting and averting fraud. The crucial thing in this step is for the team to comprehensively review the interactions of the existing system with users, hardware and software and how the system inputs data and outputs the same in a readable manner. All these details should be documented for further analysis.

  • Requirements of the various stakeholders

The feasibility study should address the needs of the concerned parties. The requirements of the new system should answer the expectations of the various stakeholders such as management, shareholders, owners and others. The system analyst must thoroughly assess the operating environment for the new system. Thus, the analyst must understand the structure of the business, nature of the business, management, the people as well as existing information system.

  • The potentiality of the new system

The feasibility study must also incorporate the expected benefits, goals and objectives to be met in using the new system. The feasibility study must describe the expected results of the new system. In this part, the feasibility study should describe the new security enhancements, storage capabilities, interface improvements and storage capabilities of the new system. This part is essential as it is used by the committee as a basis for making judgment on whether to proceed with the implementation.

Implementation stages and timeline

System investigation

This is the initial phase of the SDLC. This phase basically involves identification of a need for a new system and the necessary documentation of its role. The need for a new system may be proposed by the IT team or the new management in the organization. In this phase, the goals of the project are clearly defined, in addition to requirements needed for information security. At this stage also, security concerns are thoroughly assessed. The new system should be able to avert any attacks and ensure smooth integration of the old and the new system (McLeod, & Sumner, 2004).

Related paper: Assignment: 4 Emerging Auditing Issues

System analysis

System analysis is basically an investigation of the current system in a bid to identify problems or shortcomings with the current system. This phase involves identifying the specific problems with the current system to be solved. For example, all the areas identified as weak in previous audits are thoroughly assessed. In system analysis, a thorough investigation of the current information system is conducted identifying the various activities, products and resources it entails. In addition, the organization’s information requirements are assessed. System analysis should be conducted in a period of one month (McLeod, & Sumner, 2004).

System design

In the system analysis phase, the major aim is to describe what the new system should accomplish for users. On the other hand, the system design stage describes how the new system will accomplish the goals identified. In system design, the technical specifications or aspects of the system are identified. This may involve developing the necessary process diagrams, screen layouts, and description of all operations in detail. This stage should take two months (McLeod, & Sumner, 2004).

System construction and testing

This stage involves the actual creation of the system.  In this stage, all the required programs are created including the codes and the necessary documentation. After the successful creation, the system is tested to evaluate its accuracy. Testing enables shortcomings in the new system to be fixed. If there are no errors in the system, the project continues to the implementation stage. This stage should take four months.


This is the most important phase of the project. In this phase, the necessary software is acquired and installation completed. User training is also conducted to all the staff and other users. Training is conducted to the system support staff and other end users interacting with it. Implementation of the new system should take three months to complete (McLeod, & Sumner, 2004).

System maintenance

This is the final stage in the SDLC. This involves monitoring the new system, constant evaluation and making modifications to the system. The stage involves improving the new system to the needs of the business, which often entails changing the original system specifications. System maintenance should be conducted on a yearly basis (McLeod, & Sumner, 2004).

Benefits of the waterfall method

  • The method facilitates early detection and rectification of errors.
  • Implementation of the model is less costly compared to other models.
  • The model has definite starting as well as end points unlike other models such as the spiral model.
  • Since each phase must be completed before proceeding to the next, it encourages meeting of set deadlines.
  • Each stage is unique and teams often ensure they perfect on each before proceeding to the next.

Disadvantages of the waterfall method

  • The model does not offer room to amend mistakes in previous stages because when a particular stage is complete the focus is on the preceding one.
  • Individuals involved in other phases are often idle as they await the work to progress to the phase they are assigned to.
  • It is often difficult to estimate the amount of time each phase will take.
  • The model is inflexible as any changes needed in the system means that all the stages must be repeated (Kendall, & Julia, 2005).

Make recommendations for the optimal computer operating system to address the emerging issue

The optimal computer operating system for to address the financial misstatements is IBM AS/400. The IBM AS/400 is effective software especially in preventing unauthorized access. In large organizations, IBM AS/400 is more effective because users are given different menus under in the operating system (Moeller, 2005). In addition, users are often required to change their logon codes. In small organizations, users have the same general menu, and are less likely to change their logon codes. An optimal computer operating system should be able to secure passwords and offer distinct menu systems that can hardly be compromised (Cannon, 2008). Small business organizations have an additional challenge in regularly updating the operating system and related software to the latest releases. Lack of regular system upgrade may compromise the reliability of such as a system, making it vulnerable to attacks (Cannon, 2008). Large organizations regularly update their operating systems and other software hence they are able to maintain security of data and other important information.

Related paper : PwC Audit Scandal and Fraud ACC 574

The IBM AS/400 has a number of security features that enable prevent fraud especially the type of fraud perpetrated by dishonest employees (Moeller, 2005). The operating system is equipped with a number of features that enhance its security level.  The system offers a variety of password format options that enhance password security. For instance, the password characters must be more than five and users cannot be able to reuse their previous passwords. In addition, a single character cannot be repeated more than once. The operating system can be programmed in such a way that a user cannot be able to carry out tasks at different workstations (Moeller, 2005). This means that an employee can only be able to carry out duties on the workstation assigned to him or her only. The system is also designed to limit the number of attempts a user can make while logging on the system to utmost three. Lastly, the operating system can be set to audit specific areas that are considered high risk in an organization. The operating system contains more than 14 parameters that can be used to analyze high risk areas in an organization (Moeller, 2005).


Cannon, D. L. (2008). CISA: Certified information systems auditor study guide. Indianapolis,       Ind: Wiley Pub.

Kendall, K., and Julia, K. (2005). Systems Analysis and Design. 6th ed. Englewood Cliffs, NJ:     Prentice-Hall.

McLeod, R., and Sumner, G. S. (2004). Management Information Systems. 9th ed. Englewood     Cliffs, NJ: Prentice-Hall.

Moeller, R. R. (2005). Brink’s modern internal auditing. Hoboken, N.J: John Wiley & Sons. Inc.