Case:
One of the firm's audit partners, Alice Goodwin, just had lunch with a good friend, Sara Hitchcock, who is president of Granger Container Corporation. Granger Container Corp. is a fast-growing company that has been in business for only a few years. During lunch, Sara asked Alice for some advice and direction on how Granger Container should structure its systems development process within the Information Systems Department. Sara noted that because Granger has experienced such tremendous growth, the systems development process has evolved into its current state without much direction. Given Granger Container's current size, Sara questions whether their current processes are reasonable. Sara's concern is magnified by the fact that she has little understanding of information systems processes. Alice told Sara about your information systems evaluation experience and agreed to have you look at Granger Container's current systems development procedures. Sara gave Alice the following summary of the current processes:
Eric Winecoff is the information systems manager at Granger Container and has been at the company for 3 years. Before becoming an employee, Eric provided software consulting services for Granger Container. Granger Container purchased a basic software package from Eric's former employer. Granger Container has the capability to make extensive modifications to the purchased software to adapt the software to Granger Container's specific business needs. Program change requests are initiated by either the operations staff (two employees) or the programming staff (two employees), depending on the nature of the change. All change requests are discussed in Eric's office with the initiating staff. Based on that discussion, Eric provides a verbal approval or denial of the requested change. For approved projects, he encourages the programmers to visit with him from time to time to discuss progress on the projects. Eric's long and varied experience with this particular software is helpful in the evaluation of work done, and he is able to make substantive suggestions for improvement. Eric has complete faith in his programmers. He believes that if he controlled their activities too carefully, he would stifle their creativity. Upon completion of the technical programming, Eric reviews the programs and related systems flowcharts. Eric only rarely identifies last-minute changes before granting his final approval for implementation. One evening a week is set aside in the computer room for program debugging and testing. The programmers stay late on those evenings so that they can load the programs themselves. To speed up the coding, debugging, and testing process, the programmers work with the actual production program. As a safeguard, however, testing is done on copies of the data files. The original data files are locked carefully in the file storage room. Eric is the only person who has access to the room. When program changes are tested to the satisfaction of the programmers, Eric reviews the test results. If he approves the test results, he personally takes care of all the necessary communications and documentation. This involves preparing a short narrative description of the change, usually no longer than a paragraph. A copy of the narrative is sent to the user. Another copy is filed with the systems documentation. When the narrative is complete, Eric instructs operations to resume normal production with the new program.
Required:
a. Describe controls in Granger Container's systems development and program change processes.
b. Describe deficiencies in Granger Container's systems development and program change processes.
c. Provide recommendations for how Granger Container could improve its processes.