Testing and evaluating the program development controls is essential as part of the overall ITGC framework. For Sarbanes Oxley, program development mainly refers to new systems and applications being developed are authorized, tested, approved, properly implemented and documented. Some of the program development controls that should form part of testing are included below. Though the list below is only indicative, and there may be more controls depending upon the IT environment.

1. SDLC is followed for development of new systems used in financial reporting.
2. All systems developed are tested throughly before being put in production environment.
3. All systems developed are approved by the senior business management.
4. User acceptance testing UAT is done for new systems before the same are rolled out.
5. Controls which are affected as a result of design and implementation of new systems are modified to reflect such changes.
6. Data migrated to newly developed systems is tested.
7. User trainings are conducted as part of the new system implemntation.
8. New systems and programs are restricted from unauthorized access in the production instance.

Related Posts

Sarbanes Oxley Policies and Procedures
Sponsorship for Internal Audit SOX
Testing Protocols for Sarbanes Oxley 404
Corporate Governance Best Practices