The Audit of The Information Technologie & Communication Projects Developed by Students

Business Informatics Speciality

            The Business Informatics speciality’s goal is to train specialists in the applied informatics in economics and oriented to the business. In Romania, there is a tradition in this area since 1964 when the faculty was established. Having in view the Information Society challenges The Business Informatics Department has permanently adapted its curricula to the society’s needs. Nowadays is a very high demand for analysts, programmers, web designers, testers, and developers.   

The Business Informatics Speciality economics train in domains such are Information Technoligie&Communication, economics informatics, micro- and macro-economics statistical analysis informatization, mathematical models for banking and insurance systems, economical modelling and forecasting. In the Business Informatics Department, the theory and practical activities are harmonized in order to train students in the modern programming languages like PASCAL, DELPHI, C, C++, PROLOG, JAVA, operating systems like  UNIX, NOVEL, WINDOWS,  data bases management systems  ORACLE, SQL, ACCESS, the analysis and designing methodologies  MERISE, OMT, UML. There are, also, presented Web technologies for developing E-Business distributed application development.

            The statistical data published by international institutions shows that the role of Small and Medium Enterprises in the economy is more and more important. This trend is not only determined by the SMEs characteristics, but also by the whole world economic environment evolutions. These two elements define SMEs as the main economic development determinant in the upcoming period. Romania’s integration in EU opens large development perspectives in all the sectors of the social-economic life. The Romanian companies, irrespective their size will be in an everlasting competition with those from EU. The competition will be also felt on all the markets approached by the Romanian companies. Like the SMEs from the EU member states, the SMEs have an important role in the Romanian economy.

             Having in view the enormous scientific potential within universities framework it is imperious necessary to improve the link between universities and SMEs. One way is to develop IT&C projects by the master students and post graduate students that will be implemented in SMEs in order to help them to stay on the market.

Information Technologie&Communication Projects

The IT&C projects are very complex construction.    The collaboration between user and developer is very important for developing a successful product.          To develop an IT&C project means, first of all, to set out the goal.

The TIC projects main characteristics are: structurability, clarity, consistence, completeness, complexity, and correctness.

The structurability is a quality characteristic that give the possibility to track the parts of the project that define the requirements imposed by program.

The clarity is given by the use in chapter Ci of key words that are included in the project priority list, and by introducing key words for chapter Ci . The chapter Ci  uses key words from previous chapters, and does not use indefinite key words. The clarity supposes an acronyms list, a glossary containing definition of processes, materials, products, phenomena, measurement units, in order to eliminate the ambiguities.

Consistency means the existence of the all components. This quality characteristic gives the value to the project in the evaluating process.

            Completeness is given by the approaching the text like a three structure. There are situations when the completeness is affected by:

-          defining a list consisting of my components, and developing the texts that refer to sy components, sy < my; the missing of ny descriptions, ny = my – sy, rise some questions regarding the developer’s capacity to manage the project;  for example seven activities are defined, and only five are described ;

-          the number of detailed elements is  higher then the specified number; for example the resources and activities lists contain eight elements, and 10 elements are described;

-          the elements  missing in the enumerative list and in description; these elements are necessary to develop the project; for example, in the project is not specified the equipment, and  the testing phase is, also,  not  specified;

-          some phases of the developing cycle are not included in documentation;

-          the necessary column  missing in the tables; for example in a table regarding the salaries, are missing the work  time and the salary/hour;

Ortogonality is used to analyze the texts of two chapters. Two chapters Ci and Cj are orthogonal if their texts have not identical elements.

Complexity is given by the diversity of the activities, resources, models, technologies, types of considered factors. Usually the complexity is given by comparison. A project P₀, chosen according to frequency criterion, called a unit project, is considered as reference model, and the other projects are compared with P_0. The choice is relative because the complexity has a dynamic character. It is changing in time that means to change the reference value.

            The project correctness is given by the concordance between the accepted texts and the basic elements of the sponsored domain. The correctness refers to the denomination of processes, technologies, operations, to the using of concepts, to the presentation of models, and to the signification of the variables. There is a strong connection between correctness and the logic way of scheduling the activities, the level of consumption of resources, and the made estimations. The communication process is, also, directly influencing the project correctness.

The Informatics Solutions Audit

            The IT&C projects developed by the students are audited both as a whole, and, also, the main parts of projects are separately audited. That means the software audit and the data audit. This way gives a guarantee that a project meets requirements and can be implemented.

The Informatics Audit is an essential activity for verifying weather an Information System is capable to achieve the expected objective. The domain, stages, content and methods of the informatics audit are specified by standards. The informatics audit domain includes auditing activities for specifications, projects, software, databases, the software life cycle specifics activities, and informatics applications, Information Systems for Management, complex portals and virtual organization.

The Informatics Audit addresses an Information Systems as a whole, taking into consideration data, as in-puts, software, and outcomes as data processed according to the organization’ needs.

The IS Audit includes the activities to collect and evaluate some samples in order to establish weather the IS is secure, maintains the processed date integrity, support the organization to achieve its strategically objectives and efficiently uses the informational resources.

            The most frequently activities during the Informatics Audit are the verification and evaluation of: risks, system control, hardware components, system management, informatics applications, computers network security, plans and procedure for emergent situations and for recovering in disasters case, data integrity. 

            The software audit main objective is to evaluate the degree of concordance between specifications and the software products.

            The data audit has in view the data quality requirements such are: completeness, accuracy, homogeneity, comprehensibility, timeless, reproducibility. The auditor certifies if data set are valuable in-puts for applications in order to obtain correct outcomes. .

An informatics audit has four phases: planning and preparation, the fieldwork visit, reporting, and follow-up.  During the planning and preparation phase, the auditor gains an understanding of the project.  Based on the scope of the audit, the auditor determines the specific questions that need to be answered, as well as the persons to be interviewed and the records and products to be examined to answer the questions.  The interviews are conducted, and records and products are examined during the fieldwork.

 The reporting phase consists of the exit debriefing of the audited project, the preparation of a written report on the audit, and clarifying issues and providing related information as needed. Follow-up is done by the project, as the problems and deficiencies found in the audit are remedied. Follow-up may include re-auditing to assess the adequacy of the remedies.

The activities conducted during the phases vary depending on the life cycle phase of the project being audited and the scope of the audit.  The activities also vary depending on whether the audit is external or internal; an external audit requires preparation that is more extensive and should examine a more comprehensive sample of material than an internal audit.

            Information system audit is increasingly becoming the focal point of the independent audit, compliance audit, and operational audits. An information system audit assists an organization to:

-          improve system and process controls

-          prevent and detect errors and fraud;

-          reduce risk and enhance system security ;

-          plan for contingencies and disaster recovery ;

-          manage information and developing systems ;

-          valuating the effectiveness and efficiency related to the use of resources.

            The Audit Informatics must be planned in such way in order to obtain the expected results by both the auditors and the audited organization. Planning the audit, the auditor must to understand the IS, and its complexity.

The Source Texts (Code Lines) Audit

To audit a software means, first of all, to audit the source text. After auditing  the source text the software project is analyzed, compiled, linked and launched in execution. After these activities the software is audited as the final product.

            The main objective of the audit on the text source is to analyze the way the test data has been introduced, the procedures that has been activated and to evaluate the data processing completeness. This audit finds the weak points of the source text and the unnecessary definition, without giving any solution.

The source texts are well defined entities containing:

-          a list of parameters corresponding to input data;

-          a list of parameters corresponding to the results;

-          a sequence of instructions to initialize local variables,

-          a processing sequence within the left side consist of results, while the right side consist of elements of input variables;

-          a sequence to initialize the status variables;

-          a sequence containing the return of a global status value.

The processing sequences are developed in such way to activate all the system components. The modules complexity level is in accordance with the designers’ vision. There are different ways to design the module’s structure. A module contains only one procedure or more procedures. Let us consider that a module contain only one procedure.

            In order to know the difference between the expected program and the real one, it is necessary to compute the distance between them. Let us consider a program PROG_i, having a complexity level C_i, and a program PROG_j, having a complexity level C_j. The sequences belonging to the both programs have the level of complexity C_ij.

C_ij = C(PROG₁ ÇPROG₂)

A distance indicator is defined as below:

.

            In this case the complexity is considered as number of instructions.

            The distance indicators, DA₁, DA₂, ..., DA_NMOD,  are computed between the modules MO₁, MO₂, ..., MO_NMOD and the modules MO’₁, MO’₂, ..., MO’_NMOD . The result is a medium indicator: 

            The modules are classified using this indicator, and they are evaluated as high, good, satisfactory, and unsatisfactory.  

            The next step consists in the modules interdependence analysis. The specifications determine the links among procedures. The source text audit analysis, also,  the flows generated by procedures.

            Analysing the program sequences it is necessary to check for error sources that affect the processing flows. Same of error sources are:

-          the using  of the  uninitialized variables;

-          the crossing data structures behind the deffined limits;

-          no test concerning the division by zero;

-          intermediary conversions that alter the final results;

-          giving an others significations to the variables;

-          using expressions that cancel the previous processing;

-          aggregating some constructions without any equivalence between their initial and final formula.

            The software audit, developed on the source text identifies:

-          the intermediate results structure; an element, a homogeny row of elements, a different elements row, a matrix consisting of homogenous elements, a matrix consisting of different element;

-          the way the intermediate results are manipulated, stocked, and further processed.

The Data Audit

One of the keys to the success in any business is the data understanding. In order to do this it is often a requirement to carry out an audit of the data within an organization in order to establish the assets held, and to build up metadata regarding those assets such as currency, release and scale.

The place of the data audit within informatics audit is shown in the figure 1.

Figure 1 The place of the data audit within informatics audit

Data auditing is a complex process since refers to those components of the informatics systems, which have as objective the construction, and the updating of files or databases.

Data analysis is one of the most difficult phases of the audit since the data have a direct impact on the quality of the final results obtained by an informatics system.

The data audit means:

-          analyzing the procedures used to record data and validating these procedures;

-          determining whether the devices used for measurements are calibrated and comply with the requests of the standards used;

-          determining the error categories and, within each category, the specific errors;

Upon data recording, errors are recorded with regards to:

-          determining the  identity codes errors for the collective items by means of omitting a code, by means of inter-changing two codes;

-          the levels of several features outside the domains, meaning a rough alteration of measurements; repeating the registered levels on an item of the group for the next items;

-          recording the level of the feature in line with the next feature or  ;

-          recording the level of the feature of the item either in line with the item or in line with the item; 

-          the erroneous interpretation of the symbols in the alphabet used to write the row at the crossing point of column with line ;

-          transforming the row at the crossing point of column with line by inserting  a symbol, by eliminating a symbol or by replacing a symbol with another one; the transformed row remains in the domain determined for the characteristic;

-          transforming the row at the crossing point of line with  column , so that they belong to a different category or to a different domain;

-          modifying the dimensions of table T_i by inserting new features, by eliminating differential features or by modifying the number of components of collective .

The data audit is meant to determine:

-          the conformity of the quality characteristics of collocated data set ST_i , by measurements or findings of the group items, as compared to the beneficiary’s request, specified precisely by references to standards, norms and by  on purpose drawn up documents;

-          the efficiency of the measurements ensuring the quality of the collected data;

-          identifying the data quality ensuring measurements.

Conducting a data audit is a much larger job than a traditional audit which simply evaluates accounting and financial procedures. The emphasis of a data as part of an  information audit is on how things are done rather than the things themselves.

In general, an data audit:

-          determines user data needs;

-          lists the data resources available;

-          identifies the costs and benefits of the data resources available;

-          establishes how data flow within the organization function;

-          results in the production of a report which proposes recommendations, for example to minimize system failures, to provide alternative solutions to information handling problems, to integrate IT investments further with strategic business initiatives, to devise an information strategy or policy.

It is important that the organization’s goals are known since data is a resource to support the achievement of the goals. The data audit will also highlight organizational constraints which impact the development of information systems.

As a management tool data audit work should help organizations make best use of data in order to obtain the necessary information, often through the development of an information strategy. Data audit as part of the information audits indirectly:

-          aid management decision making

-          support and encourage competitive advantage

-          enable organizations to adapt and change

-          facilitate organizational communication

-          encourage use of, and investment in, IT

-          contribute to the value of manufactured products

In order to develop ah high quality audit, the auditor must know the main goals of the audited organization and to determine the concordance between realities and the expectations

The IT&C Projects Developed by Students

            In this paper are analyzed only the projects developed  by graduates as licence projects, by the students at master as dissertations, and by the students at  Ph.D. studies, taken into consideration they have the necessary knowledge to develop a such kind of projects, and must of them are working with SMEs.  It is, also, very important to notice the how the knowledge accumulated during the master studies and the research activities during Ph. D. period are used in improving the quality of the projects elaborated by the Ph. D. students. All these aspect help the teachers to adept the courses to the practical needs.

The projects main goal is to see how the students gain knowledge, and haw they put into practice these knowledge. In this way the students solve a problem of the organizations where they are working.

            A particularity of the IT&C projects developed by students is the time of development. Having in view this aspect it is necessary that the project size and complexity to be in concordance with the developing time. In this situation the time can not be prolonged because the students must to delivery the projects in time in order to graduate. Overrunning the time means the unrealized project.

            Taken into consideration the project complexity, the project is developed by a single student or by k students. The projects developed by more than one person offer the possibility to train students to work in a team that is extremely important for them in the future, in order to take part in large IT&C projects development. The goals, the method to solve the problem, the necessary tools are specified.

            During the courses the students learns not only to develop such kind of projects, but the methods and techniques for auditing both the project, and the final product, as well. Knowing these aspects a student has the necessary knowledge to develop a project according to the audit requirements. This assumption is supported by the percentage of the implemented projects, as is shown in the Table 1

            In order to evaluate the efficiency of the training process it is used an efficiency indicator as below:

where:

            Ntot – number of developed IT&C projects;

            Nimpl – number of implemented IT&C projects;

            Ief – efficiency indicator.

            Taken into consideration the latest three years, the results are presented in the table 1.

Table 1.

The Ief for the latest three years

          The latest three years media is high then 80% that means a very good percentage.

Conclusions

Having in view both the market economy challenges and the dynamic evolution of the IT&C domain, the demand regarding IT&C programs is, also, increasing. One of the best solutions is to use enormous potential of the academic area for developing ITC projects according to the SMEs’needs. Taken into consideration the ITC projects cost the project audit is necessary.

In order to have beneficial costs, the ITC projects need to use resources at a minimum level. Only the audit process shows that the cost minimization has been initiated. There are arguments, there are measurements and the entire approach needs to be supported by efficiency calculations. 

            The audits of ITC projects verification by the faculty staff offer one more guarantee the projects meet the requirements. Taken into consideration the efficiency indicator, the faculties adept their curricula to the society needs.

References