Code Review, Test Data, and Code Comparison

Chapter 17

Integrated use of code review, test data, and code comparison for evidence collection purposes

Program codereview

Flaw hypothesisgeneration

Design of test data

Test of programInvestigation ofdiscrepancies

Code comparision ofBlueprint with

Production program

Creation ofProgram blueprint

Correction ofProgram flaws

Program source-code review

Objectives of code review- Identify erroneous code- identify unauthorized code- identify ineffective code- identify inefficient code- identify nonstandard code

Source-code review methodology

1. Select the source code to be examined.2. Review the organization’s programming

standards.3. Obtain an understanding of the program

specifications.4. Obtain the source-code listing.5. Review the programming language used

to implement the code.6. Review the source code.7. Formulate flaw hypotheses.

Benefits and costs of code review

Benefit Provides a level of detailed knowledge about a program.

DisadvantagesTime consuming and often difficult and costly to undertake.

Test Data

Reliable if it reveals a defect in a program when the program contains a defect.

Auditors should use a systematic approach to the design of test data.

Types of systematic approaches to the design of test data exist :

Black-box (specification-based testing methods)1. Equivalence partitioning2. boundary value analysis

White-box (program-based testing methods)1. Basis path testing2. Loop testing

Benefits & Costs of Test Data

Benefit it allows auditor to examine the quality of program code directly.

Disadvantages It is often time consuming and costly.

Types of code comparison :

1. Source-code comparison2. Object-code comparison

Source-code and object-code comparison are often most effective when they are used in conjunction with one another.

Benefits & Costs of Code Comparison

Benefit It is easy to undertake. Limitation It does not provide

evidence directly on the quality of the code being compared.