LITERATURE

STRUCTURED PROGRAMMING

Italian pasta

cards into the transaction stream with instructions for donations

to be made to some deserving charities which have consistently

been ignored. You know that the controls will never detect

your action.

How would you rate the above?

Cl OKAY q DISH~NEST q UNETHICAL OILLEGAL q CAN'T DECIDE

(In Horwitz's initial sample group of 226 people, 19% - ie a

total of 42 people - rated it as OKAY, 20% as ILLEGAL, 53% as

DISHONEST or UNETHICAL. 8% could not decide.)

STRUCTURED PROGRAMMING FOR THE COBOL PROGRAMMER. THE STRUCTURED

PROGRAMMING COOKBOOK. Both by Paul Nell. Published by

Mike Murach & Associates, Fresno, California,

The most obvious characteristic of a structured program is its

shape. This is best illustrated by comparing programs to

Italian pasta. The traditional program is like spaghetti

bolognese, with long strings of spaghetti (the "GOTO" statements)

entwined with the meat of the program. It is almost impossible

to unravel once it has been made. Structured programs, however,

are like ravioli - there are a number of separated packages of

meat, each securely held by its own envelope of pasta.

Structured programming places emphasis on design of programs

before they are coded. Documentation quality should be higher

than usual, and the way in which a systems specification is

transformed into a source program should be much clearer.

Thus, the process of linking the specification into the program

in audit reviews etc becomes more straightforward, and it is

simpler to ensure that controls have been implemented.

Emphasis on programming teams

There is an associated emphasis on programming teams, using

cooperative methods of programming, of which the most popular

is the 'structured walk through'. At suitable points in the

coding and design process, each programmer discusses his work

with other members of his team, for the purpose of improving

it. A side effect of this open cooperative programming is

that chances for a programmer to go his own secret way are

reduced.

Properly implemented structured programming dramatically

Difficult to introduce reduces the opportunity for fraudulent code to be introduced

fraudulent code during the development process, and increases greatly the chance that the programs will accurately reflect the requirements

laid down in the systems specification,

CONTROL CHECK LISTS

The Internal Control Questionnaire, also known as a Check List

Survey, Control Flowcharting, etc, is a highly recommended

audit technique, but its efficiency obviously depends on:

the scope of the questionnaire

the accuracy of the answers

how the answers are interpreted

A dim man asking a crook questions from an incomplete list is

never going to find out what he wants to know.

A useful check list has been devised by Jerry Fitzgerald and

Associates of California. Dr Fitzgerald, the chief executive

COMPUTERLWAUN& SECURITYBULLETIB Vol.1 No5