Abstract
ABSTRACT An internal audit engagement at a large bank revealed that legacy software code can represent significant risk to an organization. In this engagement, several instances of malicious COBOL source code were discovered through manual inspection and identification. The internal auditors were concerned that more instances of faulty code could be in the production environment, and that manually inspecting over 100 million lines of source code would be infeasible. Under their auspices, I developed the Retrospective Static Source Code Analysis Framework for automatically identifying source code files likely to contain source code faults. We implemented this audit analytic framework in a tool called COBOL Analyzer. Using the tool, the auditors discovered thousands of potential source code files with faults and, using a ranking method, audited the most suspicious ones. The tool was deemed a success and it is undergoing further development by the internal audit team.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
