Explain how application version numbers can be used as an audit to0l for assessing program change controls.

What will be an ideal response?

The SPLMS assigns a version number automatically to each program stored on the SPL. When programs are first placed in the libraries (at implementation), they are assigned version number zero. With each modification to the program, the version number is increased by one. This feature, when combined with audit trail reports, provides a basis for detecting unauthorized changes to the application program. An unauthorized change is signaled by a version number on the production load module that cannot be reconciled to the number of authorized changes. For example, if 10 changes were authorized but the production program is Version 11, then two possible control violations may have happened: (1) an authorized change occurred, which for some reason went undocumented, or (2) an unauthorized change was made, which incremented the version number.

PTS: 1