Novell Netware's Financial System Review


A critical financial system running on a Novell Network was recently reviewed. At the end of the review, we complimented the client on the controls that had been implemented. We also had some suggestions that we felt would help the client manage what was essentially a smaller version of a normal IS department -- with all of the inherent problems associated with computer operations, ongoing system development and maintenance, and the continuing need to upgrade operating system and programming language software. Based on an informal survey, It appears that users are satisfied with the financial system. Many of these users would like to do more, but they all seem to feel that the system has improved their ability to do their work.

Observations from this review fall into three categories:

  1. Programmer Turnover and Documentation
  2. Divisional and Departmental Future Plans
  3. Suggested Controls for a Financial System Network

Summary and Management Response sections are included at the bottom of this page.

Programmer Turnover and Documentation

We believe that programmer turnover is a significant issue that will make support for the client’s financial system more difficult in the future. The client’s problem revolves around the fact that a major application could be maintained by someone who was part of the original development team, but it usually requires several people to perform the same maintenance if they are not familiar with the application. It is even worse if they are not familiar with the client’s network, database and programming language. This usually means that none of the new people may ever understand the complete system, and the problem is compounded if they keep leaving.

Problems are further worsened if the system is constantly being changed or new subsystems are being added, and the system maintenance people must perform those tasks also. If these people also have additional responsibilities such as network, database, and microcomputer support, the situation gets even worse. In a large, stable IS department, each of these jobs is assigned to different departments or operational areas. The systems are well documented, and there is enough redundancy and cross-training/education of staff that the department can effectively handle the contingencies related to occasional turnover, vacation, sick leave, and disaster recovery.

The client was already starting to experience programmer turnover when the area was first reviewed the previous year. It appears to be continuing this year, and we expect it will continue in the future. The client’s programmer turnover has been categorized as approximately 50% -- a significant turnover rate. The turnover issue appears to be related to salary levels, difficulty in attracting and retaining programmers, the long hours necessary to meet all system requirements, and the need for ongoing technical training that is not occurring.

Programmer documentation of the client’s financial system appears to be minimal. The documentation issue appears to be related to turnover, staffing, and training. There is just not enough time or well trained programmers to get the documentation completed and maintained on a current basis.

We believe that the client can solve the lack or inadequacy of program documentation by minimizing departmental programmer turnover, filling vacant positions, providing adequate training for programmers, and utilizing the network support personnel of the client’s division to relieve the burden of many of the microcomputer and network questions that currently distract them. If the client cannot solve the programmer turnover problem (less than 10% turnover per year seems to be the norm for most IS departments in our organization), we recommend that the client considers turning over its system maintenance to a central IS support group. Backup programmers with cross training are part of the normal purpose for a central support group.

Divisional and Departmental Future Plans

We noted that the client’s division has reorganized to provide more central network support that will help to relieve the burden of departmental programmers who are currently serving in many different capacities and having trouble prioritizing their job-related tasks. Higher level support for non-application tasks should help the client considerably.

It appears that the departmental plan for the system includes:

  1. upgrading the system to Novell 4.1 because of its increased security and capabilities,
  2. potentially changing from the current version of the Foxpro programming language to Visual Foxpro, and
  3. using imaging to convert from paper to computer media.

The first issue of upgrading the client’s system from Netware 3.11 is reasonable, because newer systems offer increased security and capabilities (both in Novell 4.1 and Windows NT) and correct most of the identified holes in Netware 3.11 security. Older operating systems will eventually be difficult to maintain because the vendors will cease to provide support. Although Novell continues to enjoy a large share of the market, it does appear that Microsoft networking products are displacing Novell products at many locations. Another consideration that might interest the client is that the Internet Protocol (IP) is the de factor corporate standard, rather than proprietary protocols such as Novell’s IPX. Recent articles indicate that Novell has started to provide IP capabilities in their releases. The need for IP should only affect the client if the department desires connectivity outside of its local area network, or if the client is depending on support from people who will only support the IP. Connection to the Internet brings the security problems associated with it.

There are indications that Windows NT is cheaper to license than Novell 4.1, although we have learned that Novell is considering lowering their cost. The cost of converting the client’s system from Novell to Windows NT might increase the positive return period, so conversion costs should be estimated before a decision is made, unless the decision is based on other factors (e.g., changing to a more compatible database, better system security, or availability of better development and maintenance tools, etc.).

It is likely that Microsoft products will be more compatible with each other than with Novell products (e.g., Windows NT and Foxpro should be more compatible than Novell and Foxpro). The current version of Windows NT (3.51) is considered to be stable and feedback on the beta test version of Windows NT 4.0 indicates that it is very stable, secure, and with considerably more features for the future. If the client is interested in considering Windows NT as an alternative LAN operating system, the current academic prices for it are available at the UCS Scholars Workstation Internet . As of May 1996, prices for Windows NT and other related software products that the client might wish to run on its system are as follow:

The client’s second issue of converting to Visual Foxpro from earlier 2.0 and 2.6 versions is obviously possible since Microsoft has released Visual Foxpro, but it is likely to have all of the normal problems of converting from one major version of a computer programming language to another. It could be time consuming unless Microsoft supplies conversion tools, and it may mean a conversion period where two different versions of the client’s system are being maintained. We usually recommend using new products like this from new systems or subsystems to enable the client to judge how much training and additional work will be necessary until the project is complete. We also recommend starting with as small a project as possible for the first one. The client might want some central support for this kind of conversion effort. Continual upgrading will be a way of life with the client’s system unless another group assumes responsibility for some of the problems (e.g., network and microcomputer upgrades).

The client’s last issue of using imaging for its financial system records is one that a similar function at a sister campus agreed was occurring there. Scanning hardware and imaging software are becoming increasingly cheaper and better. For instance, the Caere scanning software package, with a flatbed scanner, can be used to scan documents and turn them into editable Microsoft Word documents. The capabilities of these scanning and imaging systems has increased significantly over the last few years, and it appears that this will continue while decreasing in cost.

The client has discussed the need to scan documents into the system as permanent images, adding indices and notes to them as they are processed and stored in the system, but without modifying the basic scanned image. This is easier than creating editable documents or images that can be modified. One caution about this is that it is usually more cost effective for data that are accessed frequently and/or for a protracted period of time. Infrequently accessed data and/or data that are not maintained for several years are considered less cost effective for now. This may change as software prices decrease.

General Suggestions for Improvement

Based on our observations, we have an updated list of suggestions, although most of them are very similar to ones made last year. Those suggestions are summarized in Suggestions for Improved Controls Over A Financial System Network document. They are largely the same controls that we recommend to the large administrative computer centers in our organization because the client is essentially performing the same functions for the same number of customers even though the client is managing a smaller number of applications. Because we recommend that the client consider adding some analysis to its system, we are providing some additional vendor information on several products which might be of use to the client. We believe that Novell Lananalyzer is still the cheapest one available for Novell 3.11 and it is incorporated into Novell 4.1 for free, but it is fairly basic in terms of what it provides. It is also our understanding that the divisional plans call for the client to move its system to Novell 4.1 this year.

We encourage the client to continue to treat its operation as a computer center and expect to exercise the same controls. Essentially, the client needs very tight controls over the process involving change in its applications, network operating system and hardware, programming language versions, and microcomputer operating system and computer contents. It will be important to maintain its close working relationship with the divisional and corporate IS support personnel, in order to help identify potential problems as the client proceeds with its plans. Close coordination with other interfacing units is also recommended, because all units involved are sharing so much data. Collaborative planning with these units is recommended.


The client has a financial system that appears to be satisfying users, but management also has several significant control issues with which it must continually deal. The biggest one appears to be its programmer turnover. The others fall into the category of ongoing support and strategic planning. We suggest that management considers including knowledgeable IS personnel in its planning so that they can help management avoid making costly mistakes. We greatly appreciate the help of everyone involved in this review.

Management Response

All of the suggestions are based on sound practices and principles and we will share them with appropriate people who can assist in the implementation of them.

[ Home Page ] [ NewsLine ] [ IS Audit ] [ IS Security ] [ Control ]

For comments or problems, please e-mail
Slemo Warigon
or call (805) 893-3817.
Copyright © 1996-1997 WariNet Haven