An IS auditor should recommend the use of library control software to provide reasonable assurance that:
program changes have been authorized.
only thoroughly tested programs are released.
modified programs are automatically moved to production.
source and executable code integrity is maintained.
Library control software should be used to separate test from production libraries in mainframe and/or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized. Library control software is concerned with authorized program changes and would not automatically move modified programs into production and cannot determine whether programs have been thoroughly tested. Library control software provides reasonable assurance that the source code and executable code are matched at the time a source code is moved to production. However, subsequent events such as a hardware failure can result in a lack of consistency between source and executable code.