Professional Documents
Culture Documents
A business case for a new system should identify both intangible benefits
and return on investment.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
Systems development life cycle (SDLC)
The phases deployed in the development or acquisition of a
software system. Typical phases of SDLC include:
•feasibility study,
•requirements study,
•requirements definition,
•design,
•development,
•testing,
•installation and post-implementation review.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
The requirements definition identifies and specifies
the business requirements of the system chosen for
development during the feasibility study.
Requirements include descriptions of:
•What the system should do,
•How users will interact with the system,
•Conditions under which the system will operate,
•Information criteria the system should meet.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
The requirements definition includes these tasks:
Identify stakeholders – Consult with them to determine their expectations.
Analyze requirements – Determine priorities. Look for conflicts and correct
them.
Identify system boundaries – Define what is part of the system and what the
system will be interacting with.
Convert user requirements into system requirements – For example, create a
prototype user interface that demonstrates the screen look and feel.
Record requirements – Requirements decisions need to be presented and
retained in a structured format.
Verify requirements – Ensure they are complete, consistent, unambiguous,
verifiable, modifiable, testable and traceable.
Resolve conflicts – Identify where the requirements do not match the
available resources and where the requirements of various stakeholders
differ and determine a course of action.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
There is a large payoff to an effective review of
requirements because of the high cost of rectifying
requirements problems in the downstream phases of
development.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
To ensure control over the IT process of identifying automated solutions to
satisfy the business requirements, the IS auditor needs to verify that
technically feasible and cost-effective solutions are achieved. The IS auditor
must ensure:
•Business and technical requirements have been defined,
•Feasibility studies have been completed,
•Approval (or rejection) of the requirements and the feasibility study results
is measured by:
Number of projects where stated beliefs were not achieved due to
incorrect feasibility assumptions,
Percent of feasibility studies signed off by the business process owner,
Percent of users satisfied with functionality delivered.
Alternate solutions satisfying the business requirements should be identified
to help ensure the optimal solution is selected.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
Key Personnel in the Systems Development Process
The project manager is appointed by the IS Steering committee
and is responsible for:
•Providing leadership and project management,
•Ensuring the project follows the overall direction outlined in its
charter,
•Involving the affected departments,
•Complying with local standards,
•Ensuring deliverables meet the quality expectations of key
stakeholders,
•Resolving interdepartmental conflicts,
•Monitoring and controlling costs and schedules.
CISA REVIEW
Chapter 3 – Systems Infrastructure and Lifecycle Management
Key Personnel in the Systems Development Process
Answer: