Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systems Development Life Cycle & Applications System

Similar presentations

Presentation on theme: "Systems Development Life Cycle & Applications System"— Presentation transcript:

1 Systems Development Life Cycle & Applications System
Sunday, November 22, 1998 Systems Development Life Cycle & Applications System Distributed by AGASS (

2 Business Application Development Framework
Chapter 1 Business Application Development Framework Distributed by AGASS (

3 Distributed by AGASS (
Learning Goals The need for structured system development The various phases of Software Development Life Cycle - SDLC and their interrelationship in brief Feasibility Study System Requirement Analysis Hardware and software acquisition Distributed by AGASS (

4 Distributed by AGASS (
Sunday, November 22, 1998 Introduction Logical starting point in the entire life cycle of a computerized system. Activities starts when : decides to go for computerization migrate from existing computerized system to a new one Understanding of why and how systems are deployed Distributed by AGASS (

5 Distributed by AGASS (
Introduction… A System can be defined as “a collection of inter-related components or sub-systems”. E.g. our solar system – consisting of Sun and planets, our body can be considered as a system of collection of organs, bones, tissues, blood etc. Business - collection of systems such as manufacturing, stores, purchase, administration, accounts and so on. Systems have a life span after which they will be replaced. Systems will become obsolete due to.. Technology may become outdated People using the system may change Government or other regulatory change may render the systems obsolete. Business needs are expanded due to expansion of business, mergers, take-overs etc. With the increased use of computers, it is necessary to have more organized ways of developing systems and procedures Distributed by AGASS (

6 Distributed by AGASS (
Sunday, November 22, 1998 Introduction … SDLC gives way to all other activities covered in other modules such as : protection of IT assets business continuity IS Audit Process etc. Distributed by AGASS (

7 Characteristics of a System
Sunday, November 22, 1998 Characteristics of a System Each system consists of inter-related sub-systems or components System has an identifiable boundary and works within it’s boundary Each system will have Purpose of existence Environment of the system – external to the system Interface to the system – for interaction with environment Inputs to the system – e.g. data Outputs generated by the system - information Constraints or business rules for the system Distributed by AGASS (

8 Business Application Development
Sunday, November 22, 1998 Business Application Development Developing or acquiring and maintaining application systems which will be used for various day-to-day business activities. The effective management and control of this development. The SDLC involves defined phases,the phases may be undertaken in a serial manner or in a parallel manner. Distributed by AGASS (

9 Need for Structured Systems Development Methodology
Sunday, November 22, 1998 Need for Structured Systems Development Methodology Software is not a tangible product which can be put to use immediately Software products are not manufactured but are developed by developers. Therefore, their quality heavily depends on the quality of people carrying out system development. Developing software products in an organized manner means : software development should be treated as a Project Schedules of completion and deliverables in a time line for various phases Resources and cost estimation for all the phases Quality standards for comparing products of every phase Distributed by AGASS (

10 Risks associated with SDLC
Sunday, November 22, 1998 Risks associated with SDLC Necessary to know these risks prior to undertaking SDLC projects. The objective is to : Identify risks Discovering methods to eliminate or mitigate them Accepting residual risk and going ahead with the project Some of the Risks : Cumbersome for the development team due to lot of documentation The users may find that the end product is not visible for a long time. Due to formal structured methodology, duration of project may be longer, thus it may not be suitable for small and medium sized organizations. Distributed by AGASS (

11 Software development : distinct processes
Sunday, November 22, 1998 Software development : distinct processes Identifying the need or problem for the development - Project Initiation, Feasibility Studies Specifying the system - Requirements Analysis The potential benefits from new system - Feasibility Study Identification and evaluation of factors which affect business - Project Initiation, Feasibility Studies Designing of the system - System Design Programming - Developing source code Program testing Implementation Distributed by AGASS (

12 Distributed by AGASS (
Project Initiation Whenever a business entity decides (i.e. stakeholders in the business or senior management) to undertake computerization, a Project will have to be initiated. This process is called as Project Initiation. E.g. A new business application is required to be developed to address a new or existing business process e.g. a billing system The outcome of Project Initiation is a formal Project Initiation Report which is presented to senior management or BOD. This will be accepted with or without modifications and then the next phases of SDLC will be rolled out. In case of SMEs or very small organizations, a formal Project Initiation Report may not be prepared. Distributed by AGASS (

13 Distributed by AGASS (
Sunday, November 22, 1998 Phases in SDLC Feasibility Study Requirements Analysis Systems Design Programming / Construction Testing Implementation Post-Implementation Distributed by AGASS (

14 Phase 1 - Feasibility Study
Organizations cannot give unlimited resources, unlimited budgets and unlimited time-frames for projects. Therefore this requires a Feasibility Study covering the following aspects of a project.. Economic Time Technical Operational Resources Behaviroural Legal It is done by identification of problem, identification of objectives, delineation of scope, conducting feasibility study Distributed by AGASS (

15 Phase 2 – Requirements Analysis
Understanding Requirements Study of history, structure and culture Study of Information flows Eliciting user requirements Structured Analysis Context and Data Flow Diagrams (DFD) Entity-Relationship diagram Data dictionaries Decision Table / Decision Tree / Structured English State Transition diagram Distributed by AGASS (

16 Phase 2 – Requirements Analysis…
System charts / program flow charts Interface in form of data entry screens and dialogue boxes Report layouts In the industry, the Requirement Analysis is known by different names such as Systems Requirements Specifications (SRS), Business Requirements Specifications (BRS), Users Requirements Specifications (URS) or Users Requirement Document (URD). Strictly speaking, all these will give different aspects of requirements Distributed by AGASS (

17 Distributed by AGASS (
Software Acquisition Software acquisition is not considered as a standard phase in SDLC Requirements analysis should be carried out even if software acquisition is planned Request for Proposal – RFP should be prepared which should give at a minimum : Product vs System requirements Customer References Vendor viability and financial stability Availability of complete and reliable documentation about the new software Vendor support Response time Source code availability Vendor’s experience A list of recent or planned enhancements to the product with dates List of current custom¬ers Acceptance testing of product Distributed by AGASS (

18 Distributed by AGASS (
Sunday, November 22, 1998 Roles involved in SDLC Steering Committee Project Manager Systems Analyst Team Leader Programmer DBA Quality Assurance Tester Domain Specialist Technology Specialist Documentation Specialist IS Auditor Distributed by AGASS (

19 Chapter 2 Phases in Software Development
Sunday, November 22, 1998 Chapter 2 Phases in Software Development Distributed by AGASS (

20 Distributed by AGASS (
Learning Goals A clear understanding of all the phases of SDLC except the phase involving feasibility study and system requirement analysis, which we have seen in Chapter 1. This chapter will cover the phases of Programming, Testing, Implementation and Post implementation Distributed by AGASS (

21 Distributed by AGASS (
System Design Phase Based on the requirements analysis done by development team, a system will be designed. As explained in Chapter 1, if Software Acquisition is planned, then the next 2 phases viz Systems Design and Programming will not be undertaken. In the last chapter, we have seen how Requirements Analysis is carried out by using Structured Analysis technique. The same technique is used for describing the Design of the system. We will now study some other aspects of Systems Design Distributed by AGASS (

22 Distributed by AGASS (
Systems Design Developing system flowcharts to illustrate how the information shall flow through the system. E.g. DFDs. Defining the applications through a series of data or process flow diagrams, showing various relationships from the top level down to the detail. E.g. E-R diagrams, data dictionaries etc. Describing inputs and outputs, such as screen design and reports. We shall describe this later. Determining the processing steps and computation rules for the new solution. E.g. Decision Tables / trees and Structured English Determining data file or database system file design. E-R diagram and data dictionaries will lead to design of the table Preparing the program specifications for the various types of requirements or information criteria defined. This topic is also beyond our current scope. Distributed by AGASS (

23 Distributed by AGASS (
Systems Design … Thus, this phase deals with the way the proposed system can be transformed into a working model. The steps involved in this phase are: Architectural design Design of data / Information flow Design of database Design of user interface Physical design Selection of appropriate hardware and software Distributed by AGASS (

24 Distributed by AGASS (
Architectural design Architectural design deals with the organisation of applications in terms of hierarchy of modules and sub-modules. It is necessary to identify : Major modules e.g. Masters, Transactions, Reports etc Function and scope of each module Interface features of each module Modules that each module can call directly or indirectly Data received from / sent to / modified in other modules The architectural design is made with the help of a technique called as functional decomposition wherein top level functions are decomposed (i.e. broken into) and inner-level functions are discovered. This process is continued till our context is met with. Distributed by AGASS (

25 Design of data / Information flow
We have already seen this in the last chapter thru Context and DFDs Distributed by AGASS (

26 Distributed by AGASS (
Design of database We have seen what are entities and E-R diagrams in the last chapter. In designing database, entities are described in detail, with their structure. E.g. an Employee entity, obvious structure elements (also called as attributes, fields, columns) would be Employee ID, Name, Address, Date of Birth etc. Only those attributes which are of current interest w.r.t. the current system (or system module) are only considered. When design of all entities is over, they can be put in a repository to form a Data Dictionary so that, common entities across the system can be used by other development team members. Distributed by AGASS (

27 Distributed by AGASS (
Design of database… The design of database consists of 4 major activities Conceptual modeling – E-R digrams giving relationship between entities Data modeling – describing data types, length Storage structure design – how to store data on a physical device e.g. hard disk Physical layout design – hard disk track level design is done Distributed by AGASS (

28 Design of user interface
This is nothing but designing of data entry screens, dialogue boxes Important aspects are... Menu navigation should be easy and promote the users to use the software Screens with soothing foreground and background colours should be designed Place for company logos, dates etc should be uniform throughout the screens For multipage screen layout, it is better to have tabs with page numbers indicating on which page the user is Mandatory fields should be indicated explicitly If system is going to take time for processing after a user action, it should be clearly displayed intermittently on screen Developers should design screen by keeping in mind computer awareness level of users. Distributed by AGASS (

29 Distributed by AGASS (
Physical Design The logical design needs to be ultimately mapped or implemented on a Physical Design. E.g.hardware, operating system, database management system and any other software needed. Generally, following types of components need to be selected and finalized. Hardware – e.g. hardware for servers, desktops etc. Power Systems – such as UPS, generators, line conditioners etc. Networking and telecommunication equipment – such as hubs, switches, routers, repeaters etc Operating system – e.g. Windows (XP, Windows 2003 etc), Unix or Linux RDBMS – such as Oracle or Microsoft SQL Server or MySQL etc. Web server software – for web based systems server will have this software which will interact with database and application software which are loaded on servers (called as database and application servers). E.g. Internet Information Server (IIS), Apache etc. Distributed by AGASS (

30 Distributed by AGASS (
Physical Design… Types of components … Transactions processing software and message queuing software – These are classified under Middleware since they are neither near user (client or front-end) nor near machine (such as OS or RDBMS). Their main function is to process a transaction and/or queue up transactions for further processing. Client software – This software will reside on desktop or client machine. Depending upon type of system, a client software may have to be separately installed The client software will be connected to Application software when user invokes it. Distributed by AGASS (

31 Development Phase: Programming Methods, Techniques And Languages
The Development Phase takes the detailed design developed in the Design Phase and begins with coding by using a programming language. The responsibility of this phase is primarily that of the Programmers. The following are the key activities performed during this phase. Coding and developing programs and system level documents Testing and debugging continuously for improvements in program developed Developing programs for conversion of the data in the legacy system to new system Formulating the procedures for the transition of the software by the various users Training the selected users on the new system In case of vendor supplied software, documenting the modifications carried out to ensure that future updated versions of the vendor's code can be applied. Distributed by AGASS (

32 Programming Methods & Techniques
For effective and efficient software product, following techniques should be used… Adoption of the Program Coding Standards Structured programming Online Programming Facilities Use of suitable Programming Language and method Procedural programming – past trend Object Oriented Programming Technique – current trend Distributed by AGASS (

33 Distributed by AGASS (
Program Debugging Debugging is the most primitive form of testing activity. Programmers usually debug their programs while developing their source codes by activating the compiler and searching for implementation defects at the source code level. The need for extensive debugging is often an indication of poor workmanship. Debugging software tools assist the programmer in fine tuning, fixing and debugging the program under development. Distributed by AGASS (

34 Distributed by AGASS (
Program Debugging… Debugging tools help programmers in debugging activity These tools fall in the following three categories… Logic Path Monitors: provide logic errors by reporting on the sequence of events achieved by the program Trace: This lists the changes in selected variables at different stages of the program. Memory Dumps: provides a picture of the internal memory content at the point where the program has abruptly ended, providing the clues to the programmer on the inconsistencies in data and parameter values. Output Analyzer: checks the accuracy of the output which is the result of processing the input through that program by comparing the ac­tual results with the expected results. Distributed by AGASS (

35 Software Testing Phase
Software testing is the process of testing software in a controlled manner to ensure it meets the specifications. During testing, the developer should give up preconceived notions of the correctness of the software developed. Testing is carried out in the Test Environment. For some large and complex systems, development and testing environment may be separate. Objectives of testing Testing is a process of executing a program to identify an error. A good test case is one that has high probability of finding an error. A successful test is one that uncovers an error. Distributed by AGASS (

36 Distributed by AGASS (
Levels of testing Every software normally goes through the following levels of tests: Unit testing System testing Distributed by AGASS (

37 Distributed by AGASS (
Unit testing Unit testing is the process of testing individual units (i.e. individual programs or functions or objects) of software in isolation. A program unit is usually small and the programmer who de­veloped it can test it in a great detail. There are four categories of tests that a programmer typically performs on a program unit: Functional tests - These tests check whether programs do what they are supposed to do. Performance tests - These should be designed to verify the response time, the execution time, the throughput, primary and secondary memory utilisation and the traffic rates on data channels and communication links Stress tests - These are designed to overload a program in various ways. The purpose of a stress test is to determine the limitations of the program. Structural tests - These are concerned with examining the internal processing logic of a software system. Parallel Tests - By using the same test data in the new and old system, the output results are compared. Distributed by AGASS (

38 Distributed by AGASS (
Types of unit tests Static analysis tests Desk Check: This is done by the programmer himself. He checks for logical syntax errors, and deviation from coding standards. Structured walk-through: The application developer leads other programmers through the text of the program and explanation Code inspection: The program is reviewed by a formal committee. Review is done with formal checklists. The procedure is more formal than a walk-through. Dynamic analysis tests Black Box Test: Assumes no knowledge of internal logic of programs White Box Test: Assumes knowledge of internal logic of programs Distributed by AGASS (

39 Integration / Interface testing
The objective is to evaluate the connection of two or more components that pass information from one area to another. This is carried out in the following manner. Bottom-up integration: Bottom-up integration is the traditional strategy used to integrate the components of a software system into a functioning whole. It consists of unit testing, followed by sub-sys­tem testing, and then testing of the entire system. Top-down integration: Top-down integration starts with the main rou­tine, and stubs are substituted, for the modules directly subordinate to the main module. An incomplete portion of a program code that is put under a function in order to allow the function and the program to be compiled and tested, is referred to as a stub. Regression tests: Each time a new module is added as part of integration testing, the software changes. These changes may cause problems with functions that previously worked flawlessly. In the context of the integration testing, the regression tests ensure that changes or corrections have not introduced new errors. The data used for the regression tests should be the same as the data used in the original test. Distributed by AGASS (

40 Distributed by AGASS (
System testing System testing is a process in which software and other system elements are tested as a whole. System testing begins either when the software as a whole is operational or when the well defined subsets of the software's functionality have been implemented. The purpose of system testing is to ensure that the new or modified system functions properly. These test procedures are often performed in a non- production test en­vironment. The following types of testing might be carried out. Recovery Testing : Checking the ability of recovery of the system after the failure of hardware or software. Security Testing: Ensuring the existence and proper execution of ac­cess controls in the new system. Stress or Volume Testing: Testing the application with large quantity of data during peak hours to test its performance. Performance Testing: Comparing the new system's performance with that of similar systems using well defined benchmarks. Distributed by AGASS (

41 Final Acceptance Testing or Users Acceptance Testing
Final Acceptance testing is conducted when the system is just ready for implementation. During this testing, it is ensured that the new system satisfies the quality standards adopted by the business and the system satisfies the users. Thus the final acceptance testing has two major parts: Quality Assurance Testing: ensures that the new systems satisfies the prescribed quality standards and the development process is as per the organisation's quality assurance methodology. User Acceptance Testing: ensures that the functional aspects expected by the users has been well addressed in the new system. There are two types of the user acceptance testing. Alpha Testing: is the first stage, often performed by the users within the organization Beta Testing : is the second stage, generally performed by the external users. This is the last stage of testing, and normally involves sending the product outside the development environment for real world exposure. Distributed by AGASS (

42 Implementation of Software
Planning of the implementation should be commenced much before actual date of the implementation The implementation plan as developed in the Design Phase should be used with the modifications if required. There are four types of implementation strategies: Direct implementation / Abrupt change-over : The old system is suspended on a specific day and the new system is tried out. Parallel implementation : Both the old and new systems are run in parallel to verify if their output is the same. Then the old system is suspended. Phased implementation : The new system is implemented in parts. This makes implementation more manageable. Pilot implementation : The new systems is first implemented in a small, non-critical unit and then moved to larger unit. Distributed by AGASS (

43 Activities during Implementation Stage
Major activities during implementation are: Installation of new hardware / software Data conversion: Following steps are necessary. Determining what data can be converted through software and what data manually. Performing data cleansing before data conversion Identifying the methods to access the accuracy of conversion like record counts and control totals Designing exception reports showing the data which could not be converted through software. Establishing responsibility for verifying and signing off and accepting overall conversion by the system owner Actual conversion User Final Acceptance testing User training Manager's training on overview and MIS Operational user training on how to use the software, enter the data, generate the output IT department’s training on the technical aspects Distributed by AGASS (

44 Post Implementation Review
In PIR, after the system stabilizes, a check should be done to ensure that the system has fulfilled the objectives. Otherwise, move back to the appro­priate stage of the development cycle. The PIR should be performed … jointly by the project development team and the appropriate end users an independent group not associated with the development process, either internal or external Audit should be conducted to meet the following objectives: Whether the system met management's objectives and user requirements Whether the access controls have been adequately implemented and actually working Evaluation and comparison of the actual Cost Benefit or ROI as against the same projected in the feasibility study phase. Recommend on the system's inadequacies and deficiencies Develop a plan for implementing the accepted recommendations Evaluate the system development project process Distributed by AGASS (

45 Post Implementation Review…
Maintenance is also part of the post implementation review. It can be categorized into four types: Corrective maintenance : Correcting errors that may surface during the running of the applica­tion. Adaptive maintenance : Rapid changes in technology may cause an application to be run in a new technical environment in the user site. Web enabling a legacy application would fall in this category. Perfective maintenance : Perfective maintenance is required when the user wants additional functionalities. Extending the purchase order system to cover service orders will fall in this category. Preventive maintenance : When the software is changed to suit future maintainability, it is called preventive maintenance. Distributed by AGASS (

46 Distributed by AGASS (
Sunday, November 22, 1998 Chapter 3 Alternative Methodologies of Software Development Distributed by AGASS (

47 Distributed by AGASS (
Learning Goals To provide an understanding of: Different approaches to system development - advantages, problems encountered and selection criteria Different aspects involved in maintenance of information systems Distributed by AGASS (

48 Traditional SDLC Models
Sunday, November 22, 1998 Traditional SDLC Models Waterfall Model Spiral Model Today’s trend of OOP and web-based systems demands that Alternative Development methodologies be adopted instead of traditional methods. Distributed by AGASS (

49 Data Oriented Systems Development
Data oriented system development focuses on data structure and not data flow while processing. Systems that optimize data usage are classified as data-oriented systems. This approach considers data independently of the processing that transforms the data. Management Information Systems (MIS) and Data Warehousing applications fall in this category. Process-oriented approach specifies how data is moved and / or changed in the system Distributed by AGASS (

50 Object Oriented Systems Development
In this method, the system is analyzed in terms of objects and classes and the relationship between objects and their interaction. Objects are defined as entities that have both data structure and some behaviour. E.g. employee record is an object having properties : employee name, employee ID etc. and behaviour such as AddEMployee, RemoveEmployee, TransferEmployee etc. Major advantages of this approach are: Ability to manage a variety of data types Ability to manage complex relationships Capacity to meet demands of a changing environment Reusability of logical elements Data Security Object Oriented technology is widely used in: Computer Aided Engineering (CAE) Systems software Distributed by AGASS (

51 Distributed by AGASS (
Prototyping When a customer defines a set of general objectives for the software, but not detailed input, processing and output requirements, prototyp­ing may be the best approach. The following are the steps in the prototyping approach : Requirements gathering : The developer gets the initial requirements from the users. Quick design : The emphasis is on visible aspects such as input screens and output reports. Construction of prototype: by the developer on the basis of inputs from the users. Users evaluation of prototype : The users accepts the screens and op­tions as shown to them. Refinement of prototype: Prototype is refined by fine tuning the us­ers requirements. The last two steps are iterated till the user is fully satisfied with the pro­totype. Distributed by AGASS (

52 Distributed by AGASS (
Prototyping … The drawbacks of the prototyping approach are: The user sees the 'working' version of the software, without realising that the processing logic is still not ready. Design strategy may be very weak The capability of the prototype to accommodate changes may lead to some problems. Difficult to keep track of changes in the controls of prototype model. Changes in design and development keep happening so quickly in this approach that formal change control procedures may be vio­lated. Advantages … IS auditor should be aware about the above risks IS auditor should also be aware that this method of system development can provide the organization with substantial saving in time and cost. Similarly, since users are giving approval to data entry screens and report layouts early in SDLC life cycle, chances of meeting user requirements are very high in this model. Distributed by AGASS (

53 Rapid Application Development - RAD
RAD is an incremental model which has a short development cycle. Requirements have to be clearly understood and the scope has to be well defined. RAD leverages the following techniques to keep the develop­ment cycle short: Multiple small teams Modular applications Evolutionary prototype Automated tools Design workshops Component- based development Fourth generation languages Rigid time frames Adopted only for individual strategically important systems and not for ERP kind of systems. Distributed by AGASS (

54 Distributed by AGASS (
RAD … This approach should be undertaken only if the following 4 pillars of an organization are strong : Management – should give quick decisions to development and user teams People – in user team and development team Methodology – proven methodology should be used and not recently invented Tools – proven integrated tools such as VB / Delphi etc should be used. The four stages in this approach are: Definition of scope Creation of a functional design Construction of application Deployment The drawbacks of RAD are: For mission critical applications, where quality and reliability as­sume higher importance than time of development, this approach is not recommended. Distributed by AGASS (

55 Distributed by AGASS (
Reengineering Used for systems working satisfactorily but are not efficient due to poor design or take advantage of new technology. It is difficult to migrate these huge mission critical applications to new systems quickly. In such cases, the reengineering approach is suggested. This is quite like remodeling / rebuilding an old house. Software reengineering consists of six activities: Inventory analysis: Inventorise of all applications that it uses. This should include details such as size, age, business criticality. Document restructuring: In many legacy applications, documentation is sketchy, or may not exist at all. In a large application environment, documentation must be carefully planned, taking into account the resources available. Distributed by AGASS (

56 Distributed by AGASS (
Reverse engineering This is the technique of drawing design specifications from the actual product by studying its source code. In software reverse engineering, the program is first analyzed and then design specifications are worked out. This process can be carried out in several ways: Decomposing the object or executable code into source code and using it to analyse the program Utilizing the reverse engineering application as a black box test and unveiling its functionality by using test data. The advantages of the reverse engineering are faster development of a system and improvement in the present system by using reverse engineering. The IS auditor should look into software license agreements – some may prohibit reverse engineering Distributed by AGASS (

57 Web-based Application Development
Web-based systems and applications become integrated in business strategies for small and large companies. The following are the attributes of the Web based applications. Network Intensive: By its nature, a web based application is network intensive. It resides on a network and must serve the needs of diverse community of clients. A web based application may reside on the internet or intranet or extranet Content Driven: In many cases, the primary function of a web based application is to use hypermedia to present text, graphics, audio, and video contents to the end user. Continuous evolution: Unlike conventional application software that evolves over a series of planned, chronologically spaced releases, web based applications evolve continuously. Distributed by AGASS (

58 Categories of web-based applications
Informational: Read only content is provided with simple navigation and links Download: A user downloads information from the appropriate server Customization: The user customizes contents to specific needs Interaction: Communication among a community of users occurs via chat-room, bulletin boards, or instant messaging. User Input: Forms based input is the primary mechanism for com­municating need Transaction oriented: The user makes a request (e.g. places an order) that is fulfilled by the web based application Service Oriented: The application provides a service to the user (e.g. assists the user in calculating the EMI of loan) Portal: The application channels the user to other web content or ser­vices outside the domain of the portal application Database Access: The user queries a large database and extracts infor­mation Data Warehousing: The user queries a collection of large databases and extracts information Distributed by AGASS (

59 Distributed by AGASS (
Agile Development Refers to a family of similar development processes that involves a non traditional way of developing a complex system. It is termed as "agile" because they are designed with flexibility to handle changes to the system being developed or the project team that is performing the development. Agile development process involves: Setting of small subprojects or iterations on the basis of which next iteration is planned. Replanning the project at the end of each iteration involving resetting priorities, identification of new priorities etc The teams are generally small, cohesive and comprise of both business and technical representatives. In case of some agile development, two programmers code the same part of the system as a means of knowledge sharing and quality improvement. Unlike a normal project manager has the role of planning the proj­ect, allocating the tasks and monitoring the progress of the project, the project manager has a job of facilitator and advocate. Distributed by AGASS (

60 Information Systems Maintenance Practices
Systems undergo changes right through their life cycle. These changes often create problems in the functionality and other characteristics of a system. So it is necessary that a procedure for change is formalized. This is called as Change control or Change Management Distributed by AGASS (

61 Distributed by AGASS (
Change Management Request for change by the user must be submitted to the IS department along with the reasons for change. This is a Change Request The user request is then assessed by the relevant application developer. He evaluates the impact of the modifications on other programs and prepares schedule of change to be carried out Every organisation should have a defined Change Control Authority (CCA) - a person or a committee - which is the final authority to approve changes. Once approved by CCA, programmer then makes the approved changes, and the programs go through all the tests that they had gone through, when they were initially developed. The CCA then reviews the changes made to programs, data and documents and approve them. Then the systems administrator moves the changed version into the production environment and informs all users of the change and the revised version number. After running the new version of the application the user who requested the change should certify that the change requested by him has been fulfilled. Distributed by AGASS (

62 Library control software
The purpose of the library control software is to separate production libraries from test libraries. 'I he following are the functions of this software: It prevents programmers from accessing source and object programs in the production directory. It does not permit program to be updated in bulk. It enforces discipline: The programmer after making the requested change in the source code and testing it hands it over to the official authorised by the organisation to update the production directory - control group or systems administrator. The production directory is then updated with the revised version of the code - source and object. It provides read-only access to the source code. Any modification has to be authorized by the change control procedure detailed earlier. It maintains clear distinction between programs in production and test directories. Distributed by AGASS (

63 Executable and source code integrity
At any point of time, the current version of the source code and object code should match. In a manual program migration practice, the changed source code may be moved to the production directory, but compilation is omitted. Some of the controls the auditor should use to check in code integrity The time stamp on the object code should always be same or later than that of the corresponding source code. Users and application programmers should not have access to the production source code. In an automated environment, where the users themselves develop applications, controls may be lax. So auditors should focus on evaluating controls in such applications Distributed by AGASS (

64 Configuration Management
Configuration management involves various procedures throughout the life cycle of the software to identify, define and baseline software items in the system thus providing a basis for problem management, change management and release management. It involves identification of items like programs, documentation and data. Once handed over to the configuration management team, the item cannot be changed without a formal change control process The process of moving an item to the controlled environment is called checking in. When a change is required, the item will be checked out by the configuration manager. Once the change is made, it is checked in by a different version number. Distributed by AGASS (

65 Configuration Management…
The job profile of the CM maintainer involves the following task steps: Develop the configuration management plan Baseline the code and associated documents Analyse and report on the results of configuration control Develop the reports that provide configuration status information Develop release procedures Perform configuration control activities, such as identification and recording of the request Update the configuration status accounting database Distributed by AGASS (

66 Distributed by AGASS (
Sunday, November 22, 1998 Chapter 3 Project Management Tools and Techniques Distributed by AGASS (

67 Distributed by AGASS (
Learning Goals To provide a clear understanding of: What is meant by Project Management in context of IT Projects Software size estimation techniques - The significance of budgets and schedules in system development PERT (Program Evaluation Review Technique) as a project manage­ment tool Various kinds of tools and techniques available for project management such as Critical Path Method (CPM), Time Box Management etc. Computer Aided Software Engineering - CASE Distributed by AGASS (

68 Project Management Tools and Techniques
Sunday, November 22, 1998 Project Management Tools and Techniques Software : is designed, programmed is used and managed by people Use hardware and software Software development : a complex process managing resources e.g people, machines etc. engineering principles and practices are applicable All Project Management tools and techniques are applicable. Distributed by AGASS (

69 Distributed by AGASS (
Sunday, November 22, 1998 Project Management Project Management is application of Knowledge & practices, Skills and tools & techniques… Knowledge & practices involves risk based approach for… Project Initiation Project Planning Project Execution Project Control – Quantitative & Qualitative Project Closing Skills can be inherent but enhanced through … Training Experience Distributed by AGASS (

70 Distributed by AGASS (
Sunday, November 22, 1998 Project Management… Tools and techniques cane be… General Project Management Software size estimation Budgets & Schedules Software cost estimation Software configuration management Documentation Office automation Distributed by AGASS (

71 Distributed by AGASS (
Budgets an Schedules Two critical problems in software development are: Time and cost over­runs need to be addressed by a project manager. These problems arise because of poor estimation of effort required and hence cost involved in developing an application. Budgeting involves estimating human and machine / software efforts in each task. Machine efforts refers to any piece of hardware which would be required to develop a system. Gross person-month effort has to be considered for details, such as: What are the activities in the project? E.g. Requirements Analysis, programming, data entry of masters etc In which sequence will these activities be performed? Serially or simultaneously (in parallel) How will the total person-month effort be distributed over these activities On which date will each activity start and finish? What additional resources are required to complete the activity? What will be the measure that assesses the completion of an activity? What will be the points in which the management will review the project? Distributed by AGASS (

72 Software size estimation
In order to arrive at a cost of software, it is necessary to determine size of the software. In early days, when procedural programming was used (mostly COBOL), count of number of lines of source code (SLOC – Source Lines Of Code) was used However, this method did not work well with complex programs as well as with newer techniques of programming. Therefore, Function Point Analysis was developed by researchers. Distributed by AGASS (

73 Function Point Analysis
A function point represents the size and complexity of the application This is computed on the basis of number of inputs, outputs, files, queries and interfaces that the application is likely to have. This estimate is arrived at in terms of person-months required to de­velop the application. Function point is then calculated based on reliability, criticality, complexity and reusability expected from the system. e.g. Productivity = FP / Person-Month, Quality = Defects / FP , Cost = Rupees / FP. Distributed by AGASS (

74 Distributed by AGASS (
Other costs Apart from software size estimation, some other components of cost should be taken into consideration for other phases of the project. These are : Main storage constraints Data storage constraints Execution Time constraints Staff experience Computer access Security environment Source code language Target machine used for development Distributed by AGASS (

75 Distributed by AGASS (
Gantt Charts Gantt Charts are prepared to schedule the tasks involved in a project. It shows… when tasks should begin and end what tasks can be undertaken concurrently, and what tasks have to be done serially. They help to identify the consequences of early and late completion of the tasks. Distributed by AGASS (

76 Gantt Chart example : Schedule of a Project
Distributed by AGASS (

77 Gantt Chart example : Gantt chart
Distributed by AGASS (

78 Program Evaluation Review Technique (PERT)
PERT represents activities in a project as a network. It indicates the sequential and parallel relationship between activities. PERT terminology : Activity An activity is a portion of the project, which requires resources and time to complete. The activity is represented by an arrow. Event An event is the starting or end point of an activity. It does not consume resources or time. It is represented by a circle Predecessor activity Activities that must be completed before another activity can begin, are called predecessor activities for that activity. Successor activity Activities that are carried out after an activity is completed, are known as successor activities. Distributed by AGASS (

79 Program Evaluation Review Technique (PERT)…
PERT terminology : (contd..) Slack Slack is the difference between earliest and latest completion time of an activity Dummy Dummy activity is that activity which requires no resources. A dummy activity does not have any real life significance. Dummy activities are required in PERT, because as per the rules of PERT, not more than one activity can have the same preceding and succeeding activity. To represent this, dummy activities are included. Distributed by AGASS (

80 Program Evaluation Review Technique (PERT)…
Time estimate PERT recognizes the estimates cannot be precise, and hence allows a weighted average of different estimates such as pessimistic, optimistic and most likely. A heavier weightage is given to the most likely estimate and the calculation is as follows: to - optimistic estimate tp - pessimistic estimate tm - most likely estimate Expected time = (to + 4tm + tp) / 6 Distributed by AGASS (

81 Critical Path Method (CPM)
In a network, critical path represents the path which has the highest duration of time. It is the shortest time in which the project can be completed. Maximum control is required on the completion of any activity on Critical Path If any activity on critical path is delayed, the whole project will be delayed. Activities in the critical path have zero slack Distributed by AGASS (

82 Critical Path Method (CPM)…
The critical path is found by working forward through the network Computing the earliest possible completion time for each activity Thus earliest possible completion time for the project is found. Now, taking this as the completion time of the project, working backwards the latest completion time of each activity is found. The path on which activities have the same earliest and latest completion time is the critical path or in other words slack is zero. Distributed by AGASS (

83 System Development Tools and Productivity Aids
These help in better productivity from programmers and better quality if properly used. Code generators Code generators generate program code on the basis of parameters defined by system analyst or data flow diagrams. These aid in improv­ing programmer efficiency. Such tools, which help in automation of software life cycle activities are included in CASE (Computer Aided Software Engineering) tools. Computer Aided Software Engineering (CASE) CASE is an attempt to automate all activities associated with the software development life cycle. Distributed by AGASS (

84 Distributed by AGASS (
CASE Tools Classification of CASE tools : 3 categories Upper CASE: Useful in the early stages of SDLC. Tools that help in defining application requirements fall in this category. Middle CASE: These address the needs in the middle levels of SDLC such as Design. Those that help in designing screen and report layouts, data and process design falls in this category. Lower CASE: The later parts of the life cycle make use of these tools. These tools use design information to generate program codes. Distributed by AGASS (

85 Integrated CASE environments
It is possible to use separate CASE tools for individual activities but an integrated CASE (I CASE) tool is used for better efficiency. CASE database (Repository) contains the following data: Enterprise information such as Organisational structure, Business area analysis etc. Application design information such as data structures, menu trees, processing logic etc Construction / Programs information such as source code, object code etc Testing information such as Test plan, Test results etc Project management details such as Project plan, Work breakdown structure, Estimates, schedules etc Documentation details such as Systems requirements specifications, Design document, User manuals Distributed by AGASS (

86 Advantages and limitations in using CASE
Benefits of using CASE Since CASE strictly follows SDLC, use of CASE enforces the disci­pline in steps of SDLC. The standardization / uniformity of processes can be achieved. Since CASE tools generate inputs of each stage from the outputs of previous stage, consistency of application quality can be ensured. Tasks such as diagramming need not be done by the programmer, and can be left to the CASE tool. Programmer can devote time for more productive tasks; thus the development time can be shortened and cost economy can be achieved Since stage outputs and related documentation are created by the tool. Disadvantages of CASE CASE tools are costly, particularly ones that address the early stages of the life cycle. Use of CASE tools requires extensive training Distributed by AGASS (

87 Distributed by AGASS (
Sunday, November 22, 1998 Chapter 5 Specialized Systems Distributed by AGASS (

88 Distributed by AGASS (
Sunday, November 22, 1998 Learning Goals An understanding of Artificial Intelligence (AI) that includes Characteristic features of AI applications AI applications like expert systems, neural systems, robotics etc. An insight on expert systems, its components, merits and shortcom­ings An overview of data warehouse, data mining and its concept An understanding on Decision Support systems (DSS) that includes DSS frameworks Design, development and implementation issues in DSS DSS trends Point of Sale systems ATMs EDI, E-Commerce, ERP Systems Distributed by AGASS (

89 Artificial Intelligence (AI)
Designing human like thinking ability by computers is called AI Computer are very good and speedy in performing calculations which are of repetitive nature. Artificial Intelligence does this on the basis of predetermined set of rules. Human is better than computer (since it is a living animal) in following aspects.. Thinking and reasoning Using reason to solve problems Learning from experience Exhibiting creativity and imagination Handling ambiguous or incomplete information AI tries to achieve the same through computer. Distributed by AGASS (

90 Distributed by AGASS (
AI applications The applications of AI can be classified into three major categories: Cognitive Science, Robotics and Natural Languages Cognitive Science: This is an area based on research in disciplines such as biology, neurology, psychology, mathematics and allied disciplines. It focuses on how human brain works and how humans think and learn. Applications of AI in the cognitive science are: Expert Systems: These are information systems with reasoning ca­pability. Learning Systems: These are the systems that can modify their be­haviour based on information they acquire as they operate. Distributed by AGASS (

91 Distributed by AGASS (
AI applications… Fuzzy logic: These are systems that can process data that are ambiguous and incomplete. This permits them to solve unstructured problems. These systems are 'trained' to learn imprecise terminology such as those normally used by humans in their interactions (e.g. cooler, faster etc). Many embedded systems such as in washing machines, refrigerators, auto-focus cameras and energy efficient air-conditioners use fuzzy logic. Neural networks: These are computing systems modelled after the human brain. This is with reference to the mesh like network of interconnected processing elements. Though the architecture is much simpler than the human brain, it permits them to recognize patterns. Such patterns get more and more refined with data input. Distributed by AGASS (

92 Distributed by AGASS (
Some AI examples Intelligent agents: Intelligent agents are software that use built-in and learned knowledge base about a person or process to make de­cisions and accomplish tasks in a way that fulfils the intentions of user. E.g. Word processing software Robotics: This technology produces robot machines with computer intelligence and human-like physical capabilities. Robotics find expensive application in computer aided manufacturing. Natural languages: Being able to 'converse' with computers in human languages is the goal of research in this area. E.g. Interactive voice response, virtual reality Virtual reality: Virtual reality involves using multi sensory human-computer interfaces that enable humans to experience computer simulated objects, space and activities, as they actually exist. Flight simulation for training pilots, surgery simulation for training doc­tors are some of the applications of virtual reality. Distributed by AGASS (

93 Distributed by AGASS (
Expert Systems Most practical and widely implemented applications. An expert system (ES) is a knowledge based information system that uses its knowledge about a specific, complex application area to act as an expert consultant. Provide answers in the specific application area, and also explain their reasoning process and conclusions Distributed by AGASS (

94 Components of expert systems
User interface: This allows the user to interact with the system. The user presents the problem for which solutions are delivered to him. Interface engine: This part reasons and determines the application of knowledge in the knowledge base to the facts presented in the user interface. Interface engine is the active component of an expert system and its main job is to mimic human reasoning Distributed by AGASS (

95 Components of expert systems…
Knowledge base: Important element of an expert system since it holds the expert problem solving knowledge. The key to the knowledge base is the way knowledge is represented. Knowledge representation deals with structuring of information and ways to manipulate it to infer additional data. Distributed by AGASS (

96 Advantages of expert systems
The knowledge and experience of the expert is captured before he leaves the organization The codified knowledge in a central repository makes it easy to share it with the less experienced in the application area This ensures consistent and quality decisions It also enhances personnel productivity Distributed by AGASS (

97 Limitations of expert systems
Sunday, November 22, 1998 Limitations of expert systems Expert systems perform well in solving specific types of problems in a limited domain. When the problems involve multiple domains, expert systems become difficult to construct They do not have the capacity to learn and from that point of view are static in their knowledge. E.g. in above cited example, a new disease (say Dengue) which also may have similar symptoms like Malaria may not be predicted unless some more questions are asked and some more knowledge is updated in knowledge base. Usage of specialised languages render maintenance of expert sys­tems difficult Development costs of expert systems are high. This obvious because one may have to work with multiple experts to update knowledge base. Distributed by AGASS (

98 Distributed by AGASS (
Sunday, November 22, 1998 Data Warehouse Data Warehouse as defined by researcher W. H. Inmon states that “It is a Subject - oriented, integrated, time-variant, non-volatile, collection of data in support of management’s decision making process” Another definition given by Wayne Eckerson says that “It is a Central Repository of clean, consistent, integrated & summarised information, extracted from multiple operational systems, for on-line query processing” Distributed by AGASS (

99 Features of Data Warehouse
Sunday, November 22, 1998 Features of Data Warehouse It is a Stand-alone application It has a repository of information which may be integrated from several, heterogeneous operational databases It stores large volumes of data which are frequently used for DSS It is physically stored separately from organisation’s databases It is relatively static, and has infrequent updates It is “Read-Only” application Distributed by AGASS (

100 Preparation of Data Warehouse
Sunday, November 22, 1998 Preparation of Data Warehouse Data is copied from ERP or other Transaction processing systems and before uploading it in Data Warehouse, it is aggregated, summarised & filtered for suitable analysis. End users run queries against this data to identify trends, patterns & correlations hidden in the data. The following is a complete life cycle of a Data Warehouse. Prepare data Transform data Load data Model data Establish Access – This gives to Data Warehouse data Retrieve data Analyse data Archive data Destroy data from Data Warehouse Distributed by AGASS (

101 Distributed by AGASS (
Sunday, November 22, 1998 Data Mining Data Mining is a process of recognizing the patterns among the data in the data warehouse. IS Auditors can place more reliance on the data mining technique to assess audit risk and to collect and evaluate audit risk by : Detecting errors and irregularities Knowledge discovery by better assessing safeguarding of assets, data integrity and effective and efficient operation of the system Distributed by AGASS (

102 Decision Support Systems (DSS)
These are information systems that provide interactive information support to managers with the use of analytical models. DSS are designed to be adhoc systems, modelled for specific decisions of individual managers. These system satisfy such queries which are not answered by the transactions processing systems. Typical examples could be: Comparative sales figures between two consecutive months for dif­ferent products with the percentage variation to total sales Revenue and Cost projections on the basis of certain product mix Evaluation of different alternatives, leading to selection of the best one. Distributed by AGASS (

103 Point of Sale Systems (POS)
A POS system is intended to capture data at the time and place of transaction which is being initiated by a business user. It is often attached to scanners to read bar codes and magnetic cards for credit card payment and electronic sales. POS provide significant cost and time saving as compared to the manual methods. Also eliminate errors that are inherent in manual system POS may involve batch processing or an online processing. Distributed by AGASS (

104 Automatic Teller Machines (ATM)
An automated teller machine is a specialized form of the point of sale terminal. This is designed for unattended use by a customer of a financial institution. The ATMs generally allow cash deposits, cash with­drawals and a range of banking operations like cheque book requisition, requesting account statement etc. ATMs are generally used for use after the closing hours of the financial institution and can be located either adjacent to the location of the financial institution or may be at a distant place. The facility of ATM can be within a bank, across local banks and amongst the banks outside a region. ATMs transfer the information and money over communication lines. These systems must provide a high level of logical and physical security for both the customer and the ATM machine. Distributed by AGASS (

105 Electronic Data Interchange (EDI Systems)
Electronic Data Interchange is the oldest form of transmitting business transactions between the business partners with dissimilar computer systems. EDI is used to transmit and exchange business documents like purchase orders, request for proposals, invoices and shipping notices in a standard machine readable format. The advantages of EDI are: Reduction in paperwork Improved flow of information No necessity of reeking of data Less errors while transmitting / exchange of information Speed in communication due to electronic transmission Improvement in carrying out a business process. Distributed by AGASS (

106 How does the EDI system function?
The EDI comprises of the following three elements: Communication Software : moves the data from one point to another marks the start and the end of the EDI transmission decides how the acknowledgements are transmitted and reconciled. Translation Software : involves conversion of data from a business application translated into a standard format, to be transmitted over the communication network convert this data back from the EDI format into the proprietary format of the receiver organization. EDI standard : which specifies the standards for the transmittal of the business documents like invoices, purchase orders etc. Distributed by AGASS (

107 How does the EDI system function?...
Traditional EDI process generally involves three functions within each trading partner's computer system. Communication handler : Process for transmitting and receiving elec­tronic documents between trading partners via Dial up lines, Public switched network, Multiple dedicated lines or a value added network. EDI Interface : Interface function manipulates and routes the data between the application system and the communications handler. EDI interface may generate and send the functional acknowledgements, verify the identity of the partners and check the validity of the transactions by checking the transmission information against the trading partner master file. The interface consists of two components : EDI Translator & Applications Interface Application System : The programs that process the data sent to, received from, the trading partner. E.g. Purchase orders from purchasing system. Distributed by AGASS (

108 Distributed by AGASS (
EDI standards There are two competing and mutually incompatible standards for EDI in existence today. They are the ANSI ASCX.12 (American National Standards Institute-Accredited Standards Committee) and UN/EDIFACT (United Nations / Electronic Data Interchange for Administration Commerce and Trade) standards. Features of ANSI ASCX.12: This standard was developed by ANSI, and has been adopted in the USA and some pacific Rim countries) Standards for 250 transactions are currently available. It is relatively rigid and inflexible when compared to EDIFACT Features of UN/ EDIFACT: This standard was originally developed in Europe and adopted by United Nations. They are relatively flexible when compared to X.12 Flexibility has lead to frequent versions. Different Companies may have different versions leading to conflicts Adopted in areas where X.12 was not adopted Both the above standards are relatively expensive and have found the acceptance in large organizations and do not address to the needs of the small and medium size enterprises. Distributed by AGASS (

109 Distributed by AGASS (
Web Based EDI Web based EDI has become popular because Substantial reduction in the cost for small size organizations be­cause the trade partners can use VPN on Internet as against dedi­cated communication lines. Its ability to attract new partners via web based sites Improvement in the traditional EDI format New security products are available to address issues of confidenti­ality, integrity, authentication and non repudiation. Distributed by AGASS (

110 Electronic Commerce (e-Commerce):
e-Commerce involves, information sharing, payment, fulfillment and service and support. It has 4 functions : Information Sharing Payment Fulfillment Service and Support Distributed by AGASS (

111 The Advantages of the E Commerce are:
Savings in Cost Saving in transaction time No limitations of the geographical boundaries. Larger availability of the customer base for the suppliers and larger choice to the customers No restriction of timings Storage or holding cost can be greatly reduced Different roles for the intermediaries Distributed by AGASS (

112 Types of E Commerce Models
Business to Business (B to B) relationship Business to consumer (B to C) relationship Business to Employee (B to E) relationship Business to Government (B to G) relationship Consumers to Consumers (C to C) relationship Citizen to Government (C to G) relationship Exchange to Exchange (X to X) relationship Distributed by AGASS (

113 Enterprise Resource Planning Systems (ERP Systems)
Enterprise Resource Planning (ERP) are fully integrated corporate solutions focusing on the business applications like finance and control, pro­duction planning, sales, warehousing and logistics etc. Presently, there are many ERPs available in the market like SAP, Oracle Applications, BAAN, People Soft etc. The ERPs save lot of time by recording the business transaction only once and at the first instance only. Distributed by AGASS (

114 Distributed by AGASS (
Sunday, November 22, 1998 Chapter 6 Auditing the System Development Process Distributed by AGASS (

115 IS Auditor's Role in Systems Development, Acquisition and Maintenance
Sunday, November 22, 1998 IS Auditor's Role in Systems Development, Acquisition and Maintenance Identifying subsystems and modules, their goals and user function­ality expectations Checking if the control recommendations are appropriate for the risks identified Advising the design team on incorporating control measures Verifying if the recommendations he has made are properly imple­mented To ensure that the systems help to meet the organisational objectives Distributed by AGASS (

116 IS Auditor's Role in Systems Development, Acquisition and Maintenance
Sunday, November 22, 1998 IS Auditor's Role in Systems Development, Acquisition and Maintenance To ensure the qual­ity of the deliverables. Reviewing the change management process To assess the effectiveness of the system in the post implementation phase. Reviewing the maintenance procedure To ensure adequate documentation Ensuring production source integrity during the maintenance phase Distributed by AGASS (

117 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC Has to review all the phases of the system develop­ment life cycle, such as: Feasibility study has to ensure that the suggested technology is viable before implementing it in the de­velopment process. can provide a valuable inputs in evaluating the cost-benefit analysis. System requirement definition To review problem definition To review Information flows To evaluate the methodology employed and the compliance level. To check use of CASE tools , be­cause the quality of work is likely to be better in CASE environ­ments Distributed by AGASS (

118 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC Software acquisition The decision to acquire the software should flow from the feasibility study The auditor should also ensure that the software acquired would meet the overall design goals of the proposed system. RFP (Request for proposal) should be checked for adequacy. Should check the criteria for pre-qualification of vendors. To check justification for the selection of the final vendor / product. availability of sufficient documentation to support the above decision. The auditor may also collect information on vendor viability, support infrastructure, service record and the like. Should thoroughly review the contract signed with the vendor Distributed by AGASS (

119 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC Detailed design and programming In non-CASE environ­ments, the auditor may have to undertake a detailed design review: The design diagrams should be checked for compliance with stan­dards To check for appropriate approvals for any change that has been incorporated in the design stage To check the design for modularity. To review the input, processing and output controls of systems. To check the user interface design for usability, appropriateness, compliance with standards and acceptance by users. Distributed by AGASS (

120 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC Availability of Audit trails. To check compatibility, interoperability and scalability for selected hardware and software To check Flow charts and other such tools To check their implementation in programs To focus on Exception data handling To test the design and program for such data. To ensure that the 'bugs' have been fixed. Distributed by AGASS (

121 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC Testing To review the test plans for completeness. To verify Cyclical processing such as month-end reports etc. To verify Security functions of the system. Implementation The documentation on parallel run, if available, should be reviewed for effectiveness. Operating procedures should be checked for clarity and accuracy System and user documents should be checked for adequacy, clarity and currency. It should be ensured that data conversion has been completed and all past data are available in a format readable by the new software. Distributed by AGASS (

122 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC Post-implementation and maintenance System's ability to fulfill ob­jectives that were specified initially. Compliance with change control procedure Functioning of controls in accordance with design Review of operator error logs Distributed by AGASS (

123 IS Auditor's Role in Reviewing Developmental Phases of SDLC
Sunday, November 22, 1998 IS Auditor's Role in Reviewing Developmental Phases of SDLC System change procedures and program migration process On a periodic basis, the auditor should check the following : Procedures for authorising, prioritising and tracking system chang­es Appropriateness of authorisations for selected change requests Existence of program change history The match program and documentation versions Access control procedures on source and executable codes in pro­duction directory Procedure for emergency changes Security of emergency login ids. The match between current version of source code and executable code in production directory Distributed by AGASS (

124 IS Auditor's Role in Project Management
Sunday, November 22, 1998 IS Auditor's Role in Project Management Objective : The risk management process includes… the measures undertaken to mitigate the risks at costs commensurate with the level of risks. Not recognising risks or providing exorbitantly costly mitigation measures for trivial risks should be avoided IS Auditor should : Collect documentation of each phase and check for adequacy and completion. Attend project meetings to check the compliance of the develop­ment process. Advise the team on adequate and cost effective control measures. Represent the management interest in the team by continuously as­sessing the ability of the team to meet targets that have been set. Distributed by AGASS (

125 Distributed by AGASS (
Sunday, November 22, 1998 !!! End of Module - IV !!! Distributed by AGASS (

Download ppt "Systems Development Life Cycle & Applications System"

Similar presentations

Ads by Google