Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 / 125 Systems Development Life Cycle & Applications System Distributed by AGASS (http://www.agass.org)

Similar presentations


Presentation on theme: "1 / 125 Systems Development Life Cycle & Applications System Distributed by AGASS (http://www.agass.org)"— Presentation transcript:

1 1 / 125 Systems Development Life Cycle & Applications System Distributed by AGASS (http://www.agass.org)

2 2 / 125 Chapter 1 Business Application Development Framework Distributed by AGASS (http://www.agass.org)

3 3 / 125 Learning Goals The need for structured system development The need for structured system development The various phases of Software Development Life Cycle - SDLC and their interrelationship in brief The various phases of Software Development Life Cycle - SDLC and their interrelationship in brief Feasibility Study Feasibility Study System Requirement Analysis System Requirement Analysis Hardware and software acquisition Hardware and software acquisition Distributed by AGASS (http://www.agass.org)

4 4 / 125 Introduction Logical starting point in the entire life cycle of a computerized system. Logical starting point in the entire life cycle of a computerized system. Activities starts when : Activities starts when : decides to go for computerization decides to go for computerization migrate from existing computerized system to a new one migrate from existing computerized system to a new one Understanding of why and how systems are deployed Understanding of why and how systems are deployed Distributed by AGASS (http://www.agass.org)

5 5 / 125 Introduction… A System can be defined as “a collection of inter-related components or sub-systems”. E.g. our solar system – consisting of Sun and planets, our body can be considered as a system of collection of organs, bones, tissues, blood etc. A System can be defined as “a collection of inter-related components or sub-systems”. E.g. our solar system – consisting of Sun and planets, our body can be considered as a system of collection of organs, bones, tissues, blood etc. Business - collection of systems such as manufacturing, stores, purchase, administration, accounts and so on. Business - collection of systems such as manufacturing, stores, purchase, administration, accounts and so on. Systems have a life span after which they will be replaced. Systems will become obsolete due to.. Systems have a life span after which they will be replaced. Systems will become obsolete due to.. Technology may become outdated Technology may become outdated People using the system may change People using the system may change Government or other regulatory change may render the systems obsolete. Government or other regulatory change may render the systems obsolete. Business needs are expanded due to expansion of business, mergers, take- overs etc. Business needs are expanded due to expansion of business, mergers, take- overs etc. With the increased use of computers, it is necessary to have more organized ways of developing systems and procedures With the increased use of computers, it is necessary to have more organized ways of developing systems and procedures Distributed by AGASS (http://www.agass.org)

6 6 / 125 Introduction … SDLC gives way to all other activities covered in other modules such as : SDLC gives way to all other activities covered in other modules such as : protection of IT assets protection of IT assets business continuity business continuity IS Audit Process etc. IS Audit Process etc. Distributed by AGASS (http://www.agass.org)

7 7 / 125 Characteristics of a System Each system consists of inter-related sub-systems or components Each system consists of inter-related sub-systems or components System has an identifiable boundary and works within it’s boundary System has an identifiable boundary and works within it’s boundary Each system will have Purpose of existence Each system will have Purpose of existence Environment of the system – external to the system Environment of the system – external to the system Interface to the system – for interaction with environment Interface to the system – for interaction with environment Inputs to the system – e.g. data Inputs to the system – e.g. data Outputs generated by the system - information Outputs generated by the system - information Constraints or business rules for the system Constraints or business rules for the system Distributed by AGASS (http://www.agass.org)

8 8 / 125 Business Application Development Developing or acquiring and maintaining application systems which will be used for various day-to-day business activities. Developing or acquiring and maintaining application systems which will be used for various day-to-day business activities. The effective management and control of this development. The effective management and control of this development. The SDLC involves defined phases,the phases may be undertaken in a serial manner or in a parallel manner. The SDLC involves defined phases,the phases may be undertaken in a serial manner or in a parallel manner. Distributed by AGASS (http://www.agass.org)

9 9 / 125 Need for Structured Systems Development Methodology Software is not a tangible product which can be put to use immediately Software is not a tangible product which can be put to use immediately Software products are not manufactured but are developed by developers. Therefore, their quality heavily depends on the quality of people carrying out system development. Software products are not manufactured but are developed by developers. Therefore, their quality heavily depends on the quality of people carrying out system development. Developing software products in an organized manner means : Developing software products in an organized manner means : software development should be treated as a Project software development should be treated as a Project Schedules of completion and deliverables in a time line for various phases Schedules of completion and deliverables in a time line for various phases Resources and cost estimation for all the phases Resources and cost estimation for all the phases Quality standards for comparing products of every phase Quality standards for comparing products of every phase Distributed by AGASS (http://www.agass.org)

10 10 / 125 Risks associated with SDLC Necessary to know these risks prior to undertaking SDLC projects. Necessary to know these risks prior to undertaking SDLC projects. The objective is to : The objective is to : Identify risks Identify risks Discovering methods to eliminate or mitigate them Discovering methods to eliminate or mitigate them Accepting residual risk and going ahead with the project Accepting residual risk and going ahead with the project Some of the Risks : Some of the Risks : Cumbersome for the development team due to lot of documentation Cumbersome for the development team due to lot of documentation The users may find that the end product is not visible for a long time. The users may find that the end product is not visible for a long time. Due to formal structured methodology, duration of project may be longer, thus it may not be suitable for small and medium sized organizations. Due to formal structured methodology, duration of project may be longer, thus it may not be suitable for small and medium sized organizations. Distributed by AGASS (http://www.agass.org)

11 11 / 125 Software development : distinct processes Identifying the need or problem for the development - Project Initiation, Feasibility Studies Identifying the need or problem for the development - Project Initiation, Feasibility Studies Specifying the system - Requirements Analysis Specifying the system - Requirements Analysis The potential benefits from new system - Feasibility Study The potential benefits from new system - Feasibility Study Identification and evaluation of factors which affect business - Project Initiation, Feasibility Studies Identification and evaluation of factors which affect business - Project Initiation, Feasibility Studies Designing of the system - System Design Designing of the system - System Design Programming - Developing source code Programming - Developing source code Program testing Program testing Implementation Implementation Distributed by AGASS (http://www.agass.org)

12 12 / 125 Project Initiation Whenever a business entity decides (i.e. stakeholders in the business or senior management) to undertake computerization, a Project will have to be initiated. This process is called as Project Initiation. Whenever a business entity decides (i.e. stakeholders in the business or senior management) to undertake computerization, a Project will have to be initiated. This process is called as Project Initiation. E.g. A new business application is required to be developed to address a new or existing business process e.g. a billing system E.g. A new business application is required to be developed to address a new or existing business process e.g. a billing system The outcome of Project Initiation is a formal Project Initiation Report which is presented to senior management or BOD. The outcome of Project Initiation is a formal Project Initiation Report which is presented to senior management or BOD. This will be accepted with or without modifications and then the next phases of SDLC will be rolled out. This will be accepted with or without modifications and then the next phases of SDLC will be rolled out. In case of SMEs or very small organizations, a formal Project Initiation Report may not be prepared. In case of SMEs or very small organizations, a formal Project Initiation Report may not be prepared. Distributed by AGASS (http://www.agass.org)

13 13 / 125 Phases in SDLC Feasibility Study Feasibility Study Requirements Analysis Requirements Analysis Systems Design Systems Design Programming / Construction Programming / Construction Testing Testing Implementation Implementation Post-Implementation Post-Implementation Distributed by AGASS (http://www.agass.org)

14 14 / 125 Phase 1 - Feasibility Study Organizations cannot give unlimited resources, unlimited budgets and unlimited time-frames for projects. Organizations cannot give unlimited resources, unlimited budgets and unlimited time-frames for projects. Therefore this requires a Feasibility Study covering the following aspects of a project.. Therefore this requires a Feasibility Study covering the following aspects of a project.. Economic Economic Time Time Technical Technical Operational Operational Resources Resources Behaviroural Behaviroural Legal Legal It is done by identification of problem, identification of objectives, delineation of scope, conducting feasibility study It is done by identification of problem, identification of objectives, delineation of scope, conducting feasibility study Distributed by AGASS (http://www.agass.org)

15 15 / 125 Phase 2 – Requirements Analysis Understanding Requirements Understanding Requirements Study of history, structure and culture Study of history, structure and culture Study of Information flows Study of Information flows Eliciting user requirements Eliciting user requirements Structured Analysis Structured Analysis Context and Data Flow Diagrams (DFD) Context and Data Flow Diagrams (DFD) Entity-Relationship diagram Entity-Relationship diagram Data dictionaries Data dictionaries Decision Table / Decision Tree / Structured English Decision Table / Decision Tree / Structured English State Transition diagram State Transition diagram Distributed by AGASS (http://www.agass.org)

16 16 / 125 Phase 2 – Requirements Analysis… System charts / program flow charts System charts / program flow charts Interface in form of data entry screens and dialogue boxes Interface in form of data entry screens and dialogue boxes Report layouts Report layouts In the industry, the Requirement Analysis is known by different names such as In the industry, the Requirement Analysis is known by different names such as Systems Requirements Specifications (SRS), Systems Requirements Specifications (SRS), Business Requirements Specifications (BRS), Business Requirements Specifications (BRS), Users Requirements Specifications (URS) or Users Requirement Document (URD). Users Requirements Specifications (URS) or Users Requirement Document (URD). Strictly speaking, all these will give different aspects of requirements Strictly speaking, all these will give different aspects of requirements Distributed by AGASS (http://www.agass.org)

17 17 / 125 Software Acquisition Software acquisition is not considered as a standard phase in SDLC Software acquisition is not considered as a standard phase in SDLC Requirements analysis should be carried out even if software acquisition is planned Requirements analysis should be carried out even if software acquisition is planned Request for Proposal – RFP should be prepared which should give at a minimum : Request for Proposal – RFP should be prepared which should give at a minimum : Product vs System requirements Product vs System requirements Customer References Customer References Vendor viability and financial stability Vendor viability and financial stability Availability of complete and reliable documentation about the new software Availability of complete and reliable documentation about the new software Vendor support Vendor support Response time Response time Source code availability Source code availability Vendor’s experience Vendor’s experience A list of recent or planned enhancements to the product with dates A list of recent or planned enhancements to the product with dates List of current custom¬ers List of current custom¬ers Acceptance testing of product Acceptance testing of product Distributed by AGASS (http://www.agass.org)

18 18 / 125 Roles involved in SDLC Steering Committee Steering Committee Project Manager Project Manager Systems Analyst Systems Analyst Team Leader Team Leader Programmer Programmer DBA DBA Quality Assurance Quality Assurance Tester Tester Domain Specialist Domain Specialist Technology Specialist Technology Specialist Documentation Specialist Documentation Specialist IS Auditor IS Auditor Distributed by AGASS (http://www.agass.org)

19 19 / 125 Chapter 2 Phases in Software Development Distributed by AGASS (http://www.agass.org)

20 20 / 125 Learning Goals A clear understanding of all the phases of SDLC except the phase involving feasibility study and system requirement analysis, which we have seen in Chapter 1. A clear understanding of all the phases of SDLC except the phase involving feasibility study and system requirement analysis, which we have seen in Chapter 1. This chapter will cover the phases of Programming, Testing, Implementation and Post implementation This chapter will cover the phases of Programming, Testing, Implementation and Post implementation Distributed by AGASS (http://www.agass.org)

21 21 / 125 System Design Phase Based on the requirements analysis done by development team, a system will be designed. Based on the requirements analysis done by development team, a system will be designed. As explained in Chapter 1, if Software Acquisition is planned, then the next 2 phases viz Systems Design and Programming will not be undertaken. As explained in Chapter 1, if Software Acquisition is planned, then the next 2 phases viz Systems Design and Programming will not be undertaken. In the last chapter, we have seen how Requirements Analysis is carried out by using Structured Analysis technique. In the last chapter, we have seen how Requirements Analysis is carried out by using Structured Analysis technique. The same technique is used for describing the Design of the system. The same technique is used for describing the Design of the system. We will now study some other aspects of Systems Design We will now study some other aspects of Systems Design Distributed by AGASS (http://www.agass.org)

22 22 / 125 Systems Design Developing system flowcharts to illustrate how the information shall flow through the system. E.g. DFDs. Developing system flowcharts to illustrate how the information shall flow through the system. E.g. DFDs. Defining the applications through a series of data or process flow diagrams, showing various relationships from the top level down to the detail. E.g. E-R diagrams, data dictionaries etc. Defining the applications through a series of data or process flow diagrams, showing various relationships from the top level down to the detail. E.g. E-R diagrams, data dictionaries etc. Describing inputs and outputs, such as screen design and reports. We shall describe this later. Describing inputs and outputs, such as screen design and reports. We shall describe this later. Determining the processing steps and computation rules for the new solution. E.g. Decision Tables / trees and Structured English Determining the processing steps and computation rules for the new solution. E.g. Decision Tables / trees and Structured English Determining data file or database system file design. E-R diagram and data dictionaries will lead to design of the table Determining data file or database system file design. E-R diagram and data dictionaries will lead to design of the table Preparing the program specifications for the various types of requirements or information criteria defined. This topic is also beyond our current scope. Preparing the program specifications for the various types of requirements or information criteria defined. This topic is also beyond our current scope. Distributed by AGASS (http://www.agass.org)

23 23 / 125 Systems Design … Thus, this phase deals with the way the proposed system can be transformed into a working model. Thus, this phase deals with the way the proposed system can be transformed into a working model. The steps involved in this phase are: The steps involved in this phase are: Architectural design Architectural design Design of data / Information flow Design of data / Information flow Design of database Design of database Design of user interface Design of user interface Physical design Physical design Selection of appropriate hardware and software Selection of appropriate hardware and software Distributed by AGASS (http://www.agass.org)

24 24 / 125 Architectural design Architectural design deals with the organisation of applications in terms of hierarchy of modules and sub-modules. Architectural design deals with the organisation of applications in terms of hierarchy of modules and sub-modules. It is necessary to identify : It is necessary to identify : Major modules e.g. Masters, Transactions, Reports etc Major modules e.g. Masters, Transactions, Reports etc Function and scope of each module Function and scope of each module Interface features of each module Interface features of each module Modules that each module can call directly or indirectly Modules that each module can call directly or indirectly Data received from / sent to / modified in other modules Data received from / sent to / modified in other modules The architectural design is made with the help of a technique called as functional decomposition wherein top level functions are decomposed (i.e. broken into) and inner-level functions are discovered. This process is continued till our context is met with. The architectural design is made with the help of a technique called as functional decomposition wherein top level functions are decomposed (i.e. broken into) and inner-level functions are discovered. This process is continued till our context is met with. Distributed by AGASS (http://www.agass.org)

25 25 / 125 Design of data / Information flow We have already seen this in the last chapter thru Context and DFDs We have already seen this in the last chapter thru Context and DFDs Distributed by AGASS (http://www.agass.org)

26 26 / 125 Design of database We have seen what are entities and E-R diagrams in the last chapter. We have seen what are entities and E-R diagrams in the last chapter. In designing database, entities are described in detail, with their structure. In designing database, entities are described in detail, with their structure. E.g. an Employee entity, obvious structure elements (also called as attributes, fields, columns) would be Employee ID, Name, Address, Date of Birth etc. E.g. an Employee entity, obvious structure elements (also called as attributes, fields, columns) would be Employee ID, Name, Address, Date of Birth etc. Only those attributes which are of current interest w.r.t. the current system (or system module) are only considered. Only those attributes which are of current interest w.r.t. the current system (or system module) are only considered. When design of all entities is over, they can be put in a repository to form a Data Dictionary so that, common entities across the system can be used by other development team members. When design of all entities is over, they can be put in a repository to form a Data Dictionary so that, common entities across the system can be used by other development team members. Distributed by AGASS (http://www.agass.org)

27 27 / 125 Design of database… The design of database consists of 4 major activities The design of database consists of 4 major activities Conceptual modeling – E-R digrams giving relationship between entities Conceptual modeling – E-R digrams giving relationship between entities Data modeling – describing data types, length Data modeling – describing data types, length Storage structure design – how to store data on a physical device e.g. hard disk Storage structure design – how to store data on a physical device e.g. hard disk Physical layout design – hard disk track level design is done Physical layout design – hard disk track level design is done Distributed by AGASS (http://www.agass.org)

28 28 / 125 Design of user interface This is nothing but designing of data entry screens, dialogue boxes This is nothing but designing of data entry screens, dialogue boxes Important aspects are... Important aspects are... Menu navigation should be easy and promote the users to use the software Menu navigation should be easy and promote the users to use the software Screens with soothing foreground and background colours should be designed Screens with soothing foreground and background colours should be designed Place for company logos, dates etc should be uniform throughout the screens Place for company logos, dates etc should be uniform throughout the screens For multipage screen layout, it is better to have tabs with page numbers indicating on which page the user is For multipage screen layout, it is better to have tabs with page numbers indicating on which page the user is Mandatory fields should be indicated explicitly Mandatory fields should be indicated explicitly If system is going to take time for processing after a user action, it should be clearly displayed intermittently on screen If system is going to take time for processing after a user action, it should be clearly displayed intermittently on screen Developers should design screen by keeping in mind computer awareness level of users. Developers should design screen by keeping in mind computer awareness level of users. Distributed by AGASS (http://www.agass.org)

29 29 / 125 Physical Design The logical design needs to be ultimately mapped or implemented on a Physical Design. The logical design needs to be ultimately mapped or implemented on a Physical Design. E.g.hardware, operating system, database management system and any other software needed. E.g.hardware, operating system, database management system and any other software needed. Generally, following types of components need to be selected and finalized. Generally, following types of components need to be selected and finalized. Hardware – e.g. hardware for servers, desktops etc. Hardware – e.g. hardware for servers, desktops etc. Power Systems – such as UPS, generators, line conditioners etc. Power Systems – such as UPS, generators, line conditioners etc. Networking and telecommunication equipment – such as hubs, switches, routers, repeaters etc Networking and telecommunication equipment – such as hubs, switches, routers, repeaters etc Operating system – e.g. Windows (XP, Windows 2003 etc), Unix or Linux Operating system – e.g. Windows (XP, Windows 2003 etc), Unix or Linux RDBMS – such as Oracle or Microsoft SQL Server or MySQL etc. RDBMS – such as Oracle or Microsoft SQL Server or MySQL etc. Web server software – for web based systems server will have this software which will interact with database and application software which are loaded on servers (called as database and application servers). E.g. Internet Information Server (IIS), Apache etc. Web server software – for web based systems server will have this software which will interact with database and application software which are loaded on servers (called as database and application servers). E.g. Internet Information Server (IIS), Apache etc. Distributed by AGASS (http://www.agass.org)

30 30 / 125 Physical Design… Types of components … Transactions processing software and message queuing software – These are classified under Middleware since they are neither near user (client or front-end) nor near machine (such as OS or RDBMS). Their main function is to process a transaction and/or queue up transactions for further processing. Transactions processing software and message queuing software – These are classified under Middleware since they are neither near user (client or front-end) nor near machine (such as OS or RDBMS). Their main function is to process a transaction and/or queue up transactions for further processing. Client software – This software will reside on desktop or client machine. Depending upon type of system, a client software may have to be separately installed The client software will be connected to Application software when user invokes it. Client software – This software will reside on desktop or client machine. Depending upon type of system, a client software may have to be separately installed The client software will be connected to Application software when user invokes it. Distributed by AGASS (http://www.agass.org)

31 31 / 125 Development Phase: Programming Methods, Techniques And Languages The Development Phase takes the detailed design developed in the Design Phase and begins with coding by using a programming language. The Development Phase takes the detailed design developed in the Design Phase and begins with coding by using a programming language. The responsibility of this phase is primarily that of the Programmers. The responsibility of this phase is primarily that of the Programmers. The following are the key activities performed during this phase. The following are the key activities performed during this phase. Coding and developing programs and system level documents Coding and developing programs and system level documents Testing and debugging continuously for improvements in program developed Testing and debugging continuously for improvements in program developed Developing programs for conversion of the data in the legacy system to new system Developing programs for conversion of the data in the legacy system to new system Formulating the procedures for the transition of the software by the various users Formulating the procedures for the transition of the software by the various users Training the selected users on the new system Training the selected users on the new system In case of vendor supplied software, documenting the modifications carried out to ensure that future updated versions of the vendor's code can be applied. In case of vendor supplied software, documenting the modifications carried out to ensure that future updated versions of the vendor's code can be applied. Distributed by AGASS (http://www.agass.org)

32 32 / 125 Programming Methods & Techniques For effective and efficient software product, following techniques should be used… For effective and efficient software product, following techniques should be used… Adoption of the Program Coding Standards Adoption of the Program Coding Standards Structured programming Structured programming Online Programming Facilities Online Programming Facilities Use of suitable Programming Language and method Use of suitable Programming Language and method Procedural programming – past trend Procedural programming – past trend Object Oriented Programming Technique – current trend Object Oriented Programming Technique – current trend Distributed by AGASS (http://www.agass.org)

33 33 / 125 Program Debugging Debugging is the most primitive form of testing activity. Debugging is the most primitive form of testing activity. Programmers usually debug their programs while developing their source codes by activating the compiler and searching for implementation defects at the source code level. Programmers usually debug their programs while developing their source codes by activating the compiler and searching for implementation defects at the source code level. The need for extensive debugging is often an indication of poor workmanship. The need for extensive debugging is often an indication of poor workmanship. Debugging software tools assist the programmer in fine tuning, fixing and debugging the program under development. Debugging software tools assist the programmer in fine tuning, fixing and debugging the program under development. Distributed by AGASS (http://www.agass.org)

34 34 / 125 Program Debugging… Debugging tools help programmers in debugging activity Debugging tools help programmers in debugging activity These tools fall in the following three categories… These tools fall in the following three categories… Logic Path Monitors: provide logic errors by reporting on the sequence of events achieved by the program Logic Path Monitors: provide logic errors by reporting on the sequence of events achieved by the program Trace: This lists the changes in selected variables at different stages of the program. Trace: This lists the changes in selected variables at different stages of the program. Memory Dumps: provides a picture of the internal memory content at the point where the program has abruptly ended, providing the clues to the programmer on the inconsistencies in data and parameter values. Memory Dumps: provides a picture of the internal memory content at the point where the program has abruptly ended, providing the clues to the programmer on the inconsistencies in data and parameter values. Output Analyzer: checks the accuracy of the output which is the result of processing the input through that program by comparing the ac­tual results with the expected results. Output Analyzer: checks the accuracy of the output which is the result of processing the input through that program by comparing the ac­tual results with the expected results. Distributed by AGASS (http://www.agass.org)

35 35 / 125 Software Testing Phase Software testing is the process of testing software in a controlled manner to ensure it meets the specifications. Software testing is the process of testing software in a controlled manner to ensure it meets the specifications. During testing, the developer should give up preconceived notions of the correctness of the software developed. During testing, the developer should give up preconceived notions of the correctness of the software developed. Testing is carried out in the Test Environment. Testing is carried out in the Test Environment. For some large and complex systems, development and testing environment may be separate. For some large and complex systems, development and testing environment may be separate. Objectives of testing Objectives of testing Testing is a process of executing a program to identify an error. Testing is a process of executing a program to identify an error. A good test case is one that has high probability of finding an error. A good test case is one that has high probability of finding an error. A successful test is one that uncovers an error. A successful test is one that uncovers an error. Distributed by AGASS (http://www.agass.org)

36 36 / 125 Levels of testing Every software normally goes through the following levels of tests: Every software normally goes through the following levels of tests: Unit testing Unit testing System testing System testing Distributed by AGASS (http://www.agass.org)

37 37 / 125 Unit testing Unit testing is the process of testing individual units (i.e. individual programs or functions or objects) of software in isolation. Unit testing is the process of testing individual units (i.e. individual programs or functions or objects) of software in isolation. A program unit is usually small and the programmer who de­veloped it can test it in a great detail. A program unit is usually small and the programmer who de­veloped it can test it in a great detail. There are four categories of tests that a programmer typically performs on a program unit: There are four categories of tests that a programmer typically performs on a program unit: Functional tests - These tests check whether programs do what they are supposed to do. Functional tests - These tests check whether programs do what they are supposed to do. Performance tests - These should be designed to verify the response time, the execution time, the throughput, primary and secondary memory utilisation and the traffic rates on data channels and communication links Performance tests - These should be designed to verify the response time, the execution time, the throughput, primary and secondary memory utilisation and the traffic rates on data channels and communication links Stress tests - These are designed to overload a program in various ways. The purpose of a stress test is to determine the limitations of the program. Stress tests - These are designed to overload a program in various ways. The purpose of a stress test is to determine the limitations of the program. Structural tests - These are concerned with examining the internal processing logic of a software system. Structural tests - These are concerned with examining the internal processing logic of a software system. Parallel Tests - By using the same test data in the new and old system, the output results are compared. Parallel Tests - By using the same test data in the new and old system, the output results are compared. Distributed by AGASS (http://www.agass.org)

38 38 / 125 Types of unit tests Static analysis tests Static analysis tests Desk Check: This is done by the programmer himself. He checks for logical syntax errors, and deviation from coding standards. Desk Check: This is done by the programmer himself. He checks for logical syntax errors, and deviation from coding standards. Structured walk-through: The application developer leads other programmers through the text of the program and explanation Structured walk-through: The application developer leads other programmers through the text of the program and explanation Code inspection: The program is reviewed by a formal committee. Review is done with formal checklists. The procedure is more formal than a walk-through. Code inspection: The program is reviewed by a formal committee. Review is done with formal checklists. The procedure is more formal than a walk-through. Dynamic analysis tests Dynamic analysis tests Black Box Test: Assumes no knowledge of internal logic of programs Black Box Test: Assumes no knowledge of internal logic of programs White Box Test: Assumes knowledge of internal logic of programs White Box Test: Assumes knowledge of internal logic of programs Distributed by AGASS (http://www.agass.org)

39 39 / 125 Integration / Interface testing The objective is to evaluate the connection of two or more components that pass information from one area to another. The objective is to evaluate the connection of two or more components that pass information from one area to another. This is carried out in the following manner. This is carried out in the following manner. Bottom-up integration: Bottom-up integration: Bottom-up integration is the traditional strategy used to integrate the components of a software system into a functioning whole. Bottom-up integration is the traditional strategy used to integrate the components of a software system into a functioning whole. It consists of unit testing, followed by sub-sys­tem testing, and then testing of the entire system. It consists of unit testing, followed by sub-sys­tem testing, and then testing of the entire system. Top-down integration: Top-down integration: Top-down integration starts with the main rou­tine, and stubs are substituted, for the modules directly subordinate to the main module. Top-down integration starts with the main rou­tine, and stubs are substituted, for the modules directly subordinate to the main module. An incomplete portion of a program code that is put under a function in order to allow the function and the program to be compiled and tested, is referred to as a stub. An incomplete portion of a program code that is put under a function in order to allow the function and the program to be compiled and tested, is referred to as a stub. Regression tests: Regression tests: Each time a new module is added as part of integration testing, the software changes. Each time a new module is added as part of integration testing, the software changes. These changes may cause problems with functions that previously worked flawlessly. These changes may cause problems with functions that previously worked flawlessly. In the context of the integration testing, the regression tests ensure that changes or corrections have not introduced new errors. In the context of the integration testing, the regression tests ensure that changes or corrections have not introduced new errors. The data used for the regression tests should be the same as the data used in the original test. The data used for the regression tests should be the same as the data used in the original test. Distributed by AGASS (http://www.agass.org)

40 40 / 125 System testing System testing is a process in which software and other system elements are tested as a whole. System testing is a process in which software and other system elements are tested as a whole. System testing begins either when the software as a whole is operational or when the well defined subsets of the software's functionality have been implemented. System testing begins either when the software as a whole is operational or when the well defined subsets of the software's functionality have been implemented. The purpose of system testing is to ensure that the new or modified system functions properly. The purpose of system testing is to ensure that the new or modified system functions properly. These test procedures are often performed in a non- production test en­ vironment. These test procedures are often performed in a non- production test en­ vironment. The following types of testing might be carried out. The following types of testing might be carried out. Recovery Testing : Checking the ability of recovery of the system after the failure of hardware or software. Recovery Testing : Checking the ability of recovery of the system after the failure of hardware or software. Security Testing: Ensuring the existence and proper execution of ac­cess controls in the new system. Security Testing: Ensuring the existence and proper execution of ac­cess controls in the new system. Stress or Volume Testing: Testing the application with large quantity of data during peak hours to test its performance. Stress or Volume Testing: Testing the application with large quantity of data during peak hours to test its performance. Performance Testing: Comparing the new system's performance with that of similar systems using well defined benchmarks. Performance Testing: Comparing the new system's performance with that of similar systems using well defined benchmarks. Distributed by AGASS (http://www.agass.org)

41 41 / 125 Final Acceptance Testing or Users Acceptance Testing Final Acceptance testing is conducted when the system is just ready for implementation. Final Acceptance testing is conducted when the system is just ready for implementation. During this testing, it is ensured that the new system satisfies the quality standards adopted by the business and the system satisfies the users. During this testing, it is ensured that the new system satisfies the quality standards adopted by the business and the system satisfies the users. Thus the final acceptance testing has two major parts: Thus the final acceptance testing has two major parts: Quality Assurance Testing: ensures that the new systems satisfies the prescribed quality standards and the development process is as per the organisation's quality assurance methodology. Quality Assurance Testing: ensures that the new systems satisfies the prescribed quality standards and the development process is as per the organisation's quality assurance methodology. User Acceptance Testing: ensures that the functional aspects expected by the users has been well addressed in the new system. User Acceptance Testing: ensures that the functional aspects expected by the users has been well addressed in the new system. There are two types of the user acceptance testing. There are two types of the user acceptance testing. Alpha Testing: is the first stage, often performed by the users within the organization Alpha Testing: is the first stage, often performed by the users within the organization Beta Testing : is the second stage, generally performed by the external users. This is the last stage of testing, and normally involves sending the product outside the development environment for real world exposure. Beta Testing : is the second stage, generally performed by the external users. This is the last stage of testing, and normally involves sending the product outside the development environment for real world exposure. Distributed by AGASS (http://www.agass.org)

42 42 / 125 Implementation of Software Planning of the implementation should be commenced much before actual date of the implementation Planning of the implementation should be commenced much before actual date of the implementation The implementation plan as developed in the Design Phase should be used with the modifications if required. The implementation plan as developed in the Design Phase should be used with the modifications if required. There are four types of implementation strategies: There are four types of implementation strategies: Direct implementation / Abrupt change-over : The old system is suspended on a specific day and the new system is tried out. Direct implementation / Abrupt change-over : The old system is suspended on a specific day and the new system is tried out. Parallel implementation : Both the old and new systems are run in parallel to verify if their output is the same. Then the old system is suspended. Parallel implementation : Both the old and new systems are run in parallel to verify if their output is the same. Then the old system is suspended. Phased implementation : The new system is implemented in parts. This makes implementation more manageable. Phased implementation : The new system is implemented in parts. This makes implementation more manageable. Pilot implementation : The new systems is first implemented in a small, non- critical unit and then moved to larger unit. Pilot implementation : The new systems is first implemented in a small, non- critical unit and then moved to larger unit. Distributed by AGASS (http://www.agass.org)

43 43 / 125 Activities during Implementation Stage Major activities during implementation are: Major activities during implementation are: Installation of new hardware / software Installation of new hardware / software Data conversion: Following steps are necessary. Data conversion: Following steps are necessary. Determining what data can be converted through software and what data manually. Determining what data can be converted through software and what data manually. Performing data cleansing before data conversion Performing data cleansing before data conversion Identifying the methods to access the accuracy of conversion like record counts and control totals Identifying the methods to access the accuracy of conversion like record counts and control totals Designing exception reports showing the data which could not be converted through software. Designing exception reports showing the data which could not be converted through software. Establishing responsibility for verifying and signing off and accepting overall conversion by the system owner Establishing responsibility for verifying and signing off and accepting overall conversion by the system owner Actual conversion Actual conversion User Final Acceptance testing User Final Acceptance testing User training User training Manager's training on overview and MIS Manager's training on overview and MIS Operational user training on how to use the software, enter the data, generate the output Operational user training on how to use the software, enter the data, generate the output IT department’s training on the technical aspects IT department’s training on the technical aspects Distributed by AGASS (http://www.agass.org)

44 44 / 125 Post Implementation Review In PIR, after the system stabilizes, a check should be done to ensure that the system has fulfilled the objectives. Otherwise, move back to the appro­priate stage of the development cycle. In PIR, after the system stabilizes, a check should be done to ensure that the system has fulfilled the objectives. Otherwise, move back to the appro­priate stage of the development cycle. The PIR should be performed … The PIR should be performed … jointly by the project development team and the appropriate end users jointly by the project development team and the appropriate end users an independent group not associated with the development process, either internal or external an independent group not associated with the development process, either internal or external Audit should be conducted to meet the following objectives: Audit should be conducted to meet the following objectives: Whether the system met management's objectives and user requirements Whether the system met management's objectives and user requirements Whether the access controls have been adequately implemented and actually working Whether the access controls have been adequately implemented and actually working Evaluation and comparison of the actual Cost Benefit or ROI as against the same projected in the feasibility study phase. Evaluation and comparison of the actual Cost Benefit or ROI as against the same projected in the feasibility study phase. Recommend on the system's inadequacies and deficiencies Recommend on the system's inadequacies and deficiencies Develop a plan for implementing the accepted recommendations Develop a plan for implementing the accepted recommendations Evaluate the system development project process Evaluate the system development project process Distributed by AGASS (http://www.agass.org)

45 45 / 125 Post Implementation Review… Maintenance is also part of the post implementation review. It can be categorized into four types: Maintenance is also part of the post implementation review. It can be categorized into four types: Corrective maintenance : Correcting errors that may surface during the running of the applica­tion. Corrective maintenance : Correcting errors that may surface during the running of the applica­tion. Adaptive maintenance : Rapid changes in technology may cause an application to be run in a new technical environment in the user site. Web enabling a legacy application would fall in this category. Adaptive maintenance : Rapid changes in technology may cause an application to be run in a new technical environment in the user site. Web enabling a legacy application would fall in this category. Perfective maintenance : Perfective maintenance is required when the user wants additional functionalities. Extending the purchase order system to cover service orders will fall in this category. Perfective maintenance : Perfective maintenance is required when the user wants additional functionalities. Extending the purchase order system to cover service orders will fall in this category. Preventive maintenance : When the software is changed to suit future maintainability, it is called preventive maintenance. Preventive maintenance : When the software is changed to suit future maintainability, it is called preventive maintenance. Distributed by AGASS (http://www.agass.org)

46 46 / 125 Chapter 3 Alternative Methodologies of Software Development Distributed by AGASS (http://www.agass.org)

47 47 / 125 Learning Goals To provide an understanding of: To provide an understanding of: Different approaches to system development - advantages, problems encountered and selection criteria Different approaches to system development - advantages, problems encountered and selection criteria Different aspects involved in maintenance of information systems Different aspects involved in maintenance of information systems Distributed by AGASS (http://www.agass.org)

48 48 / 125 Traditional SDLC Models Waterfall Model Waterfall Model Spiral Model Spiral Model Today’s trend of OOP and web-based systems demands that Alternative Development methodologies be adopted instead of traditional methods. Today’s trend of OOP and web-based systems demands that Alternative Development methodologies be adopted instead of traditional methods. Distributed by AGASS (http://www.agass.org)

49 49 / 125 Data Oriented Systems Development Data oriented system development focuses on data structure and not data flow while processing. Data oriented system development focuses on data structure and not data flow while processing. Systems that optimize data usage are classified as data- oriented systems. Systems that optimize data usage are classified as data- oriented systems. This approach considers data independently of the processing that transforms the data. This approach considers data independently of the processing that transforms the data. Management Information Systems (MIS) and Data Warehousing applications fall in this category. Management Information Systems (MIS) and Data Warehousing applications fall in this category. Process-oriented approach specifies how data is moved and / or changed in the system Process-oriented approach specifies how data is moved and / or changed in the system Distributed by AGASS (http://www.agass.org)

50 50 / 125 Object Oriented Systems Development In this method, the system is analyzed in terms of objects and classes and the relationship between objects and their interaction. In this method, the system is analyzed in terms of objects and classes and the relationship between objects and their interaction. Objects are defined as entities that have both data structure and some behaviour. Objects are defined as entities that have both data structure and some behaviour. E.g. employee record is an object having properties : employee name, employee ID etc. and behaviour such as AddEMployee, RemoveEmployee, TransferEmployee etc. E.g. employee record is an object having properties : employee name, employee ID etc. and behaviour such as AddEMployee, RemoveEmployee, TransferEmployee etc. Major advantages of this approach are: Major advantages of this approach are: Ability to manage a variety of data types Ability to manage a variety of data types Ability to manage complex relationships Ability to manage complex relationships Capacity to meet demands of a changing environment Capacity to meet demands of a changing environment Reusability of logical elements Reusability of logical elements Data Security Data Security Object Oriented technology is widely used in: Object Oriented technology is widely used in: Computer Aided Engineering (CAE) Computer Aided Engineering (CAE) Systems software Systems software Distributed by AGASS (http://www.agass.org)

51 51 / 125 Prototyping When a customer defines a set of general objectives for the software, but not detailed input, processing and output requirements, prototyp­ing may be the best approach. When a customer defines a set of general objectives for the software, but not detailed input, processing and output requirements, prototyp­ing may be the best approach. The following are the steps in the prototyping approach : The following are the steps in the prototyping approach : Requirements gathering : The developer gets the initial requirements from the users. Requirements gathering : The developer gets the initial requirements from the users. Quick design : The emphasis is on visible aspects such as input screens and output reports. Quick design : The emphasis is on visible aspects such as input screens and output reports. Construction of prototype: by the developer on the basis of inputs from the users. Construction of prototype: by the developer on the basis of inputs from the users. Users evaluation of prototype : The users accepts the screens and op­tions as shown to them. Users evaluation of prototype : The users accepts the screens and op­tions as shown to them. Refinement of prototype: Prototype is refined by fine tuning the us­ers requirements. Refinement of prototype: Prototype is refined by fine tuning the us­ers requirements. The last two steps are iterated till the user is fully satisfied with the pro­totype. The last two steps are iterated till the user is fully satisfied with the pro­totype. Distributed by AGASS (http://www.agass.org)

52 52 / 125 Prototyping … The drawbacks of the prototyping approach are: The drawbacks of the prototyping approach are: The user sees the 'working' version of the software, without realising that the processing logic is still not ready. The user sees the 'working' version of the software, without realising that the processing logic is still not ready. Design strategy may be very weak Design strategy may be very weak The capability of the prototype to accommodate changes may lead to some problems. The capability of the prototype to accommodate changes may lead to some problems. Difficult to keep track of changes in the controls of prototype model. Difficult to keep track of changes in the controls of prototype model. Changes in design and development keep happening so quickly in this approach that formal change control procedures may be vio­lated. Changes in design and development keep happening so quickly in this approach that formal change control procedures may be vio­lated. Advantages … Advantages … IS auditor should be aware about the above risks IS auditor should be aware about the above risks IS auditor should also be aware that this method of system development can provide the organization with substantial saving in time and cost. IS auditor should also be aware that this method of system development can provide the organization with substantial saving in time and cost. Similarly, since users are giving approval to data entry screens and report layouts early in SDLC life cycle, chances of meeting user requirements are very high in this model. Similarly, since users are giving approval to data entry screens and report layouts early in SDLC life cycle, chances of meeting user requirements are very high in this model. Distributed by AGASS (http://www.agass.org)

53 53 / 125 Rapid Application Development - RAD RAD is an incremental model which has a short development cycle. RAD is an incremental model which has a short development cycle. Requirements have to be clearly understood and the scope has to be well defined. Requirements have to be clearly understood and the scope has to be well defined. RAD leverages the following techniques to keep the develop­ment cycle short: RAD leverages the following techniques to keep the develop­ment cycle short: Multiple small teams Multiple small teams Modular applications Modular applications Evolutionary prototype Evolutionary prototype Automated tools Automated tools Design workshops Design workshops Component- based development Component- based development Fourth generation languages Fourth generation languages Rigid time frames Rigid time frames Adopted only for individual strategically important systems and not for ERP kind of systems. Adopted only for individual strategically important systems and not for ERP kind of systems. Distributed by AGASS (http://www.agass.org)

54 54 / 125 RAD … This approach should be undertaken only if the following 4 pillars of an organization are strong : This approach should be undertaken only if the following 4 pillars of an organization are strong : Management – should give quick decisions to development and user teams Management – should give quick decisions to development and user teams People – in user team and development team People – in user team and development team Methodology – proven methodology should be used and not recently invented Methodology – proven methodology should be used and not recently invented Tools – proven integrated tools such as VB / Delphi etc should be used. Tools – proven integrated tools such as VB / Delphi etc should be used. The four stages in this approach are: The four stages in this approach are: Definition of scope Definition of scope Creation of a functional design Creation of a functional design Construction of application Construction of application Deployment Deployment The drawbacks of RAD are: The drawbacks of RAD are: For mission critical applications, where quality and reliability as­ sume higher importance than time of development, this approach is not recommended. For mission critical applications, where quality and reliability as­ sume higher importance than time of development, this approach is not recommended. Distributed by AGASS (http://www.agass.org)

55 55 / 125 Reengineering Used for systems working satisfactorily but are not efficient due to poor design or take advantage of new technology. Used for systems working satisfactorily but are not efficient due to poor design or take advantage of new technology. It is difficult to migrate these huge mission critical applications to new systems quickly. It is difficult to migrate these huge mission critical applications to new systems quickly. In such cases, the reengineering approach is suggested. In such cases, the reengineering approach is suggested. This is quite like remodeling / rebuilding an old house. This is quite like remodeling / rebuilding an old house. Software reengineering consists of six activities: Software reengineering consists of six activities: Inventory analysis: Inventorise of all applications that it uses. This should include details such as size, age, business criticality. Inventory analysis: Inventorise of all applications that it uses. This should include details such as size, age, business criticality. Document restructuring: In many legacy applications, documentation is sketchy, or may not exist at all. In a large application environment, documentation must be carefully planned, taking into account the resources available. Document restructuring: In many legacy applications, documentation is sketchy, or may not exist at all. In a large application environment, documentation must be carefully planned, taking into account the resources available. Distributed by AGASS (http://www.agass.org)

56 56 / 125 Reverse engineering This is the technique of drawing design specifications from the actual product by studying its source code. This is the technique of drawing design specifications from the actual product by studying its source code. In software reverse engineering, the program is first analyzed and then design specifications are worked out. In software reverse engineering, the program is first analyzed and then design specifications are worked out. This process can be carried out in several ways: This process can be carried out in several ways: Decomposing the object or executable code into source code and using it to analyse the program Decomposing the object or executable code into source code and using it to analyse the program Utilizing the reverse engineering application as a black box test and unveiling its functionality by using test data. Utilizing the reverse engineering application as a black box test and unveiling its functionality by using test data. The advantages of the reverse engineering are faster development of a system and improvement in the present system by using reverse engineering. The advantages of the reverse engineering are faster development of a system and improvement in the present system by using reverse engineering. The IS auditor should look into software license agreements – some may prohibit reverse engineering The IS auditor should look into software license agreements – some may prohibit reverse engineering Distributed by AGASS (http://www.agass.org)

57 57 / 125 Web-based Application Development Web-based systems and applications become integrated in business strategies for small and large companies. Web-based systems and applications become integrated in business strategies for small and large companies. The following are the attributes of the Web based applications. The following are the attributes of the Web based applications. Network Intensive: By its nature, a web based application is network intensive. It resides on a network and must serve the needs of diverse community of clients. A web based application may reside on the internet or intranet or extranet Network Intensive: By its nature, a web based application is network intensive. It resides on a network and must serve the needs of diverse community of clients. A web based application may reside on the internet or intranet or extranet Content Driven: In many cases, the primary function of a web based application is to use hypermedia to present text, graphics, audio, and video contents to the end user. Content Driven: In many cases, the primary function of a web based application is to use hypermedia to present text, graphics, audio, and video contents to the end user. Continuous evolution: Unlike conventional application software that evolves over a series of planned, chronologically spaced releases, web based applications evolve continuously. Continuous evolution: Unlike conventional application software that evolves over a series of planned, chronologically spaced releases, web based applications evolve continuously. Distributed by AGASS (http://www.agass.org)

58 58 / 125 Categories of web-based applications Informational: Read only content is provided with simple navigation and links Informational: Read only content is provided with simple navigation and links Download: A user downloads information from the appropriate server Download: A user downloads information from the appropriate server Customization: The user customizes contents to specific needs Customization: The user customizes contents to specific needs Interaction: Communication among a community of users occurs via chat-room, bulletin boards, or instant messaging. Interaction: Communication among a community of users occurs via chat-room, bulletin boards, or instant messaging. User Input: Forms based input is the primary mechanism for com­municating need User Input: Forms based input is the primary mechanism for com­municating need Transaction oriented: The user makes a request (e.g. places an order) that is fulfilled by the web based application Transaction oriented: The user makes a request (e.g. places an order) that is fulfilled by the web based application Service Oriented: The application provides a service to the user (e.g. assists the user in calculating the EMI of loan) Service Oriented: The application provides a service to the user (e.g. assists the user in calculating the EMI of loan) Portal: The application channels the user to other web content or ser­vices outside the domain of the portal application Portal: The application channels the user to other web content or ser­vices outside the domain of the portal application Database Access: The user queries a large database and extracts infor­mation Database Access: The user queries a large database and extracts infor­mation Data Warehousing: The user queries a collection of large databases and extracts information Data Warehousing: The user queries a collection of large databases and extracts information Distributed by AGASS (http://www.agass.org)

59 59 / 125 Agile Development Refers to a family of similar development processes that involves a non traditional way of developing a complex system. Refers to a family of similar development processes that involves a non traditional way of developing a complex system. It is termed as "agile" because they are designed with flexibility to handle changes to the system being developed or the project team that is performing the development. It is termed as "agile" because they are designed with flexibility to handle changes to the system being developed or the project team that is performing the development. Agile development process involves: Agile development process involves: Setting of small subprojects or iterations on the basis of which next iteration is planned. Setting of small subprojects or iterations on the basis of which next iteration is planned. Replanning the project at the end of each iteration involving resetting priorities, identification of new priorities etc Replanning the project at the end of each iteration involving resetting priorities, identification of new priorities etc The teams are generally small, cohesive and comprise of both business and technical representatives. The teams are generally small, cohesive and comprise of both business and technical representatives. In case of some agile development, two programmers code the same part of the system as a means of knowledge sharing and quality improvement. In case of some agile development, two programmers code the same part of the system as a means of knowledge sharing and quality improvement. Unlike a normal project manager has the role of planning the proj­ect, allocating the tasks and monitoring the progress of the project, the project manager has a job of facilitator and advocate. Unlike a normal project manager has the role of planning the proj­ect, allocating the tasks and monitoring the progress of the project, the project manager has a job of facilitator and advocate. Distributed by AGASS (http://www.agass.org)

60 60 / 125 Information Systems Maintenance Practices Systems undergo changes right through their life cycle. Systems undergo changes right through their life cycle. These changes often create problems in the functionality and other characteristics of a system. These changes often create problems in the functionality and other characteristics of a system. So it is necessary that a procedure for change is formalized. So it is necessary that a procedure for change is formalized. This is called as Change control or Change Management This is called as Change control or Change Management Distributed by AGASS (http://www.agass.org)

61 61 / 125 Change Management Request for change by the user must be submitted to the IS department along with the reasons for change. This is a Change Request Request for change by the user must be submitted to the IS department along with the reasons for change. This is a Change Request The user request is then assessed by the relevant application developer. The user request is then assessed by the relevant application developer. He evaluates the impact of the modifications on other programs and prepares schedule of change to be carried out He evaluates the impact of the modifications on other programs and prepares schedule of change to be carried out Every organisation should have a defined Change Control Authority (CCA) - a person or a committee - which is the final authority to approve changes. Every organisation should have a defined Change Control Authority (CCA) - a person or a committee - which is the final authority to approve changes. Once approved by CCA, programmer then makes the approved changes, and the programs go through all the tests that they had gone through, when they were initially developed. Once approved by CCA, programmer then makes the approved changes, and the programs go through all the tests that they had gone through, when they were initially developed. The CCA then reviews the changes made to programs, data and documents and approve them. The CCA then reviews the changes made to programs, data and documents and approve them. Then the systems administrator moves the changed version into the production environment and informs all users of the change and the revised version number. Then the systems administrator moves the changed version into the production environment and informs all users of the change and the revised version number. After running the new version of the application the user who requested the change should certify that the change requested by him has been fulfilled. After running the new version of the application the user who requested the change should certify that the change requested by him has been fulfilled. Distributed by AGASS (http://www.agass.org)

62 62 / 125 Library control software The purpose of the library control software is to separate production libraries from test libraries. The purpose of the library control software is to separate production libraries from test libraries. 'I he following are the functions of this software: 'I he following are the functions of this software: It prevents programmers from accessing source and object programs in the production directory. It prevents programmers from accessing source and object programs in the production directory. It does not permit program to be updated in bulk. It does not permit program to be updated in bulk. It enforces discipline: The programmer after making the requested change in the source code and testing it hands it over to the official authorised by the organisation to update the production directory - control group or systems administrator. It enforces discipline: The programmer after making the requested change in the source code and testing it hands it over to the official authorised by the organisation to update the production directory - control group or systems administrator. The production directory is then updated with the revised version of the code - source and object. The production directory is then updated with the revised version of the code - source and object. It provides read-only access to the source code. Any modification has to be authorized by the change control procedure detailed earlier. It provides read-only access to the source code. Any modification has to be authorized by the change control procedure detailed earlier. It maintains clear distinction between programs in production and test directories. It maintains clear distinction between programs in production and test directories. Distributed by AGASS (http://www.agass.org)

63 63 / 125 Executable and source code integrity At any point of time, the current version of the source code and object code should match. At any point of time, the current version of the source code and object code should match. In a manual program migration practice, the changed source code may be moved to the production directory, but compilation is omitted. In a manual program migration practice, the changed source code may be moved to the production directory, but compilation is omitted. Some of the controls the auditor should use to check in code integrity Some of the controls the auditor should use to check in code integrity The time stamp on the object code should always be same or later than that of the corresponding source code. The time stamp on the object code should always be same or later than that of the corresponding source code. Users and application programmers should not have access to the production source code. Users and application programmers should not have access to the production source code. In an automated environment, where the users themselves develop applications, controls may be lax. So auditors should focus on evaluating controls in such applications In an automated environment, where the users themselves develop applications, controls may be lax. So auditors should focus on evaluating controls in such applications Distributed by AGASS (http://www.agass.org)

64 64 / 125 Configuration Management Configuration management involves various procedures throughout the life cycle of the software to identify, define and baseline software items in the system thus providing a basis for problem management, change management and release management. Configuration management involves various procedures throughout the life cycle of the software to identify, define and baseline software items in the system thus providing a basis for problem management, change management and release management. It involves identification of items like programs, documentation and data. It involves identification of items like programs, documentation and data. Once handed over to the configuration management team, the item cannot be changed without a formal change control process Once handed over to the configuration management team, the item cannot be changed without a formal change control process The process of moving an item to the controlled environment is called checking in. The process of moving an item to the controlled environment is called checking in. When a change is required, the item will be checked out by the configuration manager. When a change is required, the item will be checked out by the configuration manager. Once the change is made, it is checked in by a different version number. Once the change is made, it is checked in by a different version number. Distributed by AGASS (http://www.agass.org)

65 65 / 125 Configuration Management… The job profile of the CM maintainer involves the following task steps: The job profile of the CM maintainer involves the following task steps: Develop the configuration management plan Develop the configuration management plan Baseline the code and associated documents Baseline the code and associated documents Analyse and report on the results of configuration control Analyse and report on the results of configuration control Develop the reports that provide configuration status information Develop the reports that provide configuration status information Develop release procedures Develop release procedures Perform configuration control activities, such as identification and recording of the request Perform configuration control activities, such as identification and recording of the request Update the configuration status accounting database Update the configuration status accounting database Distributed by AGASS (http://www.agass.org)

66 66 / 125 Chapter 3 Project Management Tools and Techniques Distributed by AGASS (http://www.agass.org)

67 67 / 125 Learning Goals To provide a clear understanding of: To provide a clear understanding of: What is meant by Project Management in context of IT Projects What is meant by Project Management in context of IT Projects Software size estimation techniques - The significance of budgets and schedules in system development Software size estimation techniques - The significance of budgets and schedules in system development PERT (Program Evaluation Review Technique) as a project manage­ment tool PERT (Program Evaluation Review Technique) as a project manage­ment tool Various kinds of tools and techniques available for project management such as Critical Path Method (CPM), Time Box Management etc. Various kinds of tools and techniques available for project management such as Critical Path Method (CPM), Time Box Management etc. Computer Aided Software Engineering - CASE Computer Aided Software Engineering - CASE Distributed by AGASS (http://www.agass.org)

68 68 / 125 Project Management Tools and Techniques Software : Software : is designed, programmed is designed, programmed is used and managed by people is used and managed by people Use hardware and software Use hardware and software Software development : Software development : a complex process a complex process managing resources e.g people, machines etc. managing resources e.g people, machines etc. engineering principles and practices are applicable engineering principles and practices are applicable All Project Management tools and techniques are applicable. All Project Management tools and techniques are applicable. Distributed by AGASS (http://www.agass.org)

69 69 / 125 Project Management Project Management is application of Knowledge & practices, Skills and tools & techniques… Project Management is application of Knowledge & practices, Skills and tools & techniques… Knowledge & practices involves risk based approach for… Knowledge & practices involves risk based approach for… Project Initiation Project Initiation Project Planning Project Planning Project Execution Project Execution Project Control – Quantitative & Qualitative Project Control – Quantitative & Qualitative Project Closing Project Closing Skills can be inherent but enhanced through … Skills can be inherent but enhanced through … Training Training Experience Experience Distributed by AGASS (http://www.agass.org)

70 70 / 125 Project Management… Tools and techniques cane be… Tools and techniques cane be… General Project Management General Project Management Software size estimation Software size estimation Budgets & Schedules Budgets & Schedules Software cost estimation Software cost estimation Software configuration management Software configuration management Documentation Documentation Office automation Office automation Distributed by AGASS (http://www.agass.org)

71 71 / 125 Budgets an Schedules Two critical problems in software development are: Time and cost over­runs need to be addressed by a project manager. Two critical problems in software development are: Time and cost over­runs need to be addressed by a project manager. These problems arise because of poor estimation of effort required and hence cost involved in developing an application. These problems arise because of poor estimation of effort required and hence cost involved in developing an application. Budgeting involves estimating human and machine / software efforts in each task. Budgeting involves estimating human and machine / software efforts in each task. Machine efforts refers to any piece of hardware which would be required to develop a system. Machine efforts refers to any piece of hardware which would be required to develop a system. Gross person-month effort has to be considered for details, such as: Gross person-month effort has to be considered for details, such as: What are the activities in the project? E.g. Requirements Analysis, programming, data entry of masters etc What are the activities in the project? E.g. Requirements Analysis, programming, data entry of masters etc In which sequence will these activities be performed? Serially or simultaneously (in parallel) In which sequence will these activities be performed? Serially or simultaneously (in parallel) How will the total person-month effort be distributed over these activities How will the total person-month effort be distributed over these activities On which date will each activity start and finish? On which date will each activity start and finish? What additional resources are required to complete the activity? What additional resources are required to complete the activity? What will be the measure that assesses the completion of an activity? What will be the measure that assesses the completion of an activity? What will be the points in which the management will review the project? What will be the points in which the management will review the project? Distributed by AGASS (http://www.agass.org)

72 72 / 125 Software size estimation In order to arrive at a cost of software, it is necessary to determine size of the software. In order to arrive at a cost of software, it is necessary to determine size of the software. In early days, when procedural programming was used (mostly COBOL), count of number of lines of source code (SLOC – Source Lines Of Code) was used In early days, when procedural programming was used (mostly COBOL), count of number of lines of source code (SLOC – Source Lines Of Code) was used However, this method did not work well with complex programs as well as with newer techniques of programming. However, this method did not work well with complex programs as well as with newer techniques of programming. Therefore, Function Point Analysis was developed by researchers. Therefore, Function Point Analysis was developed by researchers. Distributed by AGASS (http://www.agass.org)

73 73 / 125 Function Point Analysis A function point represents the size and complexity of the application A function point represents the size and complexity of the application This is computed on the basis of number of inputs, outputs, files, queries and interfaces that the application is likely to have. This is computed on the basis of number of inputs, outputs, files, queries and interfaces that the application is likely to have. This estimate is arrived at in terms of person-months required to de­velop the application. This estimate is arrived at in terms of person-months required to de­velop the application. Function point is then calculated based on reliability, criticality, complexity and reusability expected from the system. Function point is then calculated based on reliability, criticality, complexity and reusability expected from the system. e.g. Productivity = FP / Person-Month, Quality = Defects / FP, Cost = Rupees / FP. e.g. Productivity = FP / Person-Month, Quality = Defects / FP, Cost = Rupees / FP. Distributed by AGASS (http://www.agass.org)

74 74 / 125 Other costs Apart from software size estimation, some other components of cost should be taken into consideration for other phases of the project. These are : Apart from software size estimation, some other components of cost should be taken into consideration for other phases of the project. These are : Main storage constraints Main storage constraints Data storage constraints Data storage constraints Execution Time constraints Execution Time constraints Staff experience Staff experience Computer access Computer access Security environment Security environment Source code language Source code language Target machine used for development Target machine used for development Distributed by AGASS (http://www.agass.org)

75 75 / 125 Gantt Charts Gantt Charts are prepared to schedule the tasks involved in a project. Gantt Charts are prepared to schedule the tasks involved in a project. It shows… It shows… when tasks should begin and end when tasks should begin and end what tasks can be undertaken concurrently, and what tasks have to be done serially. what tasks can be undertaken concurrently, and what tasks have to be done serially. They help to identify the consequences of early and late completion of the tasks. They help to identify the consequences of early and late completion of the tasks. Distributed by AGASS (http://www.agass.org)

76 76 / 125 Gantt Chart example : Schedule of a Project Distributed by AGASS (http://www.agass.org)

77 77 / 125 Gantt Chart example : Gantt chart Distributed by AGASS (http://www.agass.org)

78 78 / 125 Program Evaluation Review Technique (PERT) PERT represents activities in a project as a network. It indicates the sequential and parallel relationship between activities. PERT represents activities in a project as a network. It indicates the sequential and parallel relationship between activities. PERT terminology : PERT terminology : Activity Activity An activity is a portion of the project, which requires resources and time to complete. The activity is represented by an arrow. An activity is a portion of the project, which requires resources and time to complete. The activity is represented by an arrow. Event Event An event is the starting or end point of an activity. It does not consume resources or time. It is represented by a circle An event is the starting or end point of an activity. It does not consume resources or time. It is represented by a circle Predecessor activity Predecessor activity Activities that must be completed before another activity can begin, are called predecessor activities for that activity. Activities that must be completed before another activity can begin, are called predecessor activities for that activity. Successor activity Successor activity Activities that are carried out after an activity is completed, are known as successor activities. Activities that are carried out after an activity is completed, are known as successor activities. Distributed by AGASS (http://www.agass.org)

79 79 / 125 Program Evaluation Review Technique (PERT)… PERT terminology : (contd..) PERT terminology : (contd..) Slack Slack Slack is the difference between earliest and latest completion time of an activity Slack is the difference between earliest and latest completion time of an activity Dummy Dummy Dummy activity is that activity which requires no resources. A dummy activity does not have any real life significance. Dummy activity is that activity which requires no resources. A dummy activity does not have any real life significance. Dummy activities are required in PERT, because as per the rules of PERT, not more than one activity can have the same preceding and succeeding activity. To represent this, dummy activities are included. Dummy activities are required in PERT, because as per the rules of PERT, not more than one activity can have the same preceding and succeeding activity. To represent this, dummy activities are included. Distributed by AGASS (http://www.agass.org)

80 80 / 125 Program Evaluation Review Technique (PERT)… Time estimate Time estimate PERT recognizes the estimates cannot be precise, and hence allows a weighted average of different estimates such as pessimistic, optimistic and most likely. PERT recognizes the estimates cannot be precise, and hence allows a weighted average of different estimates such as pessimistic, optimistic and most likely. A heavier weightage is given to the most likely estimate and the calculation is as follows: A heavier weightage is given to the most likely estimate and the calculation is as follows: t - optimistic estimate t o - optimistic estimate t - pessimistic estimate t p - pessimistic estimate t - most likely estimate t m - most likely estimate Expected time = (t + 4t + t) / 6 Expected time = (t o + 4t m + t p ) / 6 Distributed by AGASS (http://www.agass.org)

81 81 / 125 Critical Path Method (CPM) In a network, critical path represents the path which has the highest duration of time. In a network, critical path represents the path which has the highest duration of time. It is the shortest time in which the project can be completed. It is the shortest time in which the project can be completed. Maximum control is required on the completion of any activity on Critical Path Maximum control is required on the completion of any activity on Critical Path If any activity on critical path is delayed, the whole project will be delayed. If any activity on critical path is delayed, the whole project will be delayed. Activities in the critical path have zero slack Activities in the critical path have zero slack Distributed by AGASS (http://www.agass.org)

82 82 / 125 Critical Path Method (CPM)… The critical path is found by working forward through the network The critical path is found by working forward through the network Computing the earliest possible completion time for each activity Computing the earliest possible completion time for each activity Thus earliest possible completion time for the project is found. Thus earliest possible completion time for the project is found. Now, taking this as the completion time of the project, working backwards the latest completion time of each activity is found. Now, taking this as the completion time of the project, working backwards the latest completion time of each activity is found. The path on which activities have the same earliest and latest completion time is the critical path or in other words slack is zero. The path on which activities have the same earliest and latest completion time is the critical path or in other words slack is zero. Distributed by AGASS (http://www.agass.org)

83 83 / 125 System Development Tools and Productivity Aids These help in better productivity from programmers and better quality if properly used. These help in better productivity from programmers and better quality if properly used. Code generators Code generators Code generators generate program code on the basis of parameters defined by system analyst or data flow diagrams. Code generators generate program code on the basis of parameters defined by system analyst or data flow diagrams. These aid in improv­ing programmer efficiency. These aid in improv­ing programmer efficiency. Such tools, which help in automation of software life cycle activities are included in CASE (Computer Aided Software Engineering) tools. Such tools, which help in automation of software life cycle activities are included in CASE (Computer Aided Software Engineering) tools. Computer Aided Software Engineering (CASE) Computer Aided Software Engineering (CASE) CASE is an attempt to automate all activities associated with the software development life cycle. CASE is an attempt to automate all activities associated with the software development life cycle. Distributed by AGASS (http://www.agass.org)

84 84 / 125 CASE Tools Classification of CASE tools : 3 categories Classification of CASE tools : 3 categories Upper CASE: Useful in the early stages of SDLC. Tools that help in defining application requirements fall in this category. Upper CASE: Useful in the early stages of SDLC. Tools that help in defining application requirements fall in this category. Middle CASE: These address the needs in the middle levels of SDLC such as Design. Those that help in designing screen and report layouts, data and process design falls in this category. Middle CASE: These address the needs in the middle levels of SDLC such as Design. Those that help in designing screen and report layouts, data and process design falls in this category. Lower CASE: The later parts of the life cycle make use of these tools. These tools use design information to generate program codes. Lower CASE: The later parts of the life cycle make use of these tools. These tools use design information to generate program codes. Distributed by AGASS (http://www.agass.org)

85 85 / 125 Integrated CASE environments It is possible to use separate CASE tools for individual activities but an integrated CASE (I CASE) tool is used for better efficiency. It is possible to use separate CASE tools for individual activities but an integrated CASE (I CASE) tool is used for better efficiency. CASE database (Repository) contains the following data: CASE database (Repository) contains the following data: Enterprise information such as Organisational structure, Business area analysis etc. Enterprise information such as Organisational structure, Business area analysis etc. Application design information such as data structures, menu trees, processing logic etc Application design information such as data structures, menu trees, processing logic etc Construction / Programs information such as source code, object code etc Construction / Programs information such as source code, object code etc Testing information such as Test plan, Test results etc Testing information such as Test plan, Test results etc Project management details such as Project plan, Work breakdown structure, Estimates, schedules etc Project management details such as Project plan, Work breakdown structure, Estimates, schedules etc Documentation details such as Systems requirements specifications, Design document, User manuals Documentation details such as Systems requirements specifications, Design document, User manuals Distributed by AGASS (http://www.agass.org)

86 86 / 125 Advantages and limitations in using CASE Benefits of using CASE Benefits of using CASE Since CASE strictly follows SDLC, use of CASE enforces the disci­pline in steps of SDLC. Since CASE strictly follows SDLC, use of CASE enforces the disci­pline in steps of SDLC. The standardization / uniformity of processes can be achieved. The standardization / uniformity of processes can be achieved. Since CASE tools generate inputs of each stage from the outputs of previous stage, consistency of application quality can be ensured. Since CASE tools generate inputs of each stage from the outputs of previous stage, consistency of application quality can be ensured. Tasks such as diagramming need not be done by the programmer, and can be left to the CASE tool. Tasks such as diagramming need not be done by the programmer, and can be left to the CASE tool. Programmer can devote time for more productive tasks; thus the development time can be shortened and cost economy can be achieved Programmer can devote time for more productive tasks; thus the development time can be shortened and cost economy can be achieved Since stage outputs and related documentation are created by the tool. Since stage outputs and related documentation are created by the tool. Disadvantages of CASE Disadvantages of CASE CASE tools are costly, particularly ones that address the early stages of the life cycle. CASE tools are costly, particularly ones that address the early stages of the life cycle. Use of CASE tools requires extensive training Use of CASE tools requires extensive training Distributed by AGASS (http://www.agass.org)

87 87 / 125 Chapter 5 Specialized Systems Distributed by AGASS (http://www.agass.org)

88 88 / 125 Learning Goals An understanding of Artificial Intelligence (AI) that includes An understanding of Artificial Intelligence (AI) that includes Characteristic features of AI applications Characteristic features of AI applications AI applications like expert systems, neural systems, robotics etc. AI applications like expert systems, neural systems, robotics etc. An insight on expert systems, its components, merits and shortcom­ings An insight on expert systems, its components, merits and shortcom­ings An overview of data warehouse, data mining and its concept An overview of data warehouse, data mining and its concept An understanding on Decision Support systems (DSS) that includes An understanding on Decision Support systems (DSS) that includes DSS frameworks DSS frameworks Design, development and implementation issues in DSS Design, development and implementation issues in DSS DSS trends DSS trends Point of Sale systems Point of Sale systems ATMs ATMs EDI, E-Commerce, ERP Systems EDI, E-Commerce, ERP Systems Distributed by AGASS (http://www.agass.org)

89 89 / 125 Artificial Intelligence (AI) Designing human like thinking ability by computers is called AI Designing human like thinking ability by computers is called AI Computer are very good and speedy in performing calculations which are of repetitive nature. Computer are very good and speedy in performing calculations which are of repetitive nature. Artificial Intelligence does this on the basis of predetermined set of rules. Artificial Intelligence does this on the basis of predetermined set of rules. Human is better than computer (since it is a living animal) in following aspects.. Human is better than computer (since it is a living animal) in following aspects.. Thinking and reasoning Thinking and reasoning Using reason to solve problems Using reason to solve problems Learning from experience Learning from experience Exhibiting creativity and imagination Exhibiting creativity and imagination Handling ambiguous or incomplete information Handling ambiguous or incomplete information AI tries to achieve the same through computer. AI tries to achieve the same through computer. Distributed by AGASS (http://www.agass.org)

90 90 / 125 AI applications The applications of AI can be classified into three major categories: Cognitive Science, Robotics and Natural Languages The applications of AI can be classified into three major categories: Cognitive Science, Robotics and Natural Languages Cognitive Science: Cognitive Science: This is an area based on research in disciplines such as biology, neurology, psychology, mathematics and allied disciplines. This is an area based on research in disciplines such as biology, neurology, psychology, mathematics and allied disciplines. It focuses on how human brain works and how humans think and learn. Applications of AI in the cognitive science are: It focuses on how human brain works and how humans think and learn. Applications of AI in the cognitive science are: Expert Systems: Expert Systems: These are information systems with reasoning ca­pability. These are information systems with reasoning ca­pability. Learning Systems: Learning Systems: These are the systems that can modify their be­haviour based on information they acquire as they operate. These are the systems that can modify their be­haviour based on information they acquire as they operate. Distributed by AGASS (http://www.agass.org)

91 91 / 125 AI applications… Fuzzy logic: Fuzzy logic: These are systems that can process data that are ambiguous and incomplete. These are systems that can process data that are ambiguous and incomplete. This permits them to solve unstructured problems. This permits them to solve unstructured problems. These systems are 'trained' to learn imprecise terminology such as those normally used by humans in their interactions (e.g. cooler, faster etc). These systems are 'trained' to learn imprecise terminology such as those normally used by humans in their interactions (e.g. cooler, faster etc). Many embedded systems such as in washing machines, refrigerators, auto- focus cameras and energy efficient air-conditioners use fuzzy logic. Many embedded systems such as in washing machines, refrigerators, auto- focus cameras and energy efficient air-conditioners use fuzzy logic. Neural networks: Neural networks: These are computing systems modelled after the human brain. These are computing systems modelled after the human brain. This is with reference to the mesh like network of interconnected processing elements. This is with reference to the mesh like network of interconnected processing elements. Though the architecture is much simpler than the human brain, it permits them to recognize patterns. Such patterns get more and more refined with data input. Though the architecture is much simpler than the human brain, it permits them to recognize patterns. Such patterns get more and more refined with data input. Distributed by AGASS (http://www.agass.org)

92 92 / 125 Some AI examples Intelligent agents: Intelligent agents are software that use built-in and learned knowledge base about a person or process to make de­ cisions and accomplish tasks in a way that fulfils the intentions of user. E.g. Word processing software Intelligent agents: Intelligent agents are software that use built-in and learned knowledge base about a person or process to make de­ cisions and accomplish tasks in a way that fulfils the intentions of user. E.g. Word processing software Robotics: This technology produces robot machines with computer intelligence and human-like physical capabilities. Robotics find expensive application in computer aided manufacturing. Robotics: This technology produces robot machines with computer intelligence and human-like physical capabilities. Robotics find expensive application in computer aided manufacturing. Natural languages: Being able to 'converse' with computers in human languages is the goal of research in this area. E.g. Interactive voice response, virtual reality Natural languages: Being able to 'converse' with computers in human languages is the goal of research in this area. E.g. Interactive voice response, virtual reality Virtual reality: Virtual reality involves using multi sensory human- computer interfaces that enable humans to experience computer simulated objects, space and activities, as they actually exist. Flight simulation for training pilots, surgery simulation for training doc­tors are some of the applications of virtual reality. Virtual reality: Virtual reality involves using multi sensory human- computer interfaces that enable humans to experience computer simulated objects, space and activities, as they actually exist. Flight simulation for training pilots, surgery simulation for training doc­tors are some of the applications of virtual reality. Distributed by AGASS (http://www.agass.org)

93 93 / 125 Expert Systems Most practical and widely implemented applications. Most practical and widely implemented applications. An expert system (ES) is a knowledge based information system that uses its knowledge about a specific, complex application area to act as an expert consultant. An expert system (ES) is a knowledge based information system that uses its knowledge about a specific, complex application area to act as an expert consultant. Provide answers in the specific application area, and also explain their reasoning process and conclusions Provide answers in the specific application area, and also explain their reasoning process and conclusions Distributed by AGASS (http://www.agass.org)

94 94 / 125 Components of expert systems User interface: User interface: This allows the user to interact with the system. This allows the user to interact with the system. The user presents the problem for which solutions are delivered to him. The user presents the problem for which solutions are delivered to him. Interface engine: Interface engine: This part reasons and determines the application of knowledge in the knowledge base to the facts presented in the user interface. This part reasons and determines the application of knowledge in the knowledge base to the facts presented in the user interface. Interface engine is the active component of an expert system and its main job is to mimic human reasoning Interface engine is the active component of an expert system and its main job is to mimic human reasoning Distributed by AGASS (http://www.agass.org)

95 95 / 125 Components of expert systems… Knowledge base: Knowledge base: Important element of an expert system since it holds the expert problem solving knowledge. Important element of an expert system since it holds the expert problem solving knowledge. The key to the knowledge base is the way knowledge is represented. The key to the knowledge base is the way knowledge is represented. Knowledge representation deals with structuring of information and ways to manipulate it to infer additional data. Knowledge representation deals with structuring of information and ways to manipulate it to infer additional data. Distributed by AGASS (http://www.agass.org)

96 96 / 125 Advantages of expert systems The knowledge and experience of the expert is captured before he leaves the organization The knowledge and experience of the expert is captured before he leaves the organization The codified knowledge in a central repository makes it easy to share it with the less experienced in the application area The codified knowledge in a central repository makes it easy to share it with the less experienced in the application area This ensures consistent and quality decisions This ensures consistent and quality decisions It also enhances personnel productivity It also enhances personnel productivity Distributed by AGASS (http://www.agass.org)

97 97 / 125 Limitations of expert systems Expert systems perform well in solving specific types of problems in a limited domain. When the problems involve multiple domains, expert systems become difficult to construct Expert systems perform well in solving specific types of problems in a limited domain. When the problems involve multiple domains, expert systems become difficult to construct They do not have the capacity to learn and from that point of view are static in their knowledge. E.g. in above cited example, a new disease (say Dengue) which also may have similar symptoms like Malaria may not be predicted unless some more questions are asked and some more knowledge is updated in knowledge base. They do not have the capacity to learn and from that point of view are static in their knowledge. E.g. in above cited example, a new disease (say Dengue) which also may have similar symptoms like Malaria may not be predicted unless some more questions are asked and some more knowledge is updated in knowledge base. Usage of specialised languages render maintenance of expert sys­ tems difficult Usage of specialised languages render maintenance of expert sys­ tems difficult Development costs of expert systems are high. This obvious because one may have to work with multiple experts to update knowledge base. Development costs of expert systems are high. This obvious because one may have to work with multiple experts to update knowledge base. Distributed by AGASS (http://www.agass.org)

98 98 / 125 Data Warehouse Data Warehouse as defined by researcher W. H. Inmon states that “It is a Subject - oriented, integrated, time- variant, non-volatile, collection of data in support of management’s decision making process” Data Warehouse as defined by researcher W. H. Inmon states that “It is a Subject - oriented, integrated, time- variant, non-volatile, collection of data in support of management’s decision making process” Another definition given by Wayne Eckerson says that “It is a Central Repository of clean, consistent, integrated & summarised information, extracted from multiple operational systems, for on-line query processing” Another definition given by Wayne Eckerson says that “It is a Central Repository of clean, consistent, integrated & summarised information, extracted from multiple operational systems, for on-line query processing” Distributed by AGASS (http://www.agass.org)

99 99 / 125 Features of Data Warehouse It is a Stand-alone application It is a Stand-alone application It has a repository of information which may be integrated from several, heterogeneous operational databases It has a repository of information which may be integrated from several, heterogeneous operational databases It stores large volumes of data which are frequently used for DSS It stores large volumes of data which are frequently used for DSS It is physically stored separately from organisation’s databases It is physically stored separately from organisation’s databases It is relatively static, and has infrequent updates It is relatively static, and has infrequent updates It is “Read-Only” application It is “Read-Only” application Distributed by AGASS (http://www.agass.org)

100 100 / 125 Preparation of Data Warehouse Data is copied from ERP or other Transaction processing systems and before uploading it in Data Warehouse, it is aggregated, summarised & filtered for suitable analysis. Data is copied from ERP or other Transaction processing systems and before uploading it in Data Warehouse, it is aggregated, summarised & filtered for suitable analysis. End users run queries against this data to identify trends, patterns & correlations hidden in the data. End users run queries against this data to identify trends, patterns & correlations hidden in the data. The following is a complete life cycle of a Data Warehouse. The following is a complete life cycle of a Data Warehouse. Prepare data Prepare data Transform data Transform data Load data Load data Model data Model data Establish Access – This gives to Data Warehouse data Establish Access – This gives to Data Warehouse data Retrieve data Retrieve data Analyse data Analyse data Archive data Archive data Destroy data from Data Warehouse Destroy data from Data Warehouse Distributed by AGASS (http://www.agass.org)

101 101 / 125 Data Mining Data Mining is a process of recognizing the patterns among the data in the data warehouse. Data Mining is a process of recognizing the patterns among the data in the data warehouse. IS Auditors can place more reliance on the data mining technique to assess audit risk and to collect and evaluate audit risk by : IS Auditors can place more reliance on the data mining technique to assess audit risk and to collect and evaluate audit risk by : Detecting errors and irregularities Detecting errors and irregularities Knowledge discovery by better assessing safeguarding of assets, data integrity and effective and efficient operation of the system Knowledge discovery by better assessing safeguarding of assets, data integrity and effective and efficient operation of the system Distributed by AGASS (http://www.agass.org)

102 102 / 125 Decision Support Systems (DSS) These are information systems that provide interactive information support to managers with the use of analytical models. These are information systems that provide interactive information support to managers with the use of analytical models. DSS are designed to be adhoc systems, modelled for specific decisions of individual managers. DSS are designed to be adhoc systems, modelled for specific decisions of individual managers. These system satisfy such queries which are not answered by the transactions processing systems. These system satisfy such queries which are not answered by the transactions processing systems. Typical examples could be: Typical examples could be: Comparative sales figures between two consecutive months for dif­ferent products with the percentage variation to total sales Comparative sales figures between two consecutive months for dif­ferent products with the percentage variation to total sales Revenue and Cost projections on the basis of certain product mix Revenue and Cost projections on the basis of certain product mix Evaluation of different alternatives, leading to selection of the best one. Evaluation of different alternatives, leading to selection of the best one. Distributed by AGASS (http://www.agass.org)

103 103 / 125 Point of Sale Systems (POS) A POS system is intended to capture data at the time and place of transaction which is being initiated by a business user. A POS system is intended to capture data at the time and place of transaction which is being initiated by a business user. It is often attached to scanners to read bar codes and magnetic cards for credit card payment and electronic sales. It is often attached to scanners to read bar codes and magnetic cards for credit card payment and electronic sales. POS provide significant cost and time saving as compared to the manual methods. POS provide significant cost and time saving as compared to the manual methods. Also eliminate errors that are inherent in manual system Also eliminate errors that are inherent in manual system POS may involve batch processing or an online processing. POS may involve batch processing or an online processing. Distributed by AGASS (http://www.agass.org)

104 104 / 125 Automatic Teller Machines (ATM) An automated teller machine is a specialized form of the point of sale terminal. An automated teller machine is a specialized form of the point of sale terminal. This is designed for unattended use by a customer of a financial institution. This is designed for unattended use by a customer of a financial institution. The ATMs generally allow cash deposits, cash with­drawals and a range of banking operations like cheque book requisition, requesting account statement etc. The ATMs generally allow cash deposits, cash with­drawals and a range of banking operations like cheque book requisition, requesting account statement etc. ATMs are generally used for use after the closing hours of the financial institution and can be located either adjacent to the location of the financial institution or may be at a distant place. ATMs are generally used for use after the closing hours of the financial institution and can be located either adjacent to the location of the financial institution or may be at a distant place. The facility of ATM can be within a bank, across local banks and amongst the banks outside a region. The facility of ATM can be within a bank, across local banks and amongst the banks outside a region. ATMs transfer the information and money over communication lines. ATMs transfer the information and money over communication lines. These systems must provide a high level of logical and physical security for both the customer and the ATM machine. These systems must provide a high level of logical and physical security for both the customer and the ATM machine. Distributed by AGASS (http://www.agass.org)

105 105 / 125 Electronic Data Interchange (EDI Systems) Electronic Data Interchange is the oldest form of transmitting business transactions between the business partners with dissimilar computer systems. Electronic Data Interchange is the oldest form of transmitting business transactions between the business partners with dissimilar computer systems. EDI is used to transmit and exchange business documents like purchase orders, request for proposals, invoices and shipping notices in a standard machine readable format. EDI is used to transmit and exchange business documents like purchase orders, request for proposals, invoices and shipping notices in a standard machine readable format. The advantages of EDI are: The advantages of EDI are: Reduction in paperwork Reduction in paperwork Improved flow of information Improved flow of information No necessity of reeking of data No necessity of reeking of data Less errors while transmitting / exchange of information Less errors while transmitting / exchange of information Speed in communication due to electronic transmission Speed in communication due to electronic transmission Improvement in carrying out a business process. Improvement in carrying out a business process. Distributed by AGASS (http://www.agass.org)

106 106 / 125 How does the EDI system function? The EDI comprises of the following three elements: The EDI comprises of the following three elements: Communication Software : Communication Software : moves the data from one point to another moves the data from one point to another marks the start and the end of the EDI transmission marks the start and the end of the EDI transmission decides how the acknowledgements are transmitted and reconciled. decides how the acknowledgements are transmitted and reconciled. Translation Software : Translation Software : involves conversion of data from a business application translated into a standard format, to be transmitted over the communication network involves conversion of data from a business application translated into a standard format, to be transmitted over the communication network convert this data back from the EDI format into the proprietary format of the receiver organization. convert this data back from the EDI format into the proprietary format of the receiver organization. EDI standard : EDI standard : which specifies the standards for the transmittal of the business documents like invoices, purchase orders etc. which specifies the standards for the transmittal of the business documents like invoices, purchase orders etc. Distributed by AGASS (http://www.agass.org)

107 107 / 125 How does the EDI system function?... Traditional EDI process generally involves three functions within each trading partner's computer system. Traditional EDI process generally involves three functions within each trading partner's computer system. Communication handler : Process for transmitting and receiving elec­tronic documents between trading partners via Dial up lines, Public switched network, Multiple dedicated lines or a value added network. Communication handler : Process for transmitting and receiving elec­tronic documents between trading partners via Dial up lines, Public switched network, Multiple dedicated lines or a value added network. EDI Interface : EDI Interface : Interface function manipulates and routes the data between the application system and the communications handler. Interface function manipulates and routes the data between the application system and the communications handler. EDI interface may generate and send the functional acknowledgements, verify the identity of the partners and check the validity of the transactions by checking the transmission information against the trading partner master file. EDI interface may generate and send the functional acknowledgements, verify the identity of the partners and check the validity of the transactions by checking the transmission information against the trading partner master file. The interface consists of two components : EDI Translator & Applications Interface The interface consists of two components : EDI Translator & Applications Interface Application System : The programs that process the data sent to, received from, the trading partner. E.g. Purchase orders from purchasing system. Application System : The programs that process the data sent to, received from, the trading partner. E.g. Purchase orders from purchasing system. Distributed by AGASS (http://www.agass.org)

108 108 / 125 EDI standards There are two competing and mutually incompatible standards for EDI in existence today. They are the ANSI ASCX.12 (American National Standards Institute-Accredited Standards Committee) and UN/EDIFACT (United Nations / Electronic Data Interchange for Administration Commerce and Trade) standards. There are two competing and mutually incompatible standards for EDI in existence today. They are the ANSI ASCX.12 (American National Standards Institute-Accredited Standards Committee) and UN/EDIFACT (United Nations / Electronic Data Interchange for Administration Commerce and Trade) standards. Features of ANSI ASCX.12: Features of ANSI ASCX.12: This standard was developed by ANSI, and has been adopted in the USA and some pacific Rim countries) This standard was developed by ANSI, and has been adopted in the USA and some pacific Rim countries) Standards for 250 transactions are currently available. Standards for 250 transactions are currently available. It is relatively rigid and inflexible when compared to EDIFACT It is relatively rigid and inflexible when compared to EDIFACT Features of UN/ EDIFACT: Features of UN/ EDIFACT: This standard was originally developed in Europe and adopted by United Nations. This standard was originally developed in Europe and adopted by United Nations. They are relatively flexible when compared to X.12 They are relatively flexible when compared to X.12 Flexibility has lead to frequent versions. Different Companies may have different versions leading to conflicts Flexibility has lead to frequent versions. Different Companies may have different versions leading to conflicts Adopted in areas where X.12 was not adopted Adopted in areas where X.12 was not adopted Both the above standards are relatively expensive and have found the acceptance in large organizations and do not address to the needs of the small and medium size enterprises. Both the above standards are relatively expensive and have found the acceptance in large organizations and do not address to the needs of the small and medium size enterprises. Distributed by AGASS (http://www.agass.org)

109 109 / 125 Web Based EDI Web based EDI has become popular because Web based EDI has become popular because Substantial reduction in the cost for small size organizations be­cause the trade partners can use VPN on Internet as against dedi­cated communication lines. Substantial reduction in the cost for small size organizations be­cause the trade partners can use VPN on Internet as against dedi­cated communication lines. Its ability to attract new partners via web based sites Its ability to attract new partners via web based sites Improvement in the traditional EDI format Improvement in the traditional EDI format New security products are available to address issues of confidenti­ality, integrity, authentication and non repudiation. New security products are available to address issues of confidenti­ality, integrity, authentication and non repudiation. Distributed by AGASS (http://www.agass.org)

110 110 / 125 Electronic Commerce (e-Commerce): e-Commerce involves, information sharing, payment, fulfillment and service and support. e-Commerce involves, information sharing, payment, fulfillment and service and support. It has 4 functions : It has 4 functions : Information Sharing Information Sharing Payment Payment Fulfillment Fulfillment Service and Support Service and Support Distributed by AGASS (http://www.agass.org)

111 111 / 125 The Advantages of the E Commerce are: Savings in Cost Savings in Cost Saving in transaction time Saving in transaction time No limitations of the geographical boundaries. No limitations of the geographical boundaries. Larger availability of the customer base for the suppliers and larger choice to the customers Larger availability of the customer base for the suppliers and larger choice to the customers No restriction of timings No restriction of timings Storage or holding cost can be greatly reduced Storage or holding cost can be greatly reduced Different roles for the intermediaries Different roles for the intermediaries Distributed by AGASS (http://www.agass.org)

112 112 / 125 Types of E Commerce Models Business to Business (B to B) relationship Business to Business (B to B) relationship Business to consumer (B to C) relationship Business to consumer (B to C) relationship Business to Employee (B to E) relationship Business to Employee (B to E) relationship Business to Government (B to G) relationship Business to Government (B to G) relationship Consumers to Consumers (C to C) relationship Consumers to Consumers (C to C) relationship Citizen to Government (C to G) relationship Citizen to Government (C to G) relationship Exchange to Exchange (X to X) relationship Exchange to Exchange (X to X) relationship Distributed by AGASS (http://www.agass.org)

113 113 / 125 Enterprise Resource Planning Systems (ERP Systems) Enterprise Resource Planning (ERP) are fully integrated corporate solutions focusing on the business applications like finance and control, pro­duction planning, sales, warehousing and logistics etc. Enterprise Resource Planning (ERP) are fully integrated corporate solutions focusing on the business applications like finance and control, pro­duction planning, sales, warehousing and logistics etc. Presently, there are many ERPs available in the market like SAP, Oracle Applications, BAAN, People Soft etc. Presently, there are many ERPs available in the market like SAP, Oracle Applications, BAAN, People Soft etc. The ERPs save lot of time by recording the business transaction only once and at the first instance only. The ERPs save lot of time by recording the business transaction only once and at the first instance only. Distributed by AGASS (http://www.agass.org)

114 114 / 125 Chapter 6 Auditing the System Development Process Distributed by AGASS (http://www.agass.org)

115 115 / 125 IS Auditor's Role in Systems Development, Acquisition and Maintenance Identifying subsystems and modules, their goals and user function­ality expectations Identifying subsystems and modules, their goals and user function­ality expectations Checking if the control recommendations are appropriate for the risks identified Checking if the control recommendations are appropriate for the risks identified Advising the design team on incorporating control measures Advising the design team on incorporating control measures Verifying if the recommendations he has made are properly imple­mented Verifying if the recommendations he has made are properly imple­mented To ensure that the systems help to meet the organisational objectives To ensure that the systems help to meet the organisational objectives Distributed by AGASS (http://www.agass.org)

116 116 / 125 IS Auditor's Role in Systems Development, Acquisition and Maintenance To ensure the qual­ity of the deliverables. To ensure the qual­ity of the deliverables. Reviewing the change management process Reviewing the change management process To assess the effectiveness of the system in the post implementation phase. To assess the effectiveness of the system in the post implementation phase. Reviewing the maintenance procedure Reviewing the maintenance procedure To ensure adequate documentation To ensure adequate documentation Ensuring production source integrity during the maintenance phase Ensuring production source integrity during the maintenance phase Distributed by AGASS (http://www.agass.org)

117 117 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC Has to review all the phases of the system develop­ment life cycle, such as: Has to review all the phases of the system develop­ment life cycle, such as: Feasibility study Feasibility study has to ensure that the suggested technology is viable before implementing it in the de­velopment process. has to ensure that the suggested technology is viable before implementing it in the de­velopment process. can provide a valuable inputs in evaluating the cost-benefit analysis. can provide a valuable inputs in evaluating the cost-benefit analysis. System requirement definition System requirement definition To review problem definition To review problem definition To review Information flows To review Information flows To evaluate the methodology employed and the compliance level. To evaluate the methodology employed and the compliance level. To check use of CASE tools, be­cause the quality of work is likely to be better in CASE environ­ments To check use of CASE tools, be­cause the quality of work is likely to be better in CASE environ­ments Distributed by AGASS (http://www.agass.org)

118 118 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC Software acquisition Software acquisition The decision to acquire the software should flow from the feasibility study The decision to acquire the software should flow from the feasibility study The auditor should also ensure that the software acquired would meet the overall design goals of the proposed system. The auditor should also ensure that the software acquired would meet the overall design goals of the proposed system. RFP (Request for proposal) should be checked for adequacy. RFP (Request for proposal) should be checked for adequacy. Should check the criteria for pre-qualification of vendors. Should check the criteria for pre-qualification of vendors. To check justification for the selection of the final vendor / product. To check justification for the selection of the final vendor / product. availability of sufficient documentation to support the above decision. availability of sufficient documentation to support the above decision. The auditor may also collect information on vendor viability, support infrastructure, service record and the like. The auditor may also collect information on vendor viability, support infrastructure, service record and the like. Should thoroughly review the contract signed with the vendor Should thoroughly review the contract signed with the vendor Distributed by AGASS (http://www.agass.org)

119 119 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC Detailed design and programming Detailed design and programming In non-CASE environ­ments, the auditor may have to undertake a detailed design review: In non-CASE environ­ments, the auditor may have to undertake a detailed design review: The design diagrams should be checked for compliance with stan­ dards The design diagrams should be checked for compliance with stan­ dards To check for appropriate approvals for any change that has been incorporated in the design stage To check for appropriate approvals for any change that has been incorporated in the design stage To check the design for modularity. To check the design for modularity. To review the input, processing and output controls of systems. To review the input, processing and output controls of systems. To check the user interface design for usability, appropriateness, compliance with standards and acceptance by users. To check the user interface design for usability, appropriateness, compliance with standards and acceptance by users. Distributed by AGASS (http://www.agass.org)

120 120 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC Availability of Audit trails. Availability of Audit trails. To check compatibility, interoperability and scalability for selected hardware and software To check compatibility, interoperability and scalability for selected hardware and software To check Flow charts and other such tools To check Flow charts and other such tools To check their implementation in programs To check their implementation in programs To focus on Exception data handling To focus on Exception data handling To test the design and program for such data. To test the design and program for such data. To ensure that the 'bugs' have been fixed. To ensure that the 'bugs' have been fixed. Distributed by AGASS (http://www.agass.org)

121 121 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC Testing Testing To review the test plans for completeness. To review the test plans for completeness. To verify Cyclical processing such as month-end reports etc. To verify Cyclical processing such as month-end reports etc. To verify Security functions of the system. To verify Security functions of the system. Implementation Implementation The documentation on parallel run, if available, should be reviewed for effectiveness. The documentation on parallel run, if available, should be reviewed for effectiveness. Operating procedures should be checked for clarity and accuracy Operating procedures should be checked for clarity and accuracy System and user documents should be checked for adequacy, clarity System and user documents should be checked for adequacy, clarity and currency. and currency. It should be ensured that data conversion has been completed and all past data are available in a format readable by the new software. It should be ensured that data conversion has been completed and all past data are available in a format readable by the new software. Distributed by AGASS (http://www.agass.org)

122 122 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC Post-implementation and maintenance Post-implementation and maintenance System's ability to fulfill ob­jectives that were specified initially. System's ability to fulfill ob­jectives that were specified initially. Compliance with change control procedure Compliance with change control procedure Functioning of controls in accordance with design Functioning of controls in accordance with design Review of operator error logs Review of operator error logs Distributed by AGASS (http://www.agass.org)

123 123 / 125 IS Auditor's Role in Reviewing Developmental Phases of SDLC System change procedures and program migration process System change procedures and program migration process On a periodic basis, the auditor should check the following : On a periodic basis, the auditor should check the following : Procedures for authorising, prioritising and tracking system chang­es Procedures for authorising, prioritising and tracking system chang­es Appropriateness of authorisations for selected change requests Appropriateness of authorisations for selected change requests Existence of program change history Existence of program change history The match program and documentation versions The match program and documentation versions Access control procedures on source and executable codes in pro­duction directory Access control procedures on source and executable codes in pro­duction directory Procedure for emergency changes Procedure for emergency changes Security of emergency login ids. Security of emergency login ids. The match between current version of source code and executable code in production directory The match between current version of source code and executable code in production directory Distributed by AGASS (http://www.agass.org)

124 124 / 125 IS Auditor's Role in Project Management Objective : Objective : The risk management process includes… The risk management process includes… the measures undertaken to mitigate the risks at costs commensurate with the level of risks. the measures undertaken to mitigate the risks at costs commensurate with the level of risks. Not recognising risks or providing exorbitantly costly mitigation measures for trivial risks should be avoided Not recognising risks or providing exorbitantly costly mitigation measures for trivial risks should be avoided IS Auditor should : IS Auditor should : Collect documentation of each phase and check for adequacy and completion. Collect documentation of each phase and check for adequacy and completion. Attend project meetings to check the compliance of the develop­ ment process. Attend project meetings to check the compliance of the develop­ ment process. Advise the team on adequate and cost effective control measures. Advise the team on adequate and cost effective control measures. Represent the management interest in the team by continuously as­sessing the ability of the team to meet targets that have been set. Represent the management interest in the team by continuously as­sessing the ability of the team to meet targets that have been set. Distributed by AGASS (http://www.agass.org)

125 125 / 125 !!! End of Module - IV !!! Distributed by AGASS (http://www.agass.org)


Download ppt "1 / 125 Systems Development Life Cycle & Applications System Distributed by AGASS (http://www.agass.org)"

Similar presentations


Ads by Google