1. Systems Professionals
o gather facts about problems with the current system, analyze these facts
and formulate a solution to solve the problems
o include: systems analysts, systems engineers and programmers
2. End Users
o for whom the system is built
3. Stakeholders
o individuals either within or outside the organization who have an interest in
the system but are not end users
4. Accountants/Auditors
o those professionals who address the controls, accounting, and auditing
issues for systems development
1. In-House Development
o requires maintaining a full systems staff of analysts and programmers who
identify user information needs and satisfy their needs with custom
systems.
2. Commercial Systems
o systems are purchased from software vendors
Objective:
to link individual system projects or applications to the strategic objectives of
the firm
Responsibilities:
a. Resolving conflicts that arise from new systems
b. Reviewing projects and assigning priorities
c. Budgeting funds for systems development
d. Reviewing the status of individual projects under development
e. Determining at various checkpoints throughout the SDLC whether to
continue with the project or terminate it
Why perform?
a. A plan that changes constantly is better than no plan at all
b. Strategic planning reduces the crisis component in systems
development
c. Strategic systems provides planning authorization control for the SDLC
d. Cost management
2. Project Planning
o purpose: to allocate resources to individual applications within the
framework of the strategic plan
Two-Step Process
1. Survey of the current system
2. Analysis of the user’s needs
Survey Step
involves a detailed system survey
facts pertaining preliminary questions about the system are gathered and
analyzed
Advantages
a. Identifying what aspects of the old system should be kept
b. Forcing systems analysts to fully understand the system
c. Isolating the root of problem symptoms
Disadvantages
a. Current physical tar pit
b. Thinking inside the box
Fact-Gathering Techniques
1. Observation
involves passively watching the physical procedures of the system
2. Task Participation
the analyst takes an active role in performing the user’s work
3. Personal Interviews
a. Open-ended Questions
b. Questionnaires
4. Reviewing Key Documents
Analysis Step
the analyst is simultaneously analyzing as he gathers facts, therefore it is difficult
to identify where survey ends and analysis begins
Purpose:
to produce several alternative conceptual systems that satisfy the systems
requirements identified during systems analysis
Object-Oriented Approach
building information systems from reusable standard components or objects
Two Steps:
1. Perform a detailed feasibility study
2. Perform a cost-benefit analysis
Five Aspects
1. Technical Feasibility
o concerned with whether the system can be developed under existing
technology or if new technology is needed
2. Economic Feasibility
o pertains to the availability of funds to complete the project
3. Legal Feasibility
o identifies any conflicts between the conceptual system and the
company’s ability to discharge its legal responsibilities
4. Operational Feasibility
o shows the degree of compatibility between the firm’s existing procedures
and personnel skills and the operational requirements of the new system
5. Schedule Feasibility
o relates to the firm’s ability to implement the project within an acceptable
time
Steps:
1. Identify Costs
a. one-time costs
b. recurring costs
2. Identify Benefits
a. tangible benefits
b. intangible benefits
3. Compare Costs and Benefits
o common methods:
a. Net Present Value Method
b. Payback Method
Purpose:
to produce a detailed description of the proposed system that both satisfies the
system requirements identified during systems analysis and in accordance with
the conceptual design
Approaches:
a. Cold Turnkey Cutover
the firm switches to the new system and simultaneously terminates the
old system
b. Phased Cutover
the entire system need not be cutover at once
c. Parallel Operation Cutover
involves running the old system and the new system simultaneously
Post-Implementation Review
review is conducted by an independent team to measure the success of the
system and of the process after the dust has settled
post-implementation evidence:
a. Systems Design Adequacy
b. Accuracy of Time, Cost and Benefit Estimates
Audit Objectives
a. verify that SDLC activities are applied consistently and in accordance
with management’s policies
b. determine that the system as originally implemented was free from
material errors and fraud
c. confirm that the system was judged to be necessary and justified at
various checkpoints throughout the SDLC
d. verify the system documentation is sufficiently accurate and complete to
facilitate audit and maintenance activities
Audit Procedures
o auditor should select a sample of completed projects and review the
documentation for evidence of compliance with SDLC policies
Specific Points for Review:
a. proper authorization of the project
b. preliminary feasibility
c. detailed analysis of user needs
d. cost-benefit analysis using reasonably accurate figures
e. project’s documentation shows that detailed design was appropriate
and accurate solution to problem
f. test results at both the individual module and the total system level
g. checklist of specific problems along with evidence that they were
corrected
h. systems documentation complies with requirements and standards
Audit Objectives
detect unauthorized program maintenance
determine that maintenance procedures protect applications from
unauthorized changes
determine that applications are free from material errors
program libraries are protected from unauthorized access
Audit Procedures
1. Identify Unauthorized Changes
a. Reconcile program version numbers
b. Confirm maintenance authorization
REFERENCES: