CISA - 3th Chapter - System and SDLC

Chapter # : 03 - CISAChapter # : 03 - CISA 11

System and Infra Structure System and Infra Structure Life Cycle ManagementLife Cycle Management

Chapter No. 3 Chapter No. 3

To ensure that the IS auditor understand and can provide assurance that To ensure that the IS auditor understand and can provide assurance that the management practices for the development/acquisition, testing, the management practices for the development/acquisition, testing,

implementation, maintenance and disposal of system and infrastucture implementation, maintenance and disposal of system and infrastucture will meet organization objectiveswill meet organization objectives


• Feasibility Study :Feasibility Study :• It concerned with analyzing the benefits and solution It concerned with analyzing the benefits and solution

for the identified problem areafor the identified problem area• Strategic benefits of implementing new systemStrategic benefits of implementing new system• Identifies and quantifies the cost savingIdentifies and quantifies the cost saving• Estimates the payback periodEstimates the payback period• Shows projected revenue on investment (ROI)Shows projected revenue on investment (ROI)• Intangible benefitsIntangible benefits

Description of Traditional SDLC phases :Description of Traditional SDLC phases :


• Requirement Definition :Requirement Definition :Identification and specification of the business Identification and specification of the business

requirements of the system chosen for development requirements of the system chosen for development during feasibility study. during feasibility study.

• Descriptions what a system should doDescriptions what a system should do• How user will interact with systemHow user will interact with system• Conditions under which the system will operateConditions under which the system will operate• Information criteria the system should meetInformation criteria the system should meet



• Design :Design :Depending on the complexity of the system, several Depending on the complexity of the system, several

iteration in defining system level specification may be iteration in defining system level specification may be needed. Key factors in this sectorneeded. Key factors in this sector

• User Involvement in the designUser Involvement in the design• Software baseline Software baseline • IS Auditors Involvement IS Auditors Involvement



• Development :Development :Key activities :Key activities :• Coding and developing programs and system level Coding and developing programs and system level

documentsdocuments• Debugging and testing program developedDebugging and testing program developed• Developing program to convert data from old to new Developing program to convert data from old to new

systemsystem• Creating procedures to handle transition to the new Creating procedures to handle transition to the new

systemsystem• Training selected usersTraining selected users• Ensure modifications are documented and applied Ensure modifications are documented and applied

accurately and completelyaccurately and completely• IDEIDE• Program LanguagesProgram Languages• Program TestingProgram Testing



• Implementation :Implementation :Key activities :Key activities :• Implementation planningImplementation planning• End user trainingEnd user training• Large scale data conversionLarge scale data conversion• Cutover (Go-live) TechniquesCutover (Go-live) Techniques

• Parallel ChangeoverParallel Changeover• Phased ChangeoverPhased Changeover• Abrupt ChangeoverAbrupt Changeover



• Post Implementation Review :Post Implementation Review :



• Risk Associated with Software Development:Risk Associated with Software Development:• Within ProjectWithin Project• With suppliersWith suppliers• Within organizationWithin organization• External EnvironmentExternal Environment



• E-Commerce Models:E-Commerce Models:• B2CB2C• B2BB2B• B2EB2E• B2GB2G

• E-Commerce ArchitectureE-Commerce Architecture• One TierOne Tier• Two TierTwo Tier• Three TierThree Tier• Multi TierMulti Tier

• E-Commerce RisksE-Commerce Risks

E-commerce:E-commerce:


• EDIEDI• Traditional EDITraditional EDI• Web based EDIWeb based EDI• EDI Risk and ControlsEDI Risk and Controls

• Electronic Fund TransferElectronic Fund Transfer

• CRM - 195CRM - 195

• SCMSCM - 195- 195

E-commerce:E-commerce:


• 3.7.1 Agile Development - 1963.7.1 Agile Development - 196• 3.7.2 Prototyping - 1963.7.2 Prototyping - 196• 3.7.3 Rapid Application Development (RAD) -1983.7.3 Rapid Application Development (RAD) -198

Alternative Forms of Software Project OrganizationAlternative Forms of Software Project Organization


• RFC – Request for Change Document – 208RFC – Request for Change Document – 208

• Deploying the ChangesDeploying the Changes• DocumentationDocumentation• Testing Changed ProgramTesting Changed Program• Auditing Program ChangesAuditing Program Changes• Emergency ChangesEmergency Changes• Deploying Changes Back to into productionDeploying Changes Back to into production• Change Exposures (Unauthorised Changes)Change Exposures (Unauthorised Changes)

Change Management Process Overview - 207Change Management Process Overview - 207

Documents

CISA - 3th Chapter - System and SDLC