Flashcards in Internal Controls & IT General Controls 2(b)(ii) - SDLC Deck (12):
Name the 9 Phases under the "Systems Development Life Cycle" (SDLC):
(1) Strategic IT planning
(2) Info Requirements
(3) Conceptual Design
(4) Eval of alt solutions
(5) Detailed Systems Design
(6) Programming or Purchasing
(9) Monitoring and maintenance
What is the 1st phase of the Systems Development Life Cycle (SDLC) and its purpose?
IT Strategic Planning:
- Purpose to ensure proposed change has business case that demonstrates how project will achieve goals and objectives, and how it adds value
- Thorough written IT strategy and capital budget process incl'g written objectives
- Ex doc: Strategic plan, BoD minutes, IT capital budget, feasibility studies, project authorization by IT governance body
What is the 2nd phase of the Systems Development Life Cycle (SDLC) and its purpose?
Info Requirements (systems analysis):
- Systems analysts, project mgrs or IT gathers req'mts for proposed system by talking to project sponsor, functional area end users and relevant parties to determine functionality software should include:
- As info req'mts gathered, document in standardized form and follow SDLC best practices
- Key issues that should be included in mature orgs are expert input on controls, any info security issues and scope of data to be collected (what is needed for effective BI later)
- Ex of doc's: Info Req'mts docs, systems analysis report
What is the difference btwn AppDev and SysDev?
- SysDev is broader than AppDev and includes systems of technologies
- AppDev is about an application or core grp of interrelated apps
What is the 3rd phase of the Systems Development Life Cycle (SDLC) and its purpose?
- Conceptual Design
- IT develops "Conceptual Design" based on info gathered in "Systems Analysis"/"Info Req'mts" phase
- Conceptual design should diagram proposed system for vendors to bid, or programmers and analysts to make ETA and resources to complete the project
- Ex docs: Diagram or doc of design, summarized data flow diagram (DFD), systems flowchart, programming flowchart,
- Develop technical blueprint and specs for solution to fulfill business requirements
What is the 4th phase of the Systems Development Life Cycle (SDLC) and its purpose?
- Eval alternative solutions
- May lead to sending request for proposal (RFP) to vendors for bids.
- Alternatives might be to:
(1) Build - entity’s programmers code
(2) Buy - outsource programming to vendor.
- Ex docs: Doc of process, PMO minutes, feasibility study, cost-benefit analysis, system selection report
What is the 5th phase of the Systems Development Life Cycle (SDLC) and its purpose?
- 5th (of 9) Phase is "Detailed Systems Design"
- Whether build or buy choice, need detailed schematic of proposed systems’ functionality, including:
(1) Input docs (source docs) processing details, and
(2) Output docs (screens, printouts)
- Ex docs: Design schematic, normalized data doc, systems design process doc: detailed DFD, entity-relationship (ER) diagram, relational model diagram, data dictionary
What is the 7th phase of the Systems Development Life Cycle (SDLC) and what is involved?
- 7 (of 9) Phase is "Testing"
- Critical success factor in reducing IT risks associated w/ change mgmt
- Test offline before deployed online
- Process should be planned, managed and documented
- Mgmt develop testing plan (checklist) of procedures, including signatures of those performing testing and end users verify successful testing
- Establish "staging area" where systems similar to enterprise system is housed and used strictly for testing (allows isolated app or hardware to be plugged into enterprise interfaced system of hardware and software where best, broadest test can be performed)
- Testing more critical if writes own code bc risk of errors in code is greater
- Ex docs: Testing checklist/plan, testing results documented, user testing signoff, testing results approval/signoff by project sponsor and/or project mgr, project plan
Under the "Systems Development Life Cycle" (SDLC), what is the 8th phase and its purpose?
- IMPLEMENTATION of app or hardware
- Occurs after testing performed
- Although testing occurred, still some significant risk in implementation
- IT dept have some higher level of alertness, watch performance to be ready to handle unexpected problems
- Ex of docs: Implement plan, doc of implementation, post implement review, user acceptance report, technical hardware and software solution for the business problem
Under the "Systems Development Life Cycle" (SDLC), what is the 9th phase and its purpose?
- Monitoring and maintenance
- 2 purposes related to IT risks and SDLC would be:
(1) Effective Operations - Impacts automated business processes and controls associated w/ significant financial systems
(2) Determine Need for Change - Reduces risk in diff manner by keeping effectiveness of systems and technologies at high level
- Ex of docs: Maintenance approval doc's, support services doc, IT help desk doc's (tickets, performance charts)
What is the purpose of a "Systems Development Life Cycle" (SDLC)?
- SDLC principles are best practices
- Presence of SDLC best practices IS a control in itself
- Serve as benchmarks for evaluating and measuring effectiveness of entity’s change mgmt controls, esp for custom software
- Following SDLC best practices minimizes IT risks associated w/ change mgmt