6.2 Application Development
(a) Systems Development Methodology
In this section, approaches to develop or acquire information systems or application systems are presented. In addition, models deployed in and tools to be applied in software development are discussed. The need for conducting due care and due diligence reviews during system development or acquisition is highlighted.
(i) Traditional Approaches to Develop or Acquire Systems
Two approaches or methodologies exist to develop or to acquire information systems or application systems: traditional approaches and alternative approaches. The traditional approach requires systematic and disciplined work using a system development life cycle (SDLC) methodology with phases to ensure consistency and quality of work. Five phases of SDLC include the following:
Usually, the traditional approach combined with the SDLC methodology is used in developing custom software. Next, system-related activities and security-related activities are presented for each phase of the SDLC.
(A) Phase 1: Planning/Initiation
System-related activities are listed next.
- Understanding a functional user’s request for a new system
- Conducting a feasibility study (i.e., costs and benefits)
- Performing high-level needs assessment
- Doing a preliminary risk assessment
- Using decision tables, flowcharts, data-flow diagrams, and finite-state-machine ...
Get Wiley CIAexcel Exam Review 2014: Part 3, Internal Audit Knowledge Elements now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
