chapter 8 sdlc

8/17/2019 Chapter 8 SDLC

1/14

System Administration(Software/System Development Life

Cycle)

Notes


2/14

Software/System Development LifeCycle (SDLC)

● This is a framework that describes activitiesperformed at each sta e of a Software/Systemdevelopment pro!ect

● Can have different types i"e" # $– %aterfall– &rototypin– A ile– And so many more


3/14

SDLC $ 'enefits

● 'etter plannin and control by pro!ect mana ers"● Compliance to prescribed standards ens rin

better ality"● Doc mentation that SDLC stresses on is an

important meas re of comm nication and control"● The phases are important milestones and help the

pro!ect mana er and the ser for review and si noff"


4/14

SDLC * 'enefits for A ditors● The +S a ditor can have clear nderstandin of the vario s

phases if the SDLC on the basis of the detaileddoc mentation created d rin each phase of the SDLC"

● The +S A ditor on the basis of his e,amination- can state in

his report abo t the compliance by the +S mana ement of theproced res- if any- set by the mana ement"

● The +S A ditor- if has a technical knowled e and ability of thearea of SDLC- can be a ide d rin the vario s phases ofSDLC"

● The +S a ditor can provide an eval ation of the methods andtechni es sed thro h the vario s development phases ofthe SDLC


5/14

SDLC $ .isks

● The development team mi ht find itc mbersome

● The sers my find the end prod ct is not visible

for a lon time● The ri idity of the approach may prolon the

d ration of many pro!ects●

+t may not be s itable for small and medi msi ed pro!ects


6/14

SDLC * The 'asic Steps

● &rimarily the ma!or steps of the SDLC modelare 0- namely &reliminary +nvesti ation-.e irement Analysis- Systems Desi n-

Systems Development- System Testin -System +mplementation and 1aintenance● ' t for the p rposes of this co rse- we will only

look at the 2 basic steps of # Analysis-Development- Testin 3 +mplementation"


7/14

SDLC * The 'asic Steps Cont"● Analysis # $ 4ere yo are analy in the type of system on the basis of the

sers re irements" 5acts of what the sers re ire can be obtainedthro h doc ments- estionnaires- interviews- observations

● Development # $ here yo are pro rammin or developin the system asdesi ned and cond ctin the contin o s testin and deb in by

convertin the specification into a f nctionin system● Testing # $ At this sta e- vario s kinds of testin are cond cted before the

developed system is implemented● Implementation # $ 5inal Testin and ality of controls a dit- acceptance

by mana ement and ser before mi ration of the system to the live

environment and data conversion from le acy system to the new system"● 1ore on this sta e can be read from the attached pdf


8/14

System/Software DevelopmentA dits

● The system development process is a pro!ect thata company ndertakes" 5or more detailedinformation abo t what we will be disc ssin herecan be fo nd in the +T A ditin Te,t book (Schillerand Davis pa e 607 A ditin company pro!ects)

● 8ven tho h the a dit process never really stopsd rin the entire pro!ect d ration- there are a few

si nificant differences between the a dits thatocc r on either side of the implementationprocess (pre and post)


9/14

&re$+mplementation A dits● A pre$implementation a dit is an a dit carried o t on

departmental/a ency systems d rin the desi n/development andinstallation process rather than after the system has been t rnedover to the client for operation"

●

%hy999 The rationale for initiatin pre$implementation a ditin isthat it is more cost$effective to correct weaknesses in the controlframework d rin the desi n/ development and installationprocess than after implementation- when lar e antities ofreso rces have been e,pended and stron commitment to theentity nder desi n has been enerated"

● This does not eliminate the need for post$implementation a ditsas there is no ass rance that what was desi ned and installed

was maintained or operated as intended- and that the ori inalre irements contin e to hold tr e"


10/14

&re$+mplementation A dits Cont"

● 4ere the a ditor has to ens re that the correctprocesses are followed d rin the systemdevelopment process"

●

The a ditor also has to a dit the controlframeworks that are bein embedded in the desi nof the said system

● The ma!or disadvanta e of the pre$implementation

a dit is that of impairin independence" This meansthat the a ditor d rin the a dit process will impactthe desi n of the system if not properly monitored"


11/14

&ost +mplementation A dits

● A &ost$+mplementation .eview (&+.) is an assessment andreview of the completed workin sol tion" +t will be performedafter a period of live r nnin - some time after the pro!ect iscompleted"

● There are three main reasons of a &+A– To ascertain the de ree of s ccess from the pro!ect- in partic lar- the

e,tent to which it met its ob!ectives- delivered planned levels of benefit- andaddressed the specific re irements as ori inally defined"

– To e,amine the efficacy of all elements of the workin b siness sol tion tosee if f rther improvements can be made to optimise the benefit delivered"

– To learn lessons from this pro!ect- lessons which can be sed by the teammembers and by the or anisation to improve f t re pro!ect work andsol tions"


12/14

&ost +mplementation A dit Cont"● &ost +mplementation A dits are done by a ditors and sho ld

look at these main iss es● Current Situation # $ to check if the re ired f nctionality is

available- also whether proced res are properly doc mented-p blished and known abo t

● Benefits # $ to check the final cost of the pro!ect and also what arethe operatin costs of the new sol tion

● Future Improvements # $ eval ate whether coachin and trainincan improve the de ree of benefits of the new system" Also can see

which learnin points can be sed for f t re pro!ects to improveefficiency and effectiveness"

● The ma!or disadvanta e of &+A is that it becomes costly tocorrect problems that were made d rin the developmentsta es


13/14

Software Sec rity A ditin andControl

● &art ' +ncident .esponse and basic steps# $● +dentification● Containment● Collection● .ecovery● Analysis


14/14

chapter 8 sdlc

Documents