Google
 
   
Login
Username:

Password:


Lost Password?

Register now!
Search

Advanced Search
Main Menu
top books
Polls
What do you think about php-deluxe.net?
Excellent!
Cool
Hmm..not bad
What the hell is this?
encyclopedia
Formal specification
Coppermine Photo Gallery
Compact Disc plus...
Nvi
Software development...
Actor (UML)
Internet Control...
recommendation
compare webbrowser
Freenet DSL
Who's Online
8 user(s) are online (7 user(s) are browsing encyclopedia)

Members: 0
Guests: 8

more...
browser tip
Unix Befehle
manual of unix befehle
recommendation!
Sponsored
partner

Software development life cycle

The software development life cycle (SDLC) is a framework for understanding and developing information systems and Software successfully. Businesses can acquire Software in many ways, from simply purchasing it off the shelf to designing a system tailored to the business needs. There are many versions of the life cycle, each with their own strengths and weaknesses. An auditor should understand how each of these methods affects risk.

Some popular models of a SDLC include the waterfall model, the spiral model, and the incremental build model.

= Life Cycle Types =

== Rapid Application Development (RAD) ==

== End-User Development (EUD) ==

In this model, Software is developed and maintained by the end users themselves. Businesses rarely have controls over Software developed with this model, and it is often developed without a formal framework.

  • Errors from faulty design and implementation

    • = Auditor Involvement in Development =

    Auditors may be involved in SDLC projects to varying degrees, from a post-implementation review to thorough involvement of each step in the process. Each project should be assessed for risk to determine the appropriate level of review needed. In addition, auditors should consider how important the projects are to the financial statements, the degree of reliance on controls, and the existence of manual controls.

    Process risks include:

  • Lack of a formal development process
  • Unclear strategy
  • Lack of concrete standards
  • Poor management control

    • Application risks include:

  • High complexity of the project
  • Larger projects
  • Lack of end-user involvement
  • Inadequate personnel

    • = Auditor Review and Recommendations =

    Auditors should review the software development process and procedures, even if they are not involved in a particular project. This review should evaluate the procedures and how they are implemented. The process of development and the quality of the final Software may also be assessed if needed or requested. A business may want the auditing firm to be involved throughout the process to catch problems earlier on so that they can be fixed more easily. An auditor can serve as a controls consultant as part of the development team or as an independent auditor as part of an information technology audit.

    In making recommendations, auditors should consider the cost of implementing controls and alternatives such as manual controls. Recommendations should be forwarded to the development team leader, management, or the audit committee depending on the business. Clarifying the cost to the business if the control is not implemented in terms of errors, fixes, and additional audit fees.

    = Auditing Formal Software Development Processes =

    Businesses sometimes use formal systems development processes. These help assure that systems are developed successfully. A formal process is more effective in creating strong controls, and auditors should review this process to confirm that it is well designed and is followed in practice.

    A good formal systems development plan outlines:

  • An information systems strategy to align development with the organizations broader objectives
  • Standards for new systems
  • Project management policies for timing and budgeting
  • Procedures describing the process

    • = Auditing The System Development Process =

    Regardless of the methodology used, the development process should have the same major steps: planning, development, implementation, and maintenance.

    == Planning ==

    The planning phase determines the nature and scope of the development. If this stage is not performed well, it is unlikely that the project will be successful in meeting the businesss needs. The auditors key role in this phase is to understand the business environment and to make sure that all necessary controls are incorporated into the design. Any deficiencies should be reported and a recommendation should be made to fix them.

    In this planning stage, auditors look for a cohesive plan that encompasses the following areas:

  • Study analyzing the business needs in measurable goals
  • Review of the current system
  • Conceptual design of the operation of the new system
  • Equipment requirements
  • Financial analysis of the costs and benefits including a budget
  • Select programmers, users, and support personnel for the project
  • Project plan including tasks, deliverables, and schedule

    • == Development ==

    After the planning phase, the system is built and tested. Testing is generally performed by a combination of testers and end users. Testing can occur after the software is built or concurrently. Auditors should review the construction and testing procedures and results to ensure that the Software will process data accurately, that errors are minimized, and that it meets specifications.

    Testing verifies these factors:

  • The system satisfies the user and business requirements
  • Functions as it was designed
  • Works with hardware and other Software
  • Is free of errors

    • == Implementation ==

    The implementation phase includes:

  • Conversion
  • Documentation
  • Training

    • Conversion is the transfer of data from an old system to a new system. This process is often difficult and should be tested carefully for errors. Documentation is prepared both for programmers and end users to facilitate their different needs in understanding the system. Training increases user efficiency. From an auditor s perspective, training is also important because it helps users use the Software correctly.

    == Maintenance ==

    Software maintenance is an ongoing process, and it includes:

  • Continuing support of end users
  • Correction of errors
  • Updates of the Software over time

    • In this stage, auditors should pay attention to how effectively and quickly user problems are resolved.

    = See also =

  • Information technology audit
  • Information technology audit - operations

    • = External links =

  • [http://www.auditserve.com/articles/art_4.htm Analyzing the Deliverables Produced in the Software Development Life Cycle], Mitchell H. Levine, Audit Serve Inc. (2000)
  • [http://cs.wwc.edu/~aabyan/435/intro.html The Software Engineering Landscape], Anthony Aaby (2003)
    		•