Chapter 5
Uploaded by
anil99senchuryChapter 5
Uploaded by
anil99senchuryYuvraj Bachhawat’s CA Final – ISCA 5.
1
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Chapter 5: Acquisition, Development & Implementation of Information
Systems
Introduction:
In the business context today, information systems are inevitable.
Information systems may be deployed by:
Acquisition of already functional ready-to-use systems or
Development of customised solutions using requisite IT infrastructure & support.
System acquisition efforts are made because:
Present system unable to meet the requirements of system users & stakeholders.
Availability of systems at affordable prices providing solution to requisite task &
functionalities.
Following are the few reasons which may also force the entity to go for system change:
Increased competition
Pressure on profits
Customer satisfaction
Capitalise new business opportunity
This Chapter is divided into Five Parts:
System Development Life Cycle
Basic Concepts System development Phases of System
(Part 1) Methodology (Part 2) Development (Part 3)
Auditors Role in SDLC Miscellaneous Topics
(Part 4) (Part 5)
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.2
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Part 1-Basic Concepts:
Part 1-Basic Concepts
1.1) - Six Stages of 1.2) - Business Process 1.3) - System development
SDLC Design Process
1.4) - Reasons for failure of 1.5) - System Development 1.6) - Accountants Involvement
System Development Teams (D) in Development
1.1) Six Stages of SDLC:
Phase / Stage Outcome
Preliminary Investigation Feasibility Report
Requirement Analysis SRS Agreement
Design of System Design Skeleton
Development of Software Working System
System Testing Tested System
Implementation & maintenance System go live
1) Preliminary Investigation:
When the user comes across a problem in the existing system or a totally new requirement
for computerisation, he submits a formal request for the same to the IT department.
It consists of 3 parts:
Request Clarification: To determine what user wants by conducting investigation
through various fact finding techniques.
Feasibility Study: To evaluate alternative systems through cost benefit analysis.
Request Approval: Which system should be undertaken based on Feasibility Report of
the Analyst.
2) Requirement Analysis:
Once the request of system development is approved, user requirements are studied by
making use of fact finding tools & techniques such as Questionnaires, Interviews,
observation etc.
Analyst study the present system to identify its problems and short comings and identify
the features which new system should include satisfying user needs.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.3
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Design of system:
This activity evolves the methodology and steps to be included in the system to meet the
identified needs and requirements of the system.
The analyst designs various procedures, reports, input files and database structures and
prepares the comprehensive system design.
These specifications are then passed on to the development team for program coding & testing.
4) Acquisition and development of software:
Once the system design details are resolved and system requirement specification document
is accepted by the user, the hardware and software details along with service requirements
are determined and procured.
Choices are made regarding which product to buy or lease from which vendors.
Analyst also works with users to develop documentation for software and various
procedure manuals.
5) System Testing:
System testing is conducted with various probable options & conditions to ensure that it
does not fail in any condition.
The system is expected to run as per specifications made in system requirement
specification and users expectations.
6) Implementation & Maintenance:
After above activities are completed system is implemented.
Activities during implementation are:
a) Conversion of data to new system files
b) Training of end users
c) System changeover
Maintenance is necessary because of changing organisational requirements or because of
failure to anticipate all requirements during system design.
1.2) Business Process Design:
Business process design means structuring or restructuring the tasks, functionalities and
activities for improvising a business system.
Business process design involves a sequence of steps described briefly in the following
sections:
1) Present Process Documentation:
In this step, the present business process is analyzed and documented.
The key deliverables of this step includes:
Well-defined short-comings of the present processes &
Overall business requirements
This step includes the following activities:
Understanding the business and the objectives for which it exists
Documenting the existing business processes
Analysis of the documented processes
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.4
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2) Proposed Process Documentation:
This step is to design the new process requirements for the system.
The design is based on the new system requirements and the changes proposed.
The activities include the following:
Understanding of the business processes necessary to achieve the business objectives.
Designing the new processes.
Documentation of the new process.
3) Implementation of New Process
This step is to implement largely the new as well as modified processes at the entity.
The critical activities may include the following:
Validating the new process
Implementing the new process
Testing the new process.
1.3) System Development:
Systems development refers to the process of examining a business situation with the
intent of improving it (business) through better procedures and methods.
System development can generally be thought of as having two major components:
System Analysis: is the process of gathering and interpreting facts, diagnosing
problems, and using the information to recommend improvements to the system.
System Design: is the process of planning a new business system or one to replace or
complement an existing system.
1.4) Achieving System Development Objectives:
Reasons why organizations fail to achieve their systems development objectives:
1) User Related Issues:
It refers to those issues where user/customer is reckoned as the primary agent.
Some of the aspects with regard to this problem are mentioned as follows:
a) Shifting User Needs:
User requirements for information technology are constantly changing.
When these changes occur during development processes, the development team faces
the challenge of developing systems whose very purposes might change since the
development process began.
b) Resistance to Change:
People have a natural tendency to resist change and information systems development
projects signal changes - often radical - in the workplace.
c) Lack of User Participation:
Users must participate in the development effort to define their requirements, feel
ownership for project success, and work to resolve development problems.
User participation also helps reduce user resistance to change.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.5
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
d) Inadequate Testing and User Training:
New systems must be tested before installation to determine that they operate
correctly.
Users must be trained to effectively utilize the new system.
2) Developer Related Issues:
It refers to the issues and challenges with regard to the developers.
Some of the critical bottlenecks are mentioned as follows:
a) Lack of Standard Project Management and System Development Methodologies:
It becomes very difficult to consistently complete projects on time or within budget
when organizations do not formalize their project management and system
development methodologies.
b) Overworked or Under-Trained Development Staff:
In many cases, systems developers often lack sufficient education background and
requisite state of the art skills.
3) Management Related Issues:
It refers to the bottlenecks with regard to organizational set up, administrative and overall
management to accomplish the system development goals.
Some of such bottlenecks are mentioned as follows:
a) Lack of Senior Management Support and Involvement:
Developers and users of information systems watch their senior management & shift
their efforts away from any project which is not receiving management attention.
b) Development of Strategic Systems:
Because strategic decision making is unstructured, the requirements, specifications,
and objectives for such development projects are difficult to define.
4) New Technologies:
When an organization applies advance Information technology, it generally finds that
attaining system development objectives is more difficult because personnel are not as
familiar with the technology.
1.5) System Development Team:
The system development team consists of :
1) The steering committee consisting of a group of key Information Systems services users that
act as a review body for Information Systems plans and applications development with the
aim to satisfy information requirements of managers and end users.
2) A project management team generally consists of both computer professionals and key
users.
3) System analysts are subsequently assigned to determine user requirements, design the
system and assist in development and implementation activities.
4) Systems designers take a lead role during the design, development and implementation
stages.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.6
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
1.6) Accountants’ Involvement in Development Work
Most accountants are uniquely qualified to participate in systems development because:
They can combine knowledge of Information technology, business, accounting and internal
control, behaviour and communications to ensure that new systems meet the needs of the
user & possess adequate internal controls.
They have specialized skills - such as accounting and auditing - that can be applied to the
development project.
An accountant can help in various aspects during system development like:
1) Return on Investment (ROI):
This defines the return, an entity shall earn on a particular investment i.e. capital expenditure.
This analysis needs to be done before the start of development efforts.
The data required for this analysis is cost of project & expected benefit for a given period.
a) Cost includes:
Nature of Cost Cost
Development Cost System development process cost like salaries of developers
Operating Cost Hardware/software rental or depreciation charges, salaries of
computer operators
Intangible Cost Costs that cannot be easily measured.
Example- the development of a new system may:
Disrupt activities of an organization
Cause loss of employee productivity or morale.
b) Benefits:
The benefits, which result from developing new or improved information systems that can be
subdivided into tangible and intangible benefits.
2) Computing Cost of IT Implementation and Cost Benefit Analysis:
For analysis of ROI, management needs the cost & returns from system.
For correct generation of data, proper accounting needs to be done.
Accountants shall be the person to whom management shall look for the purpose.
3) Skills expected from an Accountant:
Accountant is expected to have various key skills, including the following:
Understanding of the business objectives,
Expert book keeper
Understanding of system development efforts
Thus accountants can contribute significantly in system development.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.7
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Part 2-Systems Development Methodology:
Part 2-System Development Methodology
2.1) -Methodology 2.2) - Approaches
2.1) Systems Development Methodology:
A system development methodology is a formalized, standardized, documented set of
activities used to manage a system development project.
It refers to the framework that is used to structure, plan and control the process of
developing an information system.
The methodology is characterized by the following:
1) Division of project into identifiable processes:
The project is divided into a number of identifiable processes, and each process has a
starting point and an ending point.
Each process comprises of:
Several activities
One or more deliverables
Several management control points
The division of the project facilitates both project planning & controlling.
2) Producing Deliverables:
Specific reports and other documentation, called deliverables must be produced
periodically during system development.
This makes development personnel accountable for faithful execution of system
development tasks.
3) Obtaining Sign offs of concerned persons:
Users, managers, and auditors are required to provides approvals, often called signoffs, at
pre-established management control points.
Signoffs signify approval of the development process and the system being developed.
4) Testing the system:
The system must be tested thoroughly prior to implementation to ensure that it meets
users’ needs.
5) Developing a training plan:
A training plan is developed for those who will operate and use the new system.
6) Establishing Change Controls:
Formal program change controls are established to preclude unauthorized changes to
computer programs.
7) Post Implementation review:
A post-implementation review of all developed systems must be performed to assess the
effectiveness and efficiency of the development process & new system.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.8
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2.2) System Development Approaches:
Approaches established as models include the following:
Sr No. Approaches Framework Type
A) Waterfall Linear
B) Prototyping Iterative
C) Incremental Linear + Iterative
D) Spiral Linear + Iterative
E) Rapid Application Development Iterative
F) Agile Iterative
Note: All these approaches are not mutually exclusive, which means that it is possible to
perform some prototyping while applying the traditional approach.
A.) Traditional / Waterfall Approach / Sequential Approach:
I) Framework type :
Linear
II) Description of waterfall model:
The waterfall approach is a traditional development approach in which each phase is
carried in sequence or linear fashion.
These phases include :
Requirement analysis Coding
Specifications and design Final testing, and release
requirements
In traditional approach of system development, activities are performed in sequence i.e. an
activity is undertaken only when the prior step is fully completed.
III) Some of the key characteristics are as follows:
Project is divided into sequential phases with some acceptable overlap and splash back
between phases.
Emphasis is on planning, time schedules, target dates, budgets and implementation of an
entire system at one time.
Tight control is maintained over the life of the project through
Extensive written documentation
Formal Review & approval/signoff by the user
IV)Strength:
1) Progress of system development is measurable.
2) It enables to conserves resources.
3) Sequential phases of development ensure the quality, reliability, adequacy &
maintainability of the developed software.
4) Ideal for supporting project teams:
Who are less experienced or
Whose composition fluctuates
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.9
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
V) Weakness:
1) Inflexible, slow, costly due to significant structure & tight controls.
2) Project progresses forward, with only slight movement backward.
3) Difficult to respond to changes that occur later in the life cycle.
4) Users may not be able to clearly define what they need early in the project.
5) Problems are often not discovered until system testing.
6) System performance cannot be tested until the system is almost fully coded.
7) Produces excessive documentation & updating them is time consuming.
B.) The Prototyping Model:
I) Framework type:
Iterative
II) Description of Prototype Model:
A prototype is a usable system or system component that is built quickly and at a lesser
cost, and with the intention of being modifying or replacing it by a full-scale and fully
operational system.
As users work with the prototype, they make suggestions about the ways to improve it.
These suggestions are then incorporated into another prototype, which is also used and
evaluated and so on.
Finally, when a prototype is developed that satisfies all user requirements, either it is
Refined & turned into the final system or
It is scrapped
If it is scrapped, the knowledge gained from building the prototype is used to develop the
real system.
III) Reason for using prototype Model:
The traditional approach may take years to analyze, design and implement a system.
Moreover we know little about the system until and unless we go through its working
phases, which are not available.
So, to avoid such issues, organizations are increasingly using prototyping techniques to
develop smaller systems.
IV) Generic phases of Prototyping Model are:
1) Step 1 - Identify Information System Requirements:
Design team needs only fundamental system requirements to build the initial prototype.
The process of determining the requirements can be less formal and time consuming than
traditional model.
2) Step 2 - Develop the Initial Prototype:
Prototype with characteristics such as simplicity, flexibility, and ease of use is developed.
These characteristics enable users to interact with tentative versions of data entry display
screens, menus, input prompts etc.
There is little or no consideration to internal controls.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.10
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Step 3 - Test and Revise:
After finishing the initial prototype designers allow users to interact with the prototype & record
their problems, suggestions & expectations.
Using feedback designers incorporate the desired features & submit revised model to the system
user for re-evaluation.
This iterative process of modification & re evaluation continues till users are satisfied.
4) Step 4 - Obtain User Signoff of the Approved Prototype and implement the system
Users formally approve final version of the prototype, which commits them to the current
design and establishes a contractual agreement about what system will or will not do.
V) Strengths:
1) Provides quick implementation of an incomplete, but functional, application.
2) Encourages innovation and flexible designs.
3) Potential exists for exploiting knowledge gained in an early iteration as later iterations are
developed.
4) This approach provides better definition of users’ needs and requirements than the
traditional systems development approach.
5) This model is suitable when the users are not very clear about their requirements.
6) It improves user participation in System Development
VI) Weaknesses
1) Approval process and control are not strict.
2) Requirements may frequently change significantly.
3) Prototype may not have sufficient checks and balances incorporated.
4) Prototyping may cause behavioral problems with system users.
5) Prototyping fails to meet its objectives when users do not:
Devote significant time in experimenting with the prototype &
Provide system developers with change suggestions.
C.) The Incremental Model:
I) Framework Type:
Combination Linear and Iterative.
II) Basic Working:
This model combines the elements of the waterfall model with the iterative philosophy of
prototyping.
The product is decomposed into a number of components, each of which are designed and
built separately (termed as builds).
Each component is delivered to the client when it is complete.
This allows partial utilization of product and avoids a long development time.
In this method the model is designed, implemented and tested incrementally (a little more
is added each time) until the product is finished.
The product is considered finished when it satisfies its entire requirement.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.11
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
III) Pertinent Features:
A series of mini-waterfalls are performed, where all phases of the waterfall development
model are completed for a small part of the system, before proceeding to the next
increment.
Overall requirements are defined before proceeding to evolutionary, Mini Waterfall
development of individual increments of the system.
IV) Strengths:
1) Potential exists for exploiting knowledge gained in an early increment as later increments
are developed.
2) More flexible – less costly to change scope and requirements.
3) Stakeholders can be given concrete evidence of project status throughout the life cycle.
4) This model eases the traumatic effect of introducing completely new system all at once.
5) It allows the delivery of a series of implementations that are gradually more complete
and can go into production more quickly as increments releases.
6) Moderate control is maintained over the life of the project through the use of:
Written documentation &
Formal review and approval/signoff by the user & IT management.
V) Weaknesses:
1) Each phase of an iteration is rigid and do not overlap each other.
2) Since some modules are completed much earlier than others, well-defined interfaces are
required.
3) There is a lack of overall consideration of the business problem and technical requirements
for overall system as mini waterfalls are performed for individual components.
4) It is difficult to demonstrate early success to management.
D.) Spiral Model:
I) Framework Type:
Combination of Linear and Iterative.
II) List of Pertinent Characterising features:
The new system requirements are defined in as much detail as possible, usually involving
interviewing a number of users.
A preliminary design is created for the new system.
Preliminary design phase:
This phase is the most important part of “Spiral Model”.
In this phase all possible alternatives that can help in developing a cost effective project
are analyzed and strategies are decided to use them.
This phase identifies and resolves all possible risks in the project development.
If risks indicate any kind of uncertainty in requirements, prototyping may be used to
proceed with the available data and find out possible solution in order to deal with the
potential changes in the requirements.
A first prototype of the new system in constructed from the preliminary design which
approximately has characteristics of the final product.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.12
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
A second prototype is evolved by a fourfold procedure :
Evaluating the first prototype in terms of its strengths, weaknesses, and risks
Defining the requirements of the second prototype
Planning and designing the second prototype
Constructing and testing the second prototype
III) Applications:
The spiral model is intended for large, expensive and complicated projects.
Game development is a main area where the spiral model is used because of the size & the
constantly shifting goals of those large projects.
IV) Strengths
1) Enhance risk avoidance.
2) It can incorporate Waterfall, Prototyping, and Incremental methodologies as special cases
in the framework.
3) It is useful in helping for optimal deployment of a given software iteration based on project
risk.
4) Potential exists for using earlier iterations for risk reduction in next iteration.
5) Useful for large, expensive and complicated project.
V) Weaknesses
1) Challenges to determine the exact composition of development methodologies.
2) Highly customized to each project, and thus is quite complex, limiting reusability.
3) A skilled and experienced project manager required for applying it to any given project.
4) No established controls for moving from one cycle to another cycle.
5) No firm deadlines - cycles continue with no clear termination condition so there is an
inherent risk of not meeting budget or schedule.
E.) Rapid Application Development (RAD) Model
I) Framework Type:
Iterative
II) Aims of RAD:
To produce high quality systems quickly, primarily through the use of iterative Prototyping.
Active user involvement, and
Use computerized development tools (GUI builders, CASE tools, Fourth generation
programming languages, Code generators etc.)
III) Pertinent Features:
RAD uses minimal planning in favour of rapid prototyping.
The lack of extensive pre-planning generally allows :
Software to be written much faster, &
Makes it easier to change requirements.
Iteratively produces production software, as opposed to a throwaway prototype.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.13
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Project is divided into smaller segments to:
Reduce inherent project risk &
Provide more ease-of-change during the development process.
Project control is ensured through:
Prioritizing development and
Defining delivery deadlines or “time boxes”
If the project starts to slip, emphasis is on reducing requirements to fit the timebox, not in
increasing the deadline.
RAD involves Joint Application Development (JAD), where users are intensely involved in
system design either through consensus building in structured workshops, or through
electronically facilitated interaction.
RAD produces documentation necessary to facilitate future development & maintenance.
IV) Strengths
1) The operational version of an application is available much earlier than other models.
2) RAD produces quality systems more quickly at lower cost.
3) Quick initial reviews are possible.
4) It concentrates on essential system elements from user viewpoint.
5) Provides the ability to rapidly change system design as demanded by users.
6) Ensures active user involvement.
7) Produces documentation necessary to facilitate future development and maintenance.
V) Weaknesses:
1) Fast speed and lower cost may affect adversely the overall system quality.
2) Project may end up with more requirements than needed.
3) Formal reviews and audits are more difficult to implement than for a complete system.
4) Since some modules are completed much earlier than others, well-defined interfaces are
required.
5) Tendency for difficult problems to be pushed to future to demonstrate early success.
F.) Agile Model
I) Framework Type:
Iterative + incremental development
II) Introduction:
In agile methodologies requirements and solutions evolve through collaboration between
self- organizing, cross-functional teams.
Agile model promotes:
Adaptive planning
Evolutionary development & delivery
Time boxed iterative approach
Encourages rapid and flexible response to change
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.14
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
III) Key features of Agile approach:
Customer satisfaction by rapid delivery of useful software.
Working software is delivered frequently (weeks rather than months).
Working software is the principal measure of progress.
Welcome changing requirements, even late in development.
Regular adaptation to changing circumstances.
Close, daily co-operation between business people and developers.
Face-to-face conversation is the best form of communication.
Continuous attention to technical excellence and good design.
Self-organizing teams.
Projects are built around motivated individuals, who should be trusted.
IV) Strengths:
1) Concept of an adaptive team helps to respond to the changing requirements.
2) The documentation is crisp and to the point to save time.
3) Face to face communication with customer leaves no space for guesswork.
4) The end result is the high quality software in least possible time duration.
5) The team does not find that by the time they delivered the product, the requirement of the
customer has changed.
V) Weaknesses:
1) In some cases it is difficult to assess the efforts required at the beginning of the SDLC.
2) There is lack of emphasis on documentation.
3) Agile requires more re-work due to lack of long term planning.
4) The project can easily get off track if customer is not clear about final outcome they want.
5) Agile increases potential threats to business continuity and knowledge transfer.
Part 3- Phases of System Development:
Part 3 - Phases of System Development
3.1) - Preliminary 3.2) - System Requirement 3.3) - System Design 3.4) - System
Investigation Analysis Acquisition
3.5) - Developing 3.6) - Testing 3.7) - System 3.8) - Post Implementation
Program Implementation Review
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.15
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3.1) Preliminary Investigation:
A) Objectives of Preliminary Investigation :
To evaluate the project request feasibility & determine the benefits of implementing the
system in terms of:
Productivity gains
Future cost avoidance/ Cost saving
Intangible benefits like improvement in morale of employees.
B) Document / Deliverable:
A preliminary investigation report including feasibility study observations.
C) Objectives of Analyst working on Preliminary investigation are as follows:
Clarify and understand the project request.
Determine the size of the project.
Determine the technical and operational feasibility.
Assess costs and benefits of alternative approaches.
Report findings to the management with recommendation outlining the acceptance or
rejection of the proposal.
D) The steps involved in the preliminary investigation phase are as follows :
I) Identification of Problem:
The first step in an application development is to:
Define the problem clearly and precisely &
Assess its prevalence within the organization
A problem that has a considerable impact on the organization is likely to receive immediate
management attention.
II) Identification of Objectives:
After the identification of the problem, it is easy to work out the objectives of the proposed
solution.
III) Delineation of Scope:
The scope of a solution defines its boundaries.
It should be clear and comprehensible to the user management stating the extent and
'what will be addressed by the solution and what will not.'
The scope determination may be performed on the following dimensions:
1) Functionality requirements: What functionalities will be delivered through the solution?
2) Data to be processed: What data is required to achieve these functionalities?
3) Control requirements: What are the control requirements for this application?
4) Interfaces: Is there any special hardware/software that application has to interface with?
5) Performance requirements: What level of response time, execution time is required?
6) Constraints: What are the conditions the input data has to conform to?
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.16
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Few aspects should be kept in mind, while eliciting information to delineate the scope:
1) Addressing the concerns of the initiator of the project should be the basis of the scope.
2) Understanding profile of users who may be from operating levels or senior level of
organisation for appropriate designing of user interface features.
3) Quantifying the economic benefits of the proposed solution for a problem to the user
organisation.
4) Understanding the impact of the solution on the organisation with respect to its structures,
roles and responsibilities.
5) Considering various other factors from the perspective of the user management. (for
e.g. Security)
The two primary methods used to analyse the scope of the project are:
1) Reviewing internal documents:
The analysts conducting the investigation first try to learn about the organization involved
in the project by examining organization charts and studying written operating procedures.
For example: To review an inventory system proposal, an analyst may try to know how does
the inventory department operates and who are the managers and supervisors.
2) Conducting Interviews :
Interviewing management and supervisory personnel helps analyst to understand :
Users' views about current operations
Nature of project request and reasons for submitting it.
Merits of proposed system
IV) Feasibility Study:
A feasibility study is carried out by the system analysts which refers to a process of
evaluating alternative systems through cost/benefit analysis so that the most feasible
and desirable system can be selected for development.
The following issues are typically addressed in the Feasibility Study:
Determine whether the solution is as per the business strategy.
Determine the approximate cost to develop the system.
Define the time frame for which the solution is required.
Determine whether the vendor product offers a solution to the problem.
Determine whether the existing system can be used without a major modification.
The Feasibility Study of a system is evaluated under following dimensions:
1) Financial Feasibility:
It checks whether the solution proposed is prohibitively costly for the user organization.
For example:
Monitoring the stock through VSAT network connecting multiple locations may be
acceptable for an organization with high turnover.
But this may not be a viable solution for smaller ones.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.17
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2) Technical Feasibility:
It is concerned with issues pertaining to hardware and software.
Analyst ascertains whether the proposed system is feasible with existing or expected
computer hardware and software technology.
The technical issues usually raised during the feasibility stage of investigation are:
Can the proposed application be implemented with existing technology?
Does the necessary technology exist to do what is suggested & can it be acquired?
Does the proposed equipment have the technical capacity to hold the data required to
use the new system?
Are there technical guarantees of accuracy, reliability, ease of access, and data
security?
Can the system be expanded if developed?
Will the proposed system provide adequate responses to inquires, regardless of the
number or location of users?
Some of the technical issues to be considered are given as follows:
Design Consideration Design Alternatives
Input medium Keying, OCR, MICR, Voice recognition
Output medium Hard Copy, Voice etc
Output frequency Instantaneous, Hourly, Daily
Communications Channel Telephone lines, coaxial cable, satellite
Communications network Centralized, decentralized
3) Economic Feasibility:
It includes an evaluation of all the incremental costs and benefits expected if the proposed
system is implemented.
The financial and economic questions raised by analysts during the preliminary
investigation are for the purpose of estimating the following:
The cost of conducting a full systems investigation.
The cost of hardware and software for the class of applications being considered.
The benefits in the form of reduced costs or fewer costly errors.
The cost if nothing changes (i.e., the proposed system is not developed)
After identifying possible solutions analyst should make estimate of costs and benefits for
each solution.
4) Schedule or Time Feasibility:
It involves design team, estimating how long it will take for a new or revised system to
become operational and communicating this information to the steering committee.
5) Resources Feasibility:
This focuses on acceptance of proposed software by human resources.
Implementing sophisticated software solutions becomes difficult at specific locations
because of the reluctance of skilled personnel to move to such locations.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.18
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
6) Operational Feasibility :
It is concerned with ascertaining the views of workers, employees, customers and suppliers
about the use of computer facility.
Some of the questions which help in testing the operational feasibility of a project are stated
below:
Have the users been involved in planning and development of the project?
Is there sufficient support for the system from management and from users?
Will individual performance be poorer after implementation than before?
Are current business methods acceptable to users?
Will proposed system result in loss of control result in any areas?
7) Behavioral Feasibility:
Systems are designed to process data and produce the desired outputs.
However, if the data input for the system is not readily available or collectable, then the
system may not be successful.
8) Legal Feasibility:
Legal feasibility is concerned with whether there will be any conflict between a newly
proposed system and the organization’s legal obligations.
Any system, which is liable to violate the local legal requirements, should be rejected.
For example: A system should comply with all applicable statutes about financial and
statuary reporting requirements, as well as the company’s contractual obligations.
V) Reporting Results to Management:
After the analyst articulates the problem and its scope, s/he:
Provides one or more solution alternatives,
Estimates the cost and benefits of each alternative, &
Reports these results to the management
The report should be accompanied by a short cover letter that summarizes the results and
makes the recommendation regarding further procedures.
From the analyst's report, management should determine further course of action.
VI) Internal Control Aspects:
Management implements proper internal control to ensure business objectives.
Business objectives will be achieved when there is:
Proper understanding of controls during planning &
Effective implementation of those controls during the development of system.
For validating control aspects in system entity may have internal audit team or outside experts.
Review by external consultant:
Is more independent &
Brings his expertise to entity
Key control queries regarding various aspects at this stage may include the following:
Whether problem definition is proper?
Whether all feasibility studies have been properly done?
Whether results of feasibility studies have been documented?
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.19
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3.2) System Requirements Analysis:
A) Objectives / Activities of System Requirement Analysis:
To identify & consult the stake owners to determine their expectations.
To analyze requirements and determine priorities.
To gather data using tools like – documents, questionnaires, interviews, observations.
To verify that requirements are complete, testable, unambiguous, modifiable & traceable.
To model activities using Data Flow Diagrams, E-R Diagrams etc.
To document activities such as interview, questionnaires, reports etc.
B) Document/Deliverable:
A Systems Requirements Specification Report.
C) The steps involved in the System Requirement Analysis phase are as follows:
I) Fact Finding:
To assess needs / requirements of user, various fact-finding techniques are used by system
analyst such as:
1) Documents:
Document includes-
Manuals, forms, diagrams of how the current system works,
Organization charts showing hierarchy of users and manager responsibilities,
Job descriptions for the people who work with the current system,
Procedure manuals, program codes for the applications associated with current
system,
Documents are a good source of information about user needs and the current system.
2) Questionnaires:
Questionnaires can be used to collect large amount of data through variety of users quickly.
Questionnaires are generally chosen when traditional model of system development
approach is selected.
3) Interviews:
Users and managers are interviewed to extract information in depth.
Information through interviews often provides system developer with a complete picture of
the problems and opportunities.
Interviews give analyst the opportunity to observe and record the first hand user reaction.
4) Observation:
In prototyping approaches, observation plays a central role in requirement analysis.
Only by observing how users react to prototypes of a new system, the system can be
successfully developed.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.20
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
II) Analysis of the Present System:
Detailed investigation of the present system involves collecting, organizing and evaluating
facts about the system and the environment in which it operates.
The following areas should be studied in depth:
1) Review historical aspects :
History of the organization is a starting point for an analysis of the present system.
The historical facts enable to identify the major turning points and milestones that have
influenced its growth.
System analyst should investigate system changes that have occurred in the past including
operations that have been successful or unsuccessful with computer equipments.
A review of annual reports and organization chart can identify:
Growth of management levels &
Development of various functional areas and departments
2) Analyze inputs:
Analysis of present inputs is important since they are basic to the manipulation of data.
Source documents are used to capture the originating data for any type of system.
System analyst should be aware of the various sources from where the data are initially
captured, keeping in view the fact that outputs for one area may serve as an input for
another area.
3) Review data files maintained:
Analyst should investigate the data files maintained by each department considering:
Their number and size
Where they are located
Who uses them
This information may be contained in the systems and procedures manuals.
System analyst should also review all on-line and off-line files maintained in organisation.
4)Review methods, procedures and data communications:
Methods and procedures transform input data into useful output.
A method is defined as a way of doing something;
A procedure is a series of logical steps by which a job is accomplished.
Objective of review is to eliminate unnecessary tasks or to improve opportunities in the
present information system.
The system analyst must understand how the data communications network is used in the
present system so as to identify the need to revamp the network when the new system is
installed.
5) Analyze outputs:
Scrutinize outputs to determine how well they will meet the organization’s needs.
The analysts must understand: Who needs it
What information is needed When it is needed
Why it is needed
Analyst should also understand how often the reporting is to be done.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.21
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
6) Review internal controls:
An examination of the present system of internal controls may indicate weaknesses that
should be removed in the new system.
The adoption of advanced methods, procedures and equipments might allow much greater
control over data.
7) Model the existing physical system and logical system:
Document the logic of inputs, methods, procedures, data files, data communications,
reports, internal controls etc of present system in the form of flow charts and DFD.
8) Undertake overall analysis of excising system:
The final phase of the detailed investigation includes the analysis of the present work
volume & current personnel requirements.
III) System Analysis of Proposed Systems:
After the present information system has been carefully analyzed, the proposed system
specifications must be clearly defined as per desired objectives of proposed system and in
accordance with the following:
1) Outputs should be produced with great emphasis on timely managerial reports.
2) Input data can be prepared directly from original source documents for processing by the
computer system.
3) Methods and procedures should show the relationship of inputs and outputs to the
database, utilizing data communications etc.
4) Work volumes should be carefully considered for present and future periods.
IV) System Development Tools:
Many tools and techniques have been developed to improve current information systems
& develop new ones.
Such tools help end users and systems analysts to:
Analyze present business operations, management decision making & information
processing activities of the organization.
Propose and design new or improved information systems to solve business problems
or pursue business opportunities that have been identified.
The major tools used for system development are grouped into four categories based on
the systems features are as follows:
1) System components and flows :
These tools help the system analysts to document the data flow among the major resources
and activities of an information system.
System components and flows consists of the following:
a) Data flow diagram: It uses few simple symbols to illustrate the flow of data among
external entities, processing activities & data storage elements.
b) System flow charts: They show the flow of data media as they are processed by the
hardware devices and manual activities.
c) System Component Matrix: It provides a matrix framework to document the resources
used, activities performed and the information produced by an information system.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.22
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2) User interface:
These tools help to design the interface between end users and the computer system
User interface tools consists of following:
a) Layout forms and screens: These are used to construct the formats & contents of
input/output media.
b) Dialogue flow diagrams: Dialogue flow diagrams analyze the flow of dialogue between
computers and people.
3) Data attributes and relationships:
These tools are used to define, catalogue and design the data resources in information
system.
Data attributes and relationship tools consists of:
a) Data Dictionary: It catalogs the description of the attributes of data elements & their
relationships to each other.
b) Entity-relationship diagrams: These are used to document the number and type of
relationship among entities in a system.
c) File layout forms: They document the type, size, and names of the data elements in a
system.
4) Detailed system process :
These tools are used to help the programmer develop detailed procedures and processes
required in the design of a computer program
Detailed system process tools consists of:
a) Decision trees: Decision Tree is a support tool that uses a tree-like model of decisions &
their possible consequences.
b) Decision table: It defines the possible contingencies/conditions that may be considered
within the program and the appropriate course of action for each contingency.
c) Structure charts: It documents the purpose, structure and hierarchical relationships of
the modules in a program
Some of these tools are discussed in detail as follows:
1) Flowcharts:
Flowcharting is a pictorial technique that can be used by analysts to represent the inputs,
outputs and processes of a business process.
It is a type of chart that represents a process showing the steps as boxes of various kinds,
and their order by connecting these with arrows.
Flowcharts are used in analyzing, designing, documenting or managing a process in various
fields.
2) Structured English:
Structured English is also known as Program Design Language (PDL) or Pseudo Code.
S.E. is the use of the English language with the syntax of structured programming.
S.E. aims at getting the benefits of both the programming logic and natural language.
Program logic that helps to attain precision.
Natural language that helps in getting the convenience of spoken languages.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.23
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Data Flow Diagrams:
A DFD uses few simple symbols to illustrate the flow of data among:
External entities (such as people or organizations etc.),
Processing activities &
Data storage elements
A DFD is composed of four basic elements:
Sr No. Symbol Name
1 Data Sources and
destination
2 Data flows
3 Transformation Process
4 Data Storage
These four symbols are combined to show how data are processed.
4) Decision Tree:
Decision Tree is a support tool that uses a tree-like model of decisions & their possible
consequences.
Decision tree is commonly used in operations research, specifically in decision analysis to
identify a strategy most likely to reach the goal.
5) Decision Table:
A Decision Table defines the possible contingencies/conditions that may be considered
within the program and the appropriate course of action for each contingency.
The four parts of the decision table are as follows :
a) Condition Stub- This comprehensively lists the conditions.
b) Action Stub- This comprehensively lists the actions to be taken.
c) Condition entries- This lists in its various columns the possible permutations of answer
to the questions in the conditions stub.
d) Action entries-This lists in its columns corresponding to the condition entries the
actions contingent upon the set of answers to questions of that column.
6) System Components matrix:
A System Component Matrix provides a matrix framework to document the:
a) Activities i.e. input, processing, output, storage and controls performed.
b) Resources i.e. hardware, software and people used to convert data resources into
information products.
c) Information produced by an information system.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.24
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
7) CASE Tools (Computer-Aided-Software Engineering):
CASE refers to automation of anything that humans do to develop systems and supports all
phases of traditional system development process.
DFD & System flow charts that users review are commonly generated by system
developers using drawing modules found in CASE software packages.
The primary objectives of using CASE tools are to-
Increase productivity for software development
Help produce better quality software at lower cost
An ideal CASE system would have an integrated set of tools and features to perform all
aspects in the life cycle.
Some of the features that various CASE products possess are:
Computer aided diagramming tool
Screen and report Generator
Code Generation
Project Management
8) Data Dictionary :
Data Dictionary is also known as metadata.
A data dictionary contains descriptive information about the data items in the files of a
business information system.
Thus a data dictionary is a computer file about data.
The information includes the:
Identity of the source documents used to create the data item,
Names of the computer files that store the data item,
Name of the computer program that modify the data items,
Identity of the individuals permitted to access the data item for the purpose of file
maintenance.
Users of Data Dictionary:
Useful for auditors as it helps to establish an audit trail as it can identify the input
sources of data items, computer programs that modify particular data items, and the
managerial reports on which the data items are output.
Useful for accountants participating in the design of a new system to plan the flow of
transaction data through the system.
9) User Interface Layout and Forms:
a) Layout form and Screen Generator:
These are for printed report used to format or “paint” the desired layouts without having
to enter complex formatting information.
b) Menu Generator:
Menu generator outlines the functions, which the system is aimed to accomplish.
c) Report Generator:
Report generator performs functions similar to screen generators.
In addition, it can also indicate totals, paging, sequencing in creating the desired report.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.25
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
V) Systems Specification:
At the end of the analysis phase, the systems analyst prepares a document called Systems
Requirement Specifications (SRS).
A SRS contains the following:
1) Introduction:
Goals, Objectives and Scope of computer based system.
2) Information Description:
Problem description;
Information content, flow & structure;
Hardware, Software, Human interfaces for external system elements.
3) Functional Description:
Diagrammatic representation of functions,
Interplay among functions,
Design Constraints
4) Behavioural Description:
Response to internal controls.
5) Validation Criteria:
Classes of tests to be performed to validate functions, performance and constraints.
6) Appendix:
Tabular Data,
Detailed description of algorithms charts.
Graphs and other such material.
7) SRS Review:
The development team hands over the SRS document to the user for review.
The review reflects the development teams understanding of the existing processes.
Only after ensuring that the document represents existing processes accurately, should the
user sign the document.
VI) Roles Involved in SDLC:
1) Steering Committee:
It is a special high power committee of experts to accord approvals for go-ahead &
implementation.
Some functions of steering committee are given as follows:
To provide overall direction.
To be responsible for all cost and timetables.
To conduct regular review of progress of the project.
To undertake corrective actions like rescheduling, re-staffing etc.
2) Project Manager:
Project Manager is Responsible for:
More than one project and liaisons with the client,
Delivery of the project deliverable within the time and budget,
Periodically reviewing the progress of project with the project leader & his team.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.26
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Project Leader:
Project leader is dedicated to a project ensuring its completion & fulfilment of objectives.
4) Systems Analyst / Business Analyst:
The systems analysts main responsibility is to conduct interviews with users and
understand their requirements.
He is a link between the users and the designers/programmers, who converts the users’
requirements in the system requirements.
5) Module Leader / Team Leader:
A project is divided into several manageable modules, & the development responsibility
for each module is assigned to Module Leaders.
Module leaders are responsible for the delivery of tested modules within the stipulated
time and cost.
6) Programmer / Coder / Developer:
Programmer is a mason of the software industry who converts design into programs by
coding using programming language.
Programmer also tests the program for debugging activity to assure correctness and
reliability.
7) Database Administrator (DBA):
Database Administrator:
Handles multiple projects &
Ensures the integrity and security of information stored in the database.
Inclusion of new data elements has to be done only with the approval of the DBA.
8) Quality Assurance :
This team sets the standards for development, and checks compliance with these
standards by project teams on a periodic basis.
9) Tester:
Tester is junior level quality assurance personnel who tests programs & subprograms as
per the plan given by the module / project leaders and prepare test reports.
10) Domain Specialist:
Whenever a project team has to develop an application in a field that’s new to them, they
take the help of a domain specialist.
11) IS Auditor :
IS Auditor ensures that the application development focuses on the control perspective.
He should be involved at the Design Phase & the Final Testing Phase to ensure the
existence and the operations of the Controls in the new software.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.27
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3.3) System Designing
A) Basics:
System design involves first logical design and then physical construction of a system.
The logical design of an information system is like an engineering blueprint, it shows major
features of the system & how they are related to one another.
Physical construction is the activity following logical design, produces program software,
files and a working system.
.
Once the detailed design is completed, the design is then distributed to the system
developers for coding.
B) Objective:
Designing an Information System that best satisfies the user/ managerial requirements.
System Design describes:
Parts of the system & their interaction,
Implementation of system using the chosen hardware, software & network,
Programs and database specifications
Security plan
Change control mechanism to prevent uncontrolled entry of new requirements.
C) Document / Deliverable:
Blueprint for the design with the necessary specifications for the hardware, software,
people and data resources.
D) Activities:
The key and generic design phase activities include:
Describing inputs and outputs such as screen design and reports
Determining the processing steps and computation rules for the new solution
Determining data file or database system file design
Information criteria defined
Key design phase activities include –
1) Architectural Design:
Architectural design deals with the organisation of application in terms of hierarchy of
modules and sub modules.
>
At this stage, we identify:
Major modules
Function and scope of each module
Interface features of each module
Data received from / sent to / modified in other modules
The architectural design is made with the help of a tool called Functional Decomposition
which can be used to represent hierarchies.
It has three elements – Module, Connection, and Couple.
The module is represented by a box and connection between them by arrows.
Couple is data element that moves from one module to another.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.28
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2) Design of Data/Information flow:
In designing the data / information flow for proposed system, the inputs required are:
Existing data / information flows
Problems with the present system
Objective of the new system
All these have been identified in the analysis phase and documented in SRS.
3) Design of Database:
Design of the database involves determining its scope ranging from local to global structure.
The scope is decided on the basis of interdependence among organizational units.
The design of the database involves four major activities:
Design Activity: Explanation:
a) Conceptual Model These describe the application domain via entities, attributes of these
entities & their relationships. This is done with the help of ER Diagram.
b) Data Modelling Conceptual Models is translated into data models so that it can be
accessed & manipulated by high-level and low- level programming
languages.
c) Storage Structure Decisions must be made on how to linearize (logically arrange) and
Design partition the data structure so that it can be stored on some device.
d) Physical Layout Decisions are made on how to distribute the storage structure across
design specific storage media and locations. For example, the cylinders, tracks,
and sectors on a disk and the computers in a LAN or WAN.
4) Physical Design:
For the physical design, the logical design is transformed into units, which in turn can be
decomposed further into implementation units such as programs and modules.
Some of the issues addressed here are:
Type of hardware for client & server application.
Operating systems to be used.
Type of networking.
Type of processing (batch, real time).
Frequency of input, output.
Design Principles applied to develop the design of typical Information System:
One should design two or three alternatives & choose the best one.
The design should be based on the analysis.
The design should be modular.
The software functions designed should be directly relevant to business activities.
The design should follow standards laid down. (E.g. User interface should have consistent
colour scheme, menu structure)
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.29
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Modularity:
A module is a manageable unit containing data & instructions to perform a defined task.
Interaction among modules is based on well-defined interfaces.
Modularity is measured by two parameters:
Cohesion- refers to the manner in which elements within a module are linked
Coupling- is a measure of the interconnection between modules. It refers to the
number and complexity of connections between ‘calling’ and ‘called’ modules.
5) System's Operating Platform:
In some cases, the new system requires an operating platform including hardware,
network and system software not currently available in an organization.
For example -a DSS might require high-quality graphics output not supported by the existing
hardware and software.
The new hardware/system software platform required to support the application system
will then have to be designed for requisite provisions.
6) Internal Design Controls:
This phase is important from internal control point of view as all internal controls are placed
in system during this phase.
The key control aspects at this stage include the following:
Whether management reports of Phase I & phase II, were referred by System Designer?
Whether all control aspects have been properly covered?
Whether controls put in place in system, appear in the documentation done at this stage?
Whether a separate review of design document has been done by internal auditor?
7) User Interface Design:
Basics:
It involves determining the ways in which users will interact with a system.
The points that need to be considered while designing the user interface are:
Source documents to capture raw data
Hard-copy output reports
Screen layouts for dedicated source-document input
Inquiry screens for database interrogation
Graphic and Colour displays
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.30
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Important factors in Input / Output design which should be considered by the system
analyst while designing user input/ output forms are as follows:
Characteristic Definition Input Design Output Design
Content It refers to the actual The analyst should consider Example: Weekly
pieces of data to be the types of data that are output report to a Sales
gathered to produce the needed to be gathered to manager might consist
required user output. generate desired user of sales person's name,
outputs. sales calls made by
each sales person
during the week,
amount of each
product sold by each
salesperson.
Timeliness It refers to when users Data should be inputted to Example:
need outputs, which may computer in time because A sales manager may
be required on a regular outputs cannot be require a weekly sales
periodic basis. produced until certain report.
inputs are available. Hence, Airline agents, require
a plan must be established real- time information.
accordingly.
Media It refers to the physical It involves the choice of Variety of output
device used for input, input media and media available in the
output & storage. subsequently the devices to market include paper,
enter the data. User input video display, and
alternatives include key- voice output
boards, optical character
recognition, pen-based
computers and voice input
etc.
Form Input Form refers to the Forms are pre-printed papers Output form should be
way the information is that require people to fill in decided keeping in
inputted. responses in standardized view the requirements
Output Form is the way way. of the concerned user.
information is presented Forms serve as source For example –
to users.(e.g. text, documents for the data Managers can use
graphics, video, audio) entry personnel. graph to analyse the
trend.
Input Volume / Input -Amount of data that In some DSS and many real- If the output volume is
Output Volume has to be entered in the time processing systems, heavy, it is better to
computer at any one time. input volume is light. use high speed printer.
Output-Amount of data In batch-oriented
output required at any one transaction processing
time. systems input volume could
be heavy.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.31
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3.4) System Acquisition:
After a system is designed either partially or fully, the next phase of the systems development
starts, which relates to the acquisition of operating infrastructure including hardware & software.
A) Acquisition Standards:
Management should establish acquisition standards which should focus on:
Ensuring security, reliability, and functionality built into a product.
Ensuring managers do complete review of vendors & contract.
Ensuring that acquiring products are compatible with existing systems.
Invitations-to-tender soliciting bids from vendors when acquiring hardware or
integrated systems of hardware and software.(Aim of ITT is to get the lowest bid)
Request-for-proposals soliciting bids when acquiring third-party developed software.
(RFP means asking vendors to submit proposals for the requirements mentioned)
B) Acquiring Systems Components from Vendors:
Acquiring appropriate hardware & software is critical for the success of the whole project.
Management decides whether hardware is to be purchased, leased from a third party or to
be rented.
A sub-committee of experts under the steering committee, referred to as ‘System
Acquisition Committee’ is constituted to ensure timely and effective completion of this
stage.
The next aspect is a call for request for proposal from vendors asking them to submit
proposals for the requirements mentioned.
This stage is one of the most critical phases for system acquisition; as well defined RFP
leads to better acquisition.
RFP, means asking vendors to submit proposals for the requirements mentioned.
The following considerations are valid for both acquisition of hardware and software:
1) Vendor Selection:
Vendor selection is to be done prior to sending RFP.
The result of this process is that RFP are sent only to selected vendors.
Following things are kept in mind while doing vendor selection:
Location advantage of the vendor
Financial stability of vendor
Market feedback of vendor performance, in terms of price, services etc.
2) Geographical Location of Vendor:
The issue is to look for whether the vendor has local support persons.
Otherwise, the proposals submitted by vendor not as per RFP requirements need to rejected,
with no further discussions on such rejected proposals.
This stage may be referred to as technical validation, i.e. to check whether proposals
submitted by vendors comply with RFP requirements.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.32
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Presentation by Selected Vendors:
All vendors, whose proposals are accepted after “technical validation”, are allowed to
make presentation to the System Acquisition Team.
The team evaluates the vendor’s proposals.
4) Evaluation of Users Feedback:
The best way to understand the vendor systems is to analyze the feedback from present users.
Present users can provide valuable feedback on system, operations, problems, vendor
response to support calls.
Besides these, some specific considerations for hardware and software acquisition
are described as follows:
1) The benchmark tests to be done for proposed machine. For hardware there are specified
standard benchmark tests defined based on the nature of hardware.
2) The benchmarking problems are oriented towards testing whether a computer offered by
the vendor meets the requirements of the job on hand of the buyer.
3) The benchmarking problems would then comprise long jobs, short jobs, printing jobs,
mathematical problems, input and output loads etc., in proportion typical of the job mix.
4) If the job is truly represented by the selected benchmarking problems, then this approach
can provide a realistic and tangible basis for comparing all vendors’ proposals.
5) Tests should enable buyer to evaluate cross performance of various systems in terms of:
Hardware performance (CPU and input/output units)
Compiler language and operating system capabilities
Diagnostic messages
Effectiveness of software utilities
6) Benchmarking problems, however, suffer from a couple of disadvantages as follows:
It takes considerable time and efforts to select problems representative of the job mix
which itself must be precisely defined.
It also requires the existence of operational hardware, software and services of
systems.
C) Other Acquisition Aspects and Practices:
On addition to the above, there are several other acquisition aspects and practices
also, which are given as follows:
1) Hardware Acquisition:
For procuring hardware the management can normally rely on the time tested selection
techniques and the objective selection criteria can be delegated to the technical specialist.
2) Software Acquisition:
Systems development team decides:
Type of application software product needed for generating the desired output.
Functions and capabilities that the application software must possess.
Whether application software should be created in-house or acquired from vendor.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.33
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Contracts, Software Licenses and Copyright Violations:
Contracts between an organization and a software vendor should clearly describe the rights
and responsibilities of the parties to the contract.
The contracts should be in writing with sufficient detail providing assurances for-
Performance
Source code accessibility
Software and data security
Other important issues
Software license is a license that grants permission to do things with computer software.
Use of unlicensed software or violations of a licensing agreement exposes organization to
possible litigation.
4) Validation of Vendors’ proposals :
The following factors should be considered while evaluating and ranking the proposals
submitted by vendors:
The Performance capability of each proposed System in Relation to its Costs.
The Costs and Benefits of each proposed.
The Maintainability of each proposed.
The Compatibility of each proposed system with existing Systems.
Vendor Support.
5) Methods of Validating the proposal:
Some of the validation methods are as follows:
a) Checklists:
It is the simplest method for validation and evaluation.
The various criteria are put in check list in the form of suitable questions against which the
responses of the various vendors are validated.
For example: Checklist may have parameters like :
Performance Backup
Maintenance Conversion
Training
b) Point-Scoring Analysis:
Point scoring analysis provides an objective means of selecting a final system.
There are no absolute rules in the selection process, only guidelines for matching user need
with software capabilities.
For various software evaluation criteria out of maximum possible points, points are
allotted to different vendors.
The vendor with highest points obtained by summation of various software evaluation
criteria is selected.
c) Public Evaluation Reports:
Several consultancy agencies compare and contrast the hardware and software
performance for various manufacturers and publish their reports in this regard.
This method has been frequently employed by several buyers in the past.
This method is particularly useful where the buying staff has inadequate knowledge of facts.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.34
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
d) Bench marking problem for vendor’s proposals:
Benchmarking problems are oriented towards testing whether a computer offered by the
vendor meets the requirements of the job on hand of the buyer.
e) Test problems:
Test problems disregard actual job mix & are devised to test the true capabilities of the
hardware, software or system.
The results achieved by the machine can be compared & price-performance judgement can
be made.
3.5) System Development: Programming Techniques and Languages
A) Objective: To convert the design specification into a functioning system.
B) Activities: Application programs are written, tested and documented.
C) Document / Deliverable: A fully functional and documented system.
D) Characteristics of a good coded program:
1) Reliability: It refers to the consistence with which a program operates over a period of
time.
2) Robustness: It refers to the applications’ strength to uphold its operations by taking into
account all possible inputs and outputs of a program in case of least likely situations.
3) Accuracy: It refers to what program is supposed to do but should also take care of what it
should not do.
4) Efficiency: It refers to the performance which should not be unduly affected with the
increase in input values.
5) Usability: It refers to a user-friendly interface and easy-to-understand document required
for any program.
6) Readability: It refers to the ease of maintenance of program even in the absence of the
program developer.
E) Program Coding Standards:
The logic of the program outlined in the flowcharts is converted into program statements
or instructions at this stage.
For each language, there are specific rules concerning format and syntax.
Different programmers may write a program using different sets of instructions but each
giving the same results.
Therefore, the coding standards are defined which serves as a method of communication
between teams, amongst the team members and users, thus working as a good control.
Coding standards minimize the system development setbacks due to programmer
turnover.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.35
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
F) Programming Language:
Application programs are coded on the form of statements or instructions and the same is
converted by the compiler to object code for the computer to understand and execute.
The programming languages commonly used are as follows:
High – level general purpose programming language such as COBOL and C language
Object oriented languages such as C++, JAVA etc
Scripting language like JAVA Script, VB Script
Decision Support or Expert System languages like PROLOG
Choice of Programming Language is made n the basis of following criteria :
Basis of application area
Algorithmic complexity
knowledge of software development staff
Capability of in-house staff for maintenance
G) Program Debugging:
Debugging refers to correcting programming language syntax and diagnostic errors so that
the program compiles cleanly.
A clean compile means that the program can be successfully converted from the source
code written by the programmer into machine language instructions.
Debugging can be a tedious task consisting of following four steps:
Inputting the source program to the compiler
Letting the compiler find errors in the program
Correcting lines of code that are erroneous
Resubmitting the corrected source program as input to the compiler
H) Test the program:
A careful & thorough testing of each program is imperative to the successful installation of
any system.
The programmer should plan the testing to be performed, including testing of all possible
exceptions.
The program test plan should be discussed with the project manager and/or system users.
A log of test results & all conditions successfully tested should be kept.
I) Program Documentation:
Program documentation involves writing of narrative procedures and instructions for
people who will use software. This is done throughout the program life cycle.
Managers and users should carefully review documentation in order to ensure that the
software and system behave as the documentation indicates.
J) Program Maintenance:
The requirements of business data processing applications are subject to continual change.
This calls for modification of the various programs which is done by maintenance
programmers.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.36
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3.6) Testing
Testing is a process used to identify the correctness, completeness and quality of
developed computer software
Testing should systematically uncover different classes of errors in a minimum amount of
time and with a minimum amount of effort.
Different levels of Testing are as follows:
3.6) - Different Levels of
Testing
A)- Unit Testing B)– Integration Testing C) –System Testing D) –Final Acceptance E) –Internal Testing
Testing Control
A) Unit Testing:
A unit is the smallest testable part of an application which may be an individual program,
function, procedure, etc.
Unit tests are typically written and run by software developers to ensure that code meets
its design and behaves as intended.
The goal of unit testing is to isolate each part of the program and show that the individual
units of source code are correct.
There are five categories of tests that programmer typically performs on a program unit:
1) Functional Tests:
Functional Tests check whether programs do what they are supposed to do or not.
The test plan specifies input values, operating conditions & expected results, and
accordingly programmer checks by inputting the values to check whether the actual result
match with expected result.
2) Performance Tests:
Performance Tests should be designed to verify the response time, execution time,
primary and secondary memory utilization, traffic rates on data channels and
communication links.
3) Stress Tests:
Stress testing is a form of testing that is used to determine the stability of a given system.
It involves testing beyond normal operational capacity, often to a breaking point.
4) Structural Tests:
Structural Tests are concerned with examining the internal processing logic of a software
system. (E.g. for tax calculation, the verification of the logic is a structural test.)
5) Parallel Tests:
In Parallel Tests, the same test data is used in the new and old system and the output
results are then compared.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.37
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Techniques of Unit Testing:
I) Static Analysis Testing:
Static Analysis Tests are conducted on source programs.
It is generally conducted without any execution of programs in operating conditions.
Some important Static Analysis Tests are as follows:
1) Desk Check:
This is done by the programmer himself.
He checks for logical syntax errors, and deviation from coding standards.
2) Structured walk-through:
The application developer leads other programmers through the text of the program and
explanation to uncover errors.
3) Code inspection:
The program is reviewed by a formal committee.
Review is done with formal checklists.
II) Dynamic Analysis Testing:
Such testing is conducted through execution of programs in operating conditions.
Techniques for dynamic testing and analysis include the following:
1) Black Box Testing:
Black Box Testing takes an external perspective of the test object to derive test cases.
The test designer selects typical inputs including simple, extreme, valid & invalid input-
cases and executes to uncover errors.
There is no knowledge of the test object's internal structure.
This method of test design is applicable to all levels of software testing i.e. unit,
integration, functional testing, system testing.
If a module performs a function which it is not supposed to, the black box test does not identify it.
2) White Box Testing:
White box testing uses an internal perspective of the system to design test cases based on
internal structure.
It requires programming skills to identify all paths through the software.
The tester chooses test case inputs to exercise paths through the code and determines the
appropriate outputs.
After obtaining a clear picture of the internal workings of a product, tests can be conducted
to ensure that the internal operation of the product conforms to specifications and all the
internal components are adequately exercised.
3) Gray Box Testing:
Gray box testing is a software testing technique that uses a combination of black box testing
and white box testing.
In gray box testing, the tester applies a limited number of test cases to the internal
workings of the software under test.
In the remaining part of the gray box testing, one takes a black box approach in applying
inputs to the software under test and observing the outputs.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.38
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
B) Integration Testing:
Integration testing is an activity of software testing in which individual software modules
are combined and tested as a group.
It occurs after unit testing and before system testing with an objective to evaluate the
connection of two or more components that pass information from one area to another.
This is carried out in the following manner:
1) Bottom-up Integration:
Bottom-up integration is used to integrate the components of a software system into a
functioning whole.
It consists of unit testing, followed by sub-system testing, & then testing of the entire
system.
Bottom-up testing is easy to implement as at the time of module testing, tested
subordinate modules are available.
The disadvantage is that testing of major control points is deferred to a later period.
2) Top-down Integration:
Top - down integration starts with the main routine and stubs are substituted for the
modules, directly subordinate to the main module.
Stubs are incomplete portion of program code that is put under function to allow the
function and the program to be compiled and tested.
Once the main module testing is complete, stubs are substituted with real modules one by
one, and these modules are tested.
The difficulty arises in the top-down method, because the high-level modules are tested, not
with real outputs from subordinate modules, but from stubs.
3) Regression Testing:
Regression Testing is performed when a new module is added or any modification is made
to the existing software.
New data flow paths are established, new I/O may occur.
These changes may cause problems with functions that previously worked flawlessly.
This testing ensures that changes or corrections have not introduced new faults.
The data used for the regression tests should be the same as the data used in the
original test.
C) System Testing:
System testing is a process in which software & other system elements are tested as a
whole.
The purpose of system testing is to ensure that the new or modified system functions
properly.
The types of testing that might be carried out are as follows :
1) Recovery Testing:
To verify how well the application is able to recover from crashes, hardware failures etc.
Recovery testing is the forced failure of the software in a variety of ways to verify that
recovery is properly performed.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.39
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2) Security Testing:
To check whether the Information System protects data & maintains functionality as intended.
It ensures the existence and proper execution of access controls in the new system.
The six basic security concepts that need to be covered by security testing are:
Confidentiality Availability Authorization
Integrity Authentication Non-repudiation
3) Stress or Volume Testing:
Stress testing is used to determine the stability of a given system.
It involves testing beyond normal operational capacity in order to observe the results.
Stress testing may be performed by testing the application with large quantity of data during
peak hours to test its performance.
4) Performance Testing:
Software performance testing is used to determine the speed or effectiveness of a
computer, network, software program.
This testing technique compares the new system's performance with that of similar systems
using well defined benchmarks.
D) Final Acceptance Testing:
Final Acceptance Testing is conducted when the system is just ready for implementation.
During this testing, it is ensured that new system satisfies:
The quality standards adopted by the business &
The users.
Final acceptance testing has two major parts:
1) Quality Assurance Testing:
It ensures that:
Development process of new system is as per the organization’s quality assurance policy
New System satisfies the prescribed quality standards
2) User Acceptance Testing:
It ensures that new system addresses the functional aspects expected by the users.
There are two types of the user acceptance testing described as follows:
i) Alpha Testing:
This is the first stage, often performed by the users within the organization, to improve and
ensure the quality/functionalities as per users’ satisfaction.
ii) Beta Testing:
This is the second stage, generally performed by the external users during the real life
execution of the project.
It normally involves sending the product outside the development environment for real
world exposure and receives feedback for analysis and modifications.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.40
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
E) Internal Testing Controls:
Some of the key control aspects to be addressed by the responses to following queries are:
Whether test data used covers all possible aspects of system?
Whether test results have been documented?
Whether modifications needed based on test results have been done?
Whether modifications made have been properly authorized and documented?
3.7) System Implementation
The process of ensuring that the information system is operational and then allowing users
to take over its operation for use and evaluation is called Systems Implementation.
A) Objective:
To implement the new system in the real operating environment i.e. put it into production.
B) Document / Deliverable :
A full documented system in its operational environment.
Implementation includes all those activities that take place to convert from the old system to
the new.
C) Activities:
The activities involved in System Implementation are as follows:
Conversion of data to the new System changeover
system files Evaluation of the system a regular
Training of end users intervals
Completion of user documentation
Some of the generic activities involved in system implementation stage are described
briefly as follows:
1) Equipment Installation:
Hardware required to support the new system is selected prior to implementation phase.
Hardware should be ordered in time to allow installation and testing of equipment during
the implementation phase.
Adequate time should be scheduled to allow completion of the following activities :
a) Site Preparation:
An appropriate location must be selected to provide an operating environment for the
equipment that will meet the vendor's temperature, humidity & dust control specifications.
b) Installation of New Hardware / Software:
The equipment must be physically installed by the manufacturer, connected-to the power
source and wired to communication lines, if required.
c) Equipment Checkout:
The equipment must be turned on for testing under normal operating conditions.
Though the routine 'diagnostic tests' should be run by the vendor, the implementation in-
house team should devise and run extensive tests of its own to ensure that equipment
functionalities in actual working conditions.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.41
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
2) Training Personnel:
A system can succeed or fail depending on the way it is operated and used.
Thus training is a major component of systems implementation.
When a new system is acquired which often involves new hardware and software, both
users and computer professionals generally need some type of training which are often
imparted through classes, which may be organised by vendors.
3) System Change-
Conversion or changeover is the process of changing over or shifting over from the old
system (may be the manual system) to the new system.
The Four types of popular implementation strategies are described as follows:
a) Direct Implementation / Abrupt Change-Over:
This is achieved through an abrupt takeover – an all or nothing approach.
With this strategy, the changeover is done in one operation, completely replacing the old
system in one go.
Direct Implementation which usually takes place on a set date.
b) Phased Changeover:
In this implementation strategy conversion to the new system taking place gradually.
For example - some new files may be converted and used by employees while other files
continue to be used on the old system i.e. new is brought in stages (phases).
If each phase is successful then the next phase is started, eventually leading to the final
phase when the new system fully replaces the old one.
c)Pilot Changeover:
In this, the new system replaces the old one in one operation but only on a small scale.
If successful then the pilot is extended until it eventually replaces the old system completely.
Any errors can be rectified or further beneficial changes can be introduced and replicated
throughout the whole system in good time with the least disruption.
For example - it might be tried out in one branch of the company or in one location.
d) Parallel Changeover:
This is considered the most secure method with both systems running in parallel over an
introductory period.
The old system remains fully operational while the new systems come online.
If all goes well, the old system is stopped and new system is carried on as the only system.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.42
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
4) Activities involved in conversion:
Changeover or conversion includes the following activities which must be completed to
successfully convert from the previous system to the new information system:
a ) Procedure Conversion:
Operating procedures should be carefully completed with sufficient documentation for the
new system.
Before any conversion activities can start, operating procedures must be clearly spelled out
for personnel in the functional areas undergoing changes.
Information on input, data files, methods, procedures, output, and internal control must
be presented in clear, concise and understandable terms.
Written operating procedures must be supplemented by oral communication during the
training sessions on the system change.
b) File Conversion:
The existing data files should be converted according to new system before system is
implemented.
Because large files of information must be converted from one medium to another, this
phase should be started long before programming and testing are completed.
Cost & related problems of file conversion are significant.
Adequate controls such as record counts should be in place while executing conversion
process.
Accuracy should be ensured in conversion by thoroughly testing file conversion
programs.
Existing files should be kept as backup in case any bug is detected while restructuring new file.
c) System conversion:
After files have been converted & the reliability of the new system has been confirmed for
a functional area, daily processing can be shifted from the existing information system to
the new one.
Considerations should be given to operating the old system for some more time to permit
checking & matching the results of both systems.
d) Scheduling Personnel and Equipment:
Scheduling data processing operations of a new information system for the first time is a
difficult task for the system manager.
As users become more familiar with the new system, the job becomes more routine.
Schedules should be set up by the system manager in conjunction with departmental
managers of operational units.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.43
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3.8) Post Implementation Review and Systems Maintenance
Post Implementation Review:
A Post Implementation Review ascertains the extent to which the system:
Met its objectives.
Delivered planned levels of benefit.
Addressed the specific requirements as originally defined.
PIR examines the efficacy of all elements of the working business solution to see if further
improvements can be made to optimize the benefit delivered.
Two basic dimensions of Information system that should be evaluated are:
Whether the newly developed system is operating properly.
Whether the user is satisfied with the information system with regard to the reports
supplied by it.
PIR involves the following evaluation:
1) Development evaluation:
Evaluation of the development process is primarily concerned with whether the system was
developed on schedule and within budget.
It requires schedules and budgets to be established in advance and that record of actual
performance and cost be maintained.
2) Operation evaluation:
The evaluation of the information system's operation pertains to whether the hardware,
software and personnel are capable to perform their duties.
It tries to answer the questions related to functional aspects of the system.
Example- whether system is supporting 100 terminals.
3) Information evaluation:
The objective of an information system is to provide information to support the
organizational decision system.
Therefore the extent to which information provided by the system is supportive to
decision making is the area of concern in evaluating the system.
System Maintenance:
Most information systems require at least some modification after development.
The need for modification arises from a failure to anticipate all requirements during system
design and/or from changing organizational requirements
Maintenance can be categorized in the following ways:
1) Scheduled Maintenance:
Scheduled maintenance is anticipated and can be planned for operational continuity &
avoidance of anticipated risks
2) Rescue Maintenance:
Rescue maintenance refers to previously undetected malfunctions that were not
anticipated but require immediate solution.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.44
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
3) Corrective Maintenance:
It deals with fixing bugs in the code or defects found during the executions.
A defect can result from design errors, logic errors, coding errors etc.
Corrective maintenance is usually initiated by bug reports drawn up by the end users.
4) Adaptive Maintenance:
Adaptive maintenance consists of adapting software to changes in the environment, such as
the hardware or the operating system.
The need for adaptive maintenance can only be recognized by monitoring the environment.
5) Perfective Maintenance:
Perfective maintenance mainly deals with accommodating to new or changed user
requirements and concerns functional enhancements to the system and activities to
increase the system’s performance or to enhance its user interface.
6) Preventive Maintenance:
Preventive maintenance concerns activities aimed at increasing the system’s
maintainability, such as updating documentation, adding comments.
As a large program is continuously changed, its complexity increases unless work is done
to maintain or reduce it.
This work is known as preventive maintenance.
Part 4-Auditors’ Role in SDLC
The audit of systems under development can have three main objectives:
1) Provide an opinion on the efficiency, effectiveness, & economy of project management.
2) Assess the extent to which the system being developed provides for adequate audit trails
and controls to ensure the integrity of data processed and stored.
3) Assess the effectiveness controls being provided for the management of the system's
operation.
For addressing the above objectives auditor should:
1) Attend project and steering committee meetings & examine project control
documentation and conducting interviews to ensure ‘what project control standards are to
be complied with, and determining the extent to which compliance is being achieved.
2) Examine system documentation such as functional specification to arrive at an opinion on
controls.
3) Consider a list of the standard operational controls such as response time, CPU usage etc.
In order to form overall opinion about SDLC phases, the auditor may use a rating system to
rate various phases of SDLC.
In order to audit technical work products (such as database design), auditor may opt to
include a technical expert to seek his/her opinion on the technical aspects of SDLC. However
auditor will have to give control objectives, directives and in general validate the opinion
expressed by technical experts.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.45
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Some of the control considerations for an auditor are:
Documented policy and procedures.
Developers/ IT managers are trained on the procedures.
Appropriate approvals are being taken at identified mile-stones.
Development is carried over as per standards, functional specifications.
Source Code is properly secured.
Adequate audit trails are provided in system/
Business owners testing and approval before system going live.
Auditor should perform PIR to determine whether the system adequately meets earlier
identified business requirements and needs.
Part 5- Miscellaneous Topics
Part 5-Miscellaneous Topics
5.1) -Operation Manuals 5.2)-SDLC Misc. Topics
5.1) Operation Manuals:
Operation Manual is also known as user’s guide, is a technical communication document
intended to give assistance to people using a particular system.
It is usually written by a technical writer.
Operation manuals are most commonly associated with electronic goods, computer
hardware and software.
The section of an operation manual after include the following:
A cover page, a title page and copyright page
A preface,(showing how to navigate the user guide)
A contents page
A guide on how to use at least the main functions of the system
A FAQ (Frequently Asked Questions)
Where to find further help, and contact details
5.2) SDLC Miscellaneous Topics:
SDLC framework provides system designers & developers to follow sequence of activities.
SDLC consists of a set of phases in which each phase of SDLC uses the results of previous one.
SDLC ensures that documents are produced at crucial stages during the process.
These are sometimes referred to as deliverables which are critical for successful
management of an IS project.
The SDLC can be viewed as process oriented.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.46
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
Advantages of SDLC are :
1) Better planning and control by project managers.
2) Phases are important milestones & help project manager & users for review & signoff.
3) Documentation produced is an important measure of communication & control.
4) Compliance to prescribed standards ensures better quality.
Advantages of SDLC from view point of the IS Audit are:
1) The IS auditor can have clear understanding of the various phases on the basis of the
detailed documentation created during each phase of the SDLC.
2) The IS auditor can provide an evaluation of the methods and techniques used through the
various development phases of the SDLC.
3) The IS Auditor on the basis of his examination, can state in his report about the compliance
by the IS management of the procedures, if any, set by the management.
4) The IS Auditor, if has a technical knowledge and ability of the area of SDLC, can be a guide
during the various phases of SDLC.
Shortcomings and anticipated risks associated with the SDLC are as follows:
1) The development team may find it cumbersome.
2) The users may find that the end product is not visible for a long time.
3) The rigidity of the approach may prolong the duration of many projects.
4) It may not be suitable for small and medium sized projects.
Important Questions:
1) Discuss the key characteristics of Waterfall Model in brief. Also explain its major
strengths & weaknesses.
2) Briefly explain Prototyping approach and its major strengths.
3) What is Rapid Application Development? Discuss its strengths and weaknesses in brief.
4) Explain major strengths and weaknesses of Spiral model.
5) What do you understand by agile model of software development? Also explain its major
strengths and weaknesses in brief.
6) State and briefly explain the stages of System Development Life Cycle (SDLC).
7) The top management of company has decided to develop a computer information system
for its operations. Is it essential to conduct the feasibility study of system before
implementing it? If answer is yes, state the reasons. Also discuss three different angles
through which feasibility study of the system is to be conducted.
8) What are the possible advantages of SDLC from the perspective of IS Audit?
9) What are the major aspects that need to be kept in mind while eliciting information to
delineate scope?
10) System Analysts use various fact-finding techniques for determining the needs/
requirements of a system to be developed. Explain these techniques in brief.
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.47
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
11) Discuss in detail, how the analysis of present system is made by the system analyst?
12) Explain two primary methods used for the analysis of the scope of a project in SDLC.
13) What are the major objectives of system requirements analysis phase in the SDLC?
14) Describe briefly four categories of major tools that are used for system development.
15) Bring out the reasons as to why organizations fail to achieve their Systems Development
Objectives?
16) Discuss major characteristics of a good coded program in brief.
17) What is Unit Testing? Explain five categories of tests that a programmer typically performs
on a program unit.
18) Explain the following testing techniques:
a) Black Box Testing
b) White Box Testing
c) Gray Box Testing
19) Explain different changeover strategies used for conversion from old system to new
system.
20) Discuss briefly, various activities that are involved for successful conversion with respect to
a computerized information system.
21) Discuss the roles of the following with reference to SDLC:
a) Steering Committee
b) System Analyst
c) Database Administrator
d) IS Auditor
22) Write short notes on the following:
a) Final Acceptance Testing
b) Static Testing
c) Regression Testing
d) System Testing
e) Preventive Maintenance
f) Data Dictionary
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
Yuvraj Bachhawat’s CA Final – ISCA 5.48
Academy Ch. 5 – Acquisition, Development &
Implementation of Information System
© CA YUVRAJ BACHHAWAT (DISA)
(M) 07096111123
You might also like
- System Analysis & Design: Chapter One: Systems Planning and SelectionNo ratings yetSystem Analysis & Design: Chapter One: Systems Planning and Selection230 pages
- Data Mining Concepts Models and Techniques 1st Edition by Florin Gorunescu ISBN 3642197213 9783642197215 Download100% (4)Data Mining Concepts Models and Techniques 1st Edition by Florin Gorunescu ISBN 3642197213 9783642197215 Download54 pages
- Systems Analysis and Design The Systems Analyst and Information Systems DevelopmentNo ratings yetSystems Analysis and Design The Systems Analyst and Information Systems Development72 pages
- Lecture 10 - SDLC System Design, Implementation, Operation, Maintenance andNo ratings yetLecture 10 - SDLC System Design, Implementation, Operation, Maintenance and26 pages
- Chapter 1. The Systems Analyst and Information Systems DevelopmentNo ratings yetChapter 1. The Systems Analyst and Information Systems Development42 pages
- Acquisition, Development and Implementation of Information SystemsNo ratings yetAcquisition, Development and Implementation of Information Systems64 pages
- Enhancing Supply Chain Resilience: A Machine Learning Approach For Predicting Product Availability Dates Under DisruptionNo ratings yetEnhancing Supply Chain Resilience: A Machine Learning Approach For Predicting Product Availability Dates Under Disruption21 pages
- Informationsystemsdevelopmentandacquisition-Lec 1No ratings yetInformationsystemsdevelopmentandacquisition-Lec 129 pages
- Example Thesis Documentation For Computer Science67% (3)Example Thesis Documentation For Computer Science7 pages
- Ionic Equilibrium - JEE Main 2024 January Question Bank - MathonGoNo ratings yetIonic Equilibrium - JEE Main 2024 January Question Bank - MathonGo6 pages
- Topic 4&5 - IS PROJECT MANAGEMENT AND IS ACQUISITIONNo ratings yetTopic 4&5 - IS PROJECT MANAGEMENT AND IS ACQUISITION9 pages
- #JX10 - Kevin Setiawan - Your Guide To Starting A Career in Business Intelligence - 2No ratings yet#JX10 - Kevin Setiawan - Your Guide To Starting A Career in Business Intelligence - 217 pages
- See Hear Think Feel and Imagine by Sattyakee D'com BhuyanNo ratings yetSee Hear Think Feel and Imagine by Sattyakee D'com Bhuyan4 pages
- Introduction - System Analysis and DesignNo ratings yetIntroduction - System Analysis and Design58 pages
- 3a. AIS Ch-3 System-Development-Process-AssignmentNo ratings yet3a. AIS Ch-3 System-Development-Process-Assignment13 pages
- III Q# MODULE 2 Lesson 3 Conceptual FrameworkNo ratings yetIII Q# MODULE 2 Lesson 3 Conceptual Framework2 pages
- Chapter 12 - Information Systems DevelopmentNo ratings yetChapter 12 - Information Systems Development27 pages
- Mis Assignment: Submitted By-Gayatri Panjwani Bba Iii 28No ratings yetMis Assignment: Submitted By-Gayatri Panjwani Bba Iii 2813 pages
- CH17-7Ed Acquiring and Implementing AISNo ratings yetCH17-7Ed Acquiring and Implementing AIS34 pages
- Systems Analysis Design and Development ConceptNo ratings yetSystems Analysis Design and Development Concept30 pages
- Acquisition, Development and Implementation of Information SystemsNo ratings yetAcquisition, Development and Implementation of Information Systems32 pages
- Systems Development Life Cycle (SDLC) - A StructuredNo ratings yetSystems Development Life Cycle (SDLC) - A Structured38 pages
- Solving Business Problems With Information SystemsNo ratings yetSolving Business Problems With Information Systems36 pages
- UNIT-6 (DEV and Maintainence of Info Systms) 1. Systems Analysis and DesignNo ratings yetUNIT-6 (DEV and Maintainence of Info Systms) 1. Systems Analysis and Design16 pages
- Introduction To Systems Development ProgrammersNo ratings yetIntroduction To Systems Development Programmers4 pages
- Information Systems (IS) Development/ Application Development - Systems ApproachNo ratings yetInformation Systems (IS) Development/ Application Development - Systems Approach9 pages
- Detailed Lesson Plan in Trends, Network & Critical Thinking (2 Quarter)100% (4)Detailed Lesson Plan in Trends, Network & Critical Thinking (2 Quarter)5 pages
- Introduction To Systems Design and AnalysisNo ratings yetIntroduction To Systems Design and Analysis33 pages
- Automated Software Testing Interview Questions You'll Most Likely Be AskedFrom EverandAutomated Software Testing Interview Questions You'll Most Likely Be AskedNo ratings yet
- Software Testing Interview Questions You'll Most Likely Be AskedFrom EverandSoftware Testing Interview Questions You'll Most Likely Be AskedNo ratings yet
