Scribd
Upload
396 views

Chapter 8 SDLC

The document discusses the software development life cycle (SDLC) and system administration. It describes the SDLC framework and different types of models like waterfall, prototyping, and agile. It outlines the benefits of SDLC for planning, quality control, documentation, and review. It also discusses the benefits and risks of SDLC for auditors and projects. The document then explains the basic steps of analysis, development, testing, and implementation. Finally, it covers pre-implementation and post-implementation audits, outlining their purposes and disadvantages.

Uploaded by

Richard Ngalu Yalakwanso
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
396 views

Chapter 8 SDLC

The document discusses the software development life cycle (SDLC) and system administration. It describes the SDLC framework and different types of models like waterfall, prototyping, and agile. It outlines the benefits of SDLC for planning, quality control, documentation, and review. It also discusses the benefits and risks of SDLC for auditors and projects. The document then explains the basic steps of analysis, development, testing, and implementation. Finally, it covers pre-implementation and post-implementation audits, outlining their purposes and disadvantages.

Uploaded by

Richard Ngalu Yalakwanso
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

System Administration

(Software/System Development Life


Cycle)

Notes

Software/System Development Life


Cycle (SDLC)

This is a framework that describes activities


performed at each stage of a Software/System
development project
Can have different types i.e. :

Waterfall
Prototyping
Agile
And so many more

SDLC - Benefits

Better planning and control by project managers.


Compliance to prescribed standards ensuring
better quality.
Documentation that SDLC stresses on is an
important measure of communication and control.
The phases are important milestones and help the
project manager and the user for review and sign
off.

SDLC Benefits for Auditors

The IS auditor can have clear understanding of the various


phases if the SDLC on the basis of the detailed
documentation created during each phase of the SDLC.
The IS Auditor on the basis of his examination, can state in
his report about the compliance by the IS management of the
procedures, if any, set by the management.
The IS Auditor, if has a technical knowledge and ability of the
area of SDLC, can be a guide during the various phases of
SDLC.
The IS auditor can provide an evaluation of the methods and
techniques used through the various development phases of
the SDLC

SDLC - Risks

The development team might find it


cumbersome
The users my find the end product is not visible
for a long time
The rigidity of the approach may prolong the
duration of many projects
It may not be suitable for small and medium
sized projects

SDLC The Basic Steps

Primarily the major steps of the SDLC model


are 6, namely Preliminary Investigation,
Requirement Analysis, Systems Design,
Systems Development, System Testing,
System Implementation and Maintenance
But for the purposes of this course, we will only
look at the 4 basic steps of : Analysis,
Development, Testing & Implementation.

SDLC The Basic Steps Cont.

Analysis: - Here you are analyzing the type of system on the basis of the
users requirements. Facts of what the users require can be obtained
through documents, questionnaires, interviews, observations
Development: - here you are programming or developing the system as
designed and conducting the continuous testing and debugging by
converting the specification into a functioning system
Testing: - At this stage, various kinds of testing are conducted before the
developed system is implemented
Implementation: - Final Testing and quality of controls audit, acceptance
by management and user before migration of the system to the live
environment and data conversion from legacy system to the new system.
More on this stage can be read from the attached pdf

System/Software Development
Audits

The system development process is a project that


a company undertakes. For more detailed
information about what we will be discussing here
can be found in the IT Auditing Text book (Schiller
and Davis page 367 Auditing company projects)
Even though the audit process never really stops
during the entire project duration, there are a few
significant differences between the audits that
occur on either side of the implementation
process (pre and post)

Pre-Implementation Audits

A pre-implementation audit is an audit carried out on


departmental/agency systems during the design/development and
installation process rather than after the system has been turned
over to the client for operation.
Why??? The rationale for initiating pre-implementation auditing is
that it is more cost-effective to correct weaknesses in the control
framework during the design/ development and installation
process than after implementation, when large quantities of
resources have been expended and strong commitment to the
entity under design has been generated.
This does not eliminate the need for post-implementation audits
as there is no assurance that what was designed and installed
was maintained or operated as intended, and that the original
requirements continue to hold true.

Pre-Implementation Audits Cont.

Here the auditor has to ensure that the correct


processes are followed during the system
development process.
The auditor also has to audit the control
frameworks that are being embedded in the design
of the said system
The major disadvantage of the pre-implementation
audit is that of impairing independence. This means
that the auditor during the audit process will impact
the design of the system if not properly monitored.

Post Implementation Audits

A Post-Implementation Review (PIR) is an assessment and


review of the completed working solution. It will be performed
after a period of live running, some time after the project is
completed.
There are three main reasons of a PIA

To ascertain the degree of success from the project, in particular, the


extent to which it met its objectives, delivered planned levels of benefit, and
addressed the specific requirements as originally defined.
To examine the efficacy of all elements of the working business solution to
see if further improvements can be made to optimise the benefit delivered.
To learn lessons from this project, lessons which can be used by the team
members and by the organisation to improve future project work and
solutions.

Post Implementation Audit Cont.

Post Implementation Audits are done by auditors and should


look at these main issues

Current Situation : - to check if the required functionality is


available, also whether procedures are properly documented,
published and known about
Benefits : - to check the final cost of the project and also what are
the operating costs of the new solution
Future Improvements : - evaluate whether coaching and training
can improve the degree of benefits of the new system. Also can see
which learning points can be used for future projects to improve
efficiency and effectiveness.

The major disadvantage of PIA is that it becomes costly to


correct problems that were made during the development
stages

Software Security Auditing and


Control

Part B Incident Response and basic steps:

Identification

Containment

Collection

Recovery

Analysis

You might also like