Chapter 5: Systems Development and Program Change Activities Flashcards
___________________ are systems analysts, systems engineers, and programmers. These individuals actually build the system. They gather facts about problems with the current system, analyze these facts, and formulate a solution to solve the problems. The product of their efforts is a new system.
Systems Professionals
____________________ are those for whom the system is built. There are many of these at all levels in an organization.
End Users
During systems development, systems professionals work with the ______________ to obtain an understanding of the users’ problems and a clear statement of their needs.
primary users
__________________ are individuals either within or outside the organization who have an interest in the system but are not end users. These include accountants, internal and external auditors, and the internal steering committee that oversees systems development.
Stakeholders
______________________ are those professionals who address the controls, accounting, and auditing issues for systems development. This involvement should include internal auditors and IT auditors.
Accountants/Auditors
Accountants are involved in systems development in three ways. These are:
- First, accountants are users. All systems that process financial transactions impact the accounting function in some way.
- Second, accountants participate in systems development as members of the development team. Their involvement often extends beyond the development of strictly AIS applications.
- Accountants are involved in systems development as auditors. Accounting information systems must be auditable.
Organizations usually acquire information systems in two ways:
(1) they develop customized systems in-house through formal systems development activities and
(2) they purchase commercial systems from software vendors. This section of the text discusses these two alternatives.
These firms design their own information systems through in-house systems development activities. ____________________ requires maintaining a full-time systems staff of analysts and programmers who identify user information needs and satisfy their needs with custom systems.
In-House Development
SDLC stands for
Software Development Life Cycle
A growing number of systems are purchased from software vendors. Faced with many competing packages, each with unique features and attributes, management must choose the system and the vendor that best serve the needs of the organization. Making the optimal choice requires that this be an informed decision. This is a _______________.
Commercial Systems
Four factors have stimulated the growth of the commercial software market:
(1) the relatively low cost of general commercial software as compared to customized software;
(2) the emergence of industry-specific vendors;
(3) a growing demand from businesses that are too small to
afford in-house systems’ development staff; and
(4) the trend toward downsizing of organizational units
Commercial software packages fall
into three basic groups:
- turnkey systems
- backbone systems
- vendor-supported
systems.
_____________ are completely finished and tested systems that
are ready for implementation. These are often general-purpose systems or systems customized to a specific industry. ______________ are usually sold only as compiled program modules, and users have limited ability to customize them to their specific needs.
Turnkey systems
___________________ are designed to serve a wide variety of user needs. By mass-producing a standard system, the vendor is able to reduce the unit cost of these systems to a fraction of in-house development costs.
General Accounting Systems.
To provide as much flexibility as possible, _______________ are designed in modules. This allows users to purchase the modules that meet their specific needs. Typical modules include accounts payable, accounts receivable, payroll processing, inventory control, general ledger, financial reporting, and fixed asset.
General accounting systems
Some software vendors create ______________________
that target selected segments of the economy. For example, the medical field, the banking industry, and government agencies have unique accounting procedures, rules, and conventions that general-purpose accounting systems do not always accommodate. Software vendors have thus developed standardized systems to deal with industry-specific
procedures.
Special-Purpose Systems.
_______________________ are computer systems that improve the productivity of office workers. Examples include word processing packages, database management systems, spreadsheet programs,
and desktop publishing systems.
Office Automation Systems.
_________________ provide a basic system structure on which to build. These systems come with all the primary processing modules programmed. The vendor designs and programs the user interface to suit the client’s needs.
Backbone Systems.
These systems are hybrids of custom systems and commercial software. Under this approach, the vendor develops (and maintains) custom systems for its clients. The systems themselves are custom products, but the systems development service is commercially provided. This option is popular in the health care and legal services industries.
Vendor-Supported Systems.
The three advantages of commercial software:
- Implementation of Time - commercial software can be implemented almost immediately once a need is recognized.
- Cost - The cost of commercial software is spread across many users; the unit cost is reduced
to a fraction of the cost of a system developed in-house. - Reliability - Most reputable commercial software packages are thoroughly tested before their release to the consumer market.
The three disadvantages of commercial software:
- Vendor Dependence - Purchasing a vendor-supported system makes the firm dependent on the vendor for maintenance.
- The need for customized systems - Sometimes, the user’s needs are unique and complex, and commercially available software is either too general or too inflexible.
- Maintenance - Business information systems undergo frequent changes. If the user’s needs change, it may be difficult or even impossible to modify commercial software.
The phases of SDLC are:
- Systems Planning
- Systems Analysis
- Conceptual Design
- Systems Selection
- Detailed Design
- Programming and Testing
- Implementation
- New Systems Development
- Systems Maintenance
The objective of systems planning is to:
to link individual system projects or applications to the strategic objectives of the firm
Who should do Systems Planning?
Steering Committee - The composition of the steering committee may include the chief executive officer, the chief financial officer,
the chief information officer, senior management from user areas, the internal auditor, and senior management from computer services.
Typical responsibilities for a steering committee include the following:
- Resolving conflicts that arise from new systems
- Reviewing projects and assigning priorities
- Budgeting funds for systems development
- Reviewing the status of individual projects under development
- Determining at various checkpoints throughout the SDLC whether to continue with the project or terminate it
Systems planning occurs at two levels:
strategic systems planning and project planning.
_________________ involves the allocation of systems resources at the macro level. It usually deals with a time frame of 3 to 5 years. This process is similar to budgeting resources for other strategic activities, such as product development, plant expansions, market research, and manufacturing technology
Strategic systems planning
There are four justifications for strategic systems planning:
- A plan that changes constantly is better than no plan at all.
- Strategic planning reduces the crisis component in systems development
- Strategic systems planning provides authorization control for the SDLC
- Cost management.
This is a level of systems planning whose purpose is to allocate resources to individual applications within the framework of the strategic plan. This involves identifying areas of user needs, preparing proposals, evaluating each proposal’s feasibility and contribution to the business
plan, prioritizing individual projects, and scheduling the work to be done.
Project Planning
The product of the project planning phase consists of two formal documents:
the project proposal and the project
schedule.
The _______________ provides management with a basis for deciding whether to proceed with the project.
Project Proposal
The ________________ represents management’s commitment to the project. It is a budget of the time and costs for all the phases of the SDLC.
Project Schedule
This is the second phase of SDLC. ____________________ is a two-step process involving first a survey of the current system and then an analysis of the user’s needs. A business problem must be fully understood by the systems analyst before he or she can formulate a solution.
Systems analysis
Most systems are not developed from scratch. Usually, some form of information system and related procedures are currently in place. The analyst often begins the analysis by determining what elements, if any, of the current system should be preserved as part of the new system. This involves a rather detailed ______________.
system survey
Disadvantages of Surveying the Current System:
- Current physical tar pit - This term is used to describe the tendency on the part of the analyst to be “sucked in” and then “bogged down” by the task of surveying the current dinosaur system.
- Thinking inside the box. - By studying and modeling the old system, the analyst may develop a constrained notion about how the new system should function. The result is an improved old system rather than a radically new approach.
Advantages of Surveying the Current System
- Identifying what aspects of the old system should be kept.
- Forcing systems analysts to fully understand the system.
- Isolating the root of problem symptoms
A system fact that includes external entities, such as customers or vendors, as well as internal sources from other departments.
Data sources.
A system fact that include both managers and operations users
Users.
A system fact that comprise of the files, databases, accounts, and source documents used in the system.
Data stores.
A system fact that involves processing tasks that are manual or computer operations that represent a decision or an action triggered by information.
Processes.
System facts that are represented by the movement of documents and reports between data sources, data stores, processing tasks, and users. They can also be represented in UML diagrams.
Data flows.
These are system facts that include both accounting and operational controls and may be manual procedures or computer controls.
Controls
Understanding the characteristics of ___________________________ and its rate of growth are important elements in assessing capacity requirements for the new system.
Transaction volumes
As a system reaches capacity, _______________ increase to an intolerable level. Although no system
is perfect, the analyst must determine the acceptable error tolerances for the new
system.
Error rates.
These are the resources used by the current system that nclude the costs of labor, computer time, materials (such as invoices), and direct overhead
Resource costs.
Delays may be caused by ________________ such as unnecessary approvals or sign-offs
redundant operations
In fact gathering for surveys, systems analysts employ several techniques to gather the previously cited facts. Commonly used techniques include:
observation
task participation
personal interview
reviewing key documents.
A fact-gathering technique that involves passively watching the physical procedures of the system. This allows the analyst to determine what gets done, who performs the tasks, when they do them, how they do them, why they do them, and how long they take.
Observation.
This is a fact-gathering technique that is an extension of observation, whereby the analyst takes an active role in performing the user’s work. This allows the analyst to experience first-hand the problems involved in the operation of the current system.
Task Participation
A fact-gathering technique that is a method of extracting facts about the current system and user perceptions about the requirements for the new system. The instruments used to gather these facts may be open-ended questions or formal questionnaires.
Personal Interviews.
A fact-gathering technique that is a method of extracting facts about the current system and user perceptions about the requirements for the new system. The instruments used to gather these facts may be open-ended questions or formal questionnaires.
Personal Interviews.
This instrument used in an interview allows users to elaborate on the problem as they see it and offer suggestions and recommendations. Answers to these questions tend to be difficult to analyze, but they give the analyst a feel for the scope of the problem
Open-ended questions
An instrument used in interviews that are used to ask more specific, detailed questions and to restrict the
user’s responses. This is a good technique for gathering objective facts about the nature of specific procedures, volumes of transactions processed, sources of data, users
of reports, and control issues.
Questionnaires
____________________ is an intellectual process that is commingled with fact gathering. The
analyst is simultaneously analyzing as he or she gathers facts. The mere recognition of a problem presumes some understanding of the norm or desired state. It is therefore difficult to identify where the survey ends and the analysis begins.
Systems analysis
The event that marks the conclusion of the systems analysis phase is the __________________.
preparation of a
formal systems analysis report
This report presents to management or the steering committee the survey findings, the problems identified with the current system, the user’s needs, and the requirements of the new system
systems analysis report
The third phase of the SDLC is ______________________________
Conceptual Systems Design
The purpose of the ______________________ is to produce several alternative conceptual systems that satisfy the system requirements identified during systems analysis.
conceptual design
Two approaches to conceptual system design:
the structured approach and the object-oriented approach
________________________ builds systems from the bottom up through the assembly of reusable modules rather than creating each system from scratch.
Object-oriented design
The _________________________ is a disciplined way of designing systems from the top down. It consists of starting with the “big picture” of the proposed system that is gradually decomposed into more and more detail until it is fully understood.
structured design approach
The _________________________ should highlight the differences between critical features of competing systems rather than their similarities.
Conceptual Design Phase
The __________________ approach is to build information systems from reusable standard components or objects. This approach may be equated to the process of
building an automobile.
object-oriented design (OOD)
The _______________________ is central to the object-oriented approach to systems design.
concept of reusability
The fourth phase of SDLC is __________________.
systems
evaluation and selection phase
_________________________ is the procedure for selecting the one system from the set of alternative conceptual designs that will go to the detailed design phase. It is an optimization process that seeks to identify the best system. This decision represents a critical juncture in the SDLC.
System Evaluation and Selection
The evaluation and selection process involves two steps:
- Perform a detailed feasibility study
- Perform a cost-benefit analysis
In assessing project feasibility, this is concerned with whether the system can be developed under existing technology or if new technology is needed.
Technical Feasibility
In assessing project feasibility, this pertains to the availability of funds to complete the project. At this point, we are concerned with management’s financial commitment to this project in view of other competing capital projects under consideration.
Economic Feasibility
In assessing project feasibility, this identifies any conflicts between the conceptual system and the company’s ability to discharge its legal responsibilities.
Legal Feasibility.
In assessing project feasibility, this shows the degree of compatibility between the firm’s existing procedures and personnel skills and the operational requirements of the new system.
Operational Feasibility
In assessing project feasibility, this relates to the firm’s ability to implement the project within an acceptable time. This feasibility factor impacts both the scope of the
project and whether it will be developed in-house or purchased from a software vendor.
Schedule Feasibility
This helps management determine whether (and by how much) the
benefits received from a proposed system will outweigh its costs. This technique is frequently used for estimating the expected financial value of business investments.
Cost–benefit analysis
There are three steps in the application of cost–benefit analysis:
identify costs, identify benefits, and compare costs and benefits.
These costs include the initial investment to develop and implement the system.
One-time costs
These include operating and maintenance costs that recur over the life of the system.
Recurring costs
Identify if one-time cost or recurring cost: Hardware acquisition
one-time cost
Identify if one-time cost or recurring cost: Site preparation
one-time cost
Identify if one-time cost or recurring cost: Software acquisition
one-time cost
Identify if one-time cost or recurring cost: Systems design
one-time cost
Identify if one-time cost or recurring cost: Programming and testing
one-time cost
Identify if one-time cost or recurring cost: Data conversion from old system to new system
one-time cost
Identify if one-time cost or recurring cost: Personnel training
one-time cost
Identify if one-time cost or recurring cost: Hardware maintenance
Recurring Costs
Identify if one-time cost or recurring cost: Software maintenance contracts
Recurring Costs
Identify if one-time cost or recurring cost: Insurance
Recurring Costs
Identify if one-time cost or recurring cost: Supplies
Recurring Costs
Identify if one-time cost or recurring cost: Personnel
Recurring Costs
This cost includes the cost of mainframe, minicomputers, microcomputers, and peripheral equipment, such as tape drives and disk packs. These cost figures can be obtained from the vendor.
- Hardware acquisition.
This cost involves such frequently overlooked costs as building
modifications (e.g., adding air conditioning or making structural changes), equipment installation (which may include the use of heavy equipment), and freight charges.
Site preparation.
These costs apply to all software purchased for the proposed
system, including operating system software (if not bundled with the hardware), network control software, and commercial applications (such as accounting packages).
Estimates of these costs can be obtained from vendors.
Software acquisition
These costs apply to all software purchased for the proposed
system, including operating system software (if not bundled with the hardware), network control software, and commercial applications (such as accounting packages).
Estimates of these costs can be obtained from vendors.
Software acquisition
These costs are those incurred by systems professionals performing
the planning, analysis, and design functions. Technically, such costs incurred up to this point are “sunk” and irrelevant to the decision. The analyst should estimate only the costs needed to complete the detailed design.
Systems design cost
These costs are based on estimates of the personnel hours required to write new programs and modify existing programs for the proposed
system.
Programming and testing.
These costs arise in the transfer of data from one storage medium
to another. For example, the accounting records of a manual system must be converted to magnetic form when the system becomes computer-based
Data conversion
These costs involve educating users to operate the new system. In-house
personnel could do this in an extensive training program provided by an outside organization at a remote site or through on-the-job training
Training
This cost involves the upgrading of the computer (increasing the memory), as well as preventive maintenance and repairs to the computer and peripheral equipment
Hardware maintenance
These costs include upgrading and debugging operating systems, purchased applications, and in-house developed applications. Maintenance
contracts with software vendors can be used to specify these costs fairly accurately.
Software maintenance
This cost covers such hazards and disasters as fire, hardware failure,
vandalism, and destruction by disgruntled employees.
Insurance.
These costs are incurred through routine consumption of such items as
paper, magnetic disks, CDs, and general office supplies.
Supplies.
These are the salaries of individuals who are part of the information
system. Some employee costs are direct and easily identifiable, such as the salaries of operations personnel exclusively employed as part of the system under analysis.
Personnel costs.
Tangible benefits fall into two categories:
those that increase revenue and those that reduce costs.
The deliverable product of the systems selection process is the ___________________
systems selection report
This formal document consists of a revised feasibility study, a cost-benefit analysis, and a list and explanation of intangible benefits for each alternative design.
systems selection report
The Auditor’s Role in Evaluation and Selection:
Specifically, the auditor should ensure five things:
1. Only escapable costs are used in calculations of cost savings benefits.
2. Reasonable interest rates are used in measuring present values of cash flows.
3. One-time and recurring costs are completely and accurately reported.
4. Realistic useful lives are used in comparing competing projects.
5. Intangible benefits are assigned reasonable financial values.
The fifth phase of the SDLC is __________________.
detailed design phase
The purpose of the _______________________ is to produce a detailed description of the proposed system that both satisfies the system requirements identified during systems analysis
and is in accordance with the conceptual design.
detailed design phase
In this phase, all system components (user views, database tables, processes, and controls) are meticulously specified. At the end of this phase, these components are presented formally in a detailed design report. This report constitutes a set of blueprints that specify input screen formats, output report layouts, database structures, and process logic. These completed plans then proceed to the final phase in the
SDLC—systems implementation—where the system is physically constructed.
detailed design phase
After completing the detailed design, the development team usually performs a system design ___________ to ensure that the design is free from conceptual errors that could become programmed into the final system.
Walkthrough
This group is an independent one made up of programmers, analysts, users, and internal auditors. The job of this group is to simulate the
operation of the system to uncover errors, omissions, and ambiguities in the design
quality assurance group
The sixth phase of the SDLC is _________________________.
Application Programming and Testing
The sixth phase of the SDLC is _________________________.
Application Programming and Testing
A _______________________ requires the programmer to specify
the precise order in which the program logic is executed.
procedural language/third-generation languages (3GLs)
Under this model, the program’s code is not executed in a predefined sequence. Instead, external actions or “events” that are initiated by the user dictate the control flow of the program.
Event-Driven Languages
The seventh phase of SDLC is ________________.
system implementation phase
The system’s __________________ provides the auditor with essential information about how the system works.
documentation
Computer operators use documentation called a _________, which describes how to run the system
run manual
_________ have little or no experience with computers and are embarrassed to ask questions. They also know little about their assigned tasks. User training and documentation must be extensive and detailed.
Novices
The Auditor’s Role in System Implementation
Provide Technical Expertise
Specify Documentation Standards
Verify Control Adequacy and Compliance with SOX
One of the most important steps in the implementation stage actually takes place some months later in a __________________. The review is conducted by an independent team to measure the success of the system and of the process after the dust has
settled.
post-implementation review
The seventh phase of SDLC is ______________________
Systems Maintenance—
_____________________
is a formal process by which application programs undergo changes to accommodate
changes in user needs. Some application changes are trivial, such as modifying the system
to produce a new report or changing the length of a data field.
Systems maintenance
Under this approach, (also called the “Big Bang” approach), the firm switches to the new system and simultaneously terminates the old system. When implementing simple systems, this is often the easiest and least costly approach. With more complex systems, it is the riskiest.
cold turkey cutover approach
This new system conversion approach begins operating the new system in modules. For example, starting with the sales subsystem, followed by the inventory control subsystem, and finally the purchases subsystem.
phased cutover approach
However, this new system conversion approach can create incompatibilities between new subsystems and yet-to-be-replaced old subsystems. This problem may be alleviated by implementing special conversion systems that provide temporary interfaces during the cutover
period.
phased cutover approach
This new system conversion approach involves running the old system and the new system simultaneously for a period of time
Parallel Operation Cutover
Over a system’s life span, as much as _________ percent of its total cost may be incurred in the maintenance phase.
80 to 90
This is an activity in controlling new systems development that requires that each new
system request be submitted in writing by users to systems professionals who have both
the expertise and authority to evaluate and approve (or reject) the request.
Systems Authorization Activities
This is an activity in controlling new systems development that requires the active involvement of users in the system development process.
User Specification Activities
These activities in controlling new systems development translate the user specifications into a set of detailed technical specifications of a system that meets the user’s needs. The scope of these activities includes systems analysis, general systems design, feasibility analysis, and detailed systems design.
Technical Design Activities
This is an activity in controlling new systems development that requires the auditor to play an important role in the control of systems development activities, particularly in organizations whose users lack technical expertise
Internal Audit Participation
This is an activity under controlling new systems development that requires the individual modules of the system must be tested as a unified whole. A test team comprising user personnel, systems professionals, and internal audit personnel subjects the system to rigorous testing
User Test and Acceptance Procedures
Audit Objectives Related to New Systems Development
• Verify that SDLC activities are applied consistently and in accordance with management’s policies.
• Determine that the system as originally implemented was free from material errors and fraud.
• Confirm that the system was judged to be necessary and justified at various checkpoints throughout the SDLC.
• Verify that system documentation is sufficiently accurate and complete to facilitate audit and maintenance activities.
In larger computer systems, application program source code is stored on magnetic
disks called the
source program library (SPL)
Control Techniques for an SPL Environment
- Password Control
- Separate Test Libraries
- Audit Trail and Management Reports
- Program Version Numbers
- Controlling Access to Maintenance Commands
Audit Procedures related to System Maintenance
- Identify unauthorized changes
- Identify application errors
- Test Access to Libraries
