Domain 3: Information Systems Acquisition and Development Flashcards
What are the three project management structures?
Functional, Project and Matrix
Who is responsible for approving and prioritising projects?
The IT steering committee
What is the role of the IT strategy committee?
To guide and recommend the BoD on IT initatives.
What are three types of code size evaluation?
SLOC, FPA and COCOMO
What is CPM?
Critical path methodology. It is a project evaluation method which uses a critical path that is made up of the tasks that are longest to complete
What is PERT?
Program Evaluatoin Review Technique. Another project evaluation method which considers three differe scenarios. Optimistic (best), pessimistic (worst) and normal (most likely).
What are two proccess that should take place prior to the beginning of a project?
Business Case and Feasibility analysis
What are all the elements in feasibility study report?
Scope, current process, requirements, approach, evaluation and review
What is scope creep?
Scope creep refers to an uncontrolled project scope due to continuous changes
What happens in the Feasibility Study phase? (SDLC Phases)
It is the first phase. The expected benefits are outlined against the cost of the implementation.
What happens in the requirements phase? (SDLC Phases)
The second phase. Requirements of the new systems are detailed and documented.
What happens in the Software Selection and Acquisition phase? (SDLC Phases)
The third phase. This should contain the architectural and technical specifications of the new system. Security requirements need to be considered.
What happens in the development phase? (SDLC Phases)
The fourth phase. Development of the application takes place.
What happens in the testing and implementation phase? (SDLC Phases)
The fifth phase. Unit testing, system testing and UAT are conducted
What happens in the post-implementation phase? (SDLC Phases)
The sixth phase. Reviews are conducted and ROI is assessed.
What is the objective of Agile development approach?
To produce releasable software in short iterations without putting too much time into paper-based deliverables
What is a characteristic of agile?
Systematic review after completion of each iteration to identify areas of improvement
What is a characteristic of waterfall approach?
Suitable for when requirements are well defined and do not undergo frequent changes
What is a characteristic of a prototype approach?
It saves a considerable amount of time and cost but there is a risk of inadequate controls
What development technique uses a prototype that can be frequently updated to address business requirements?
Rapid Application Development
What is a benefit of object oriented development?
Object modules can be reused
What makes the OOSD method enable greated security?
It uses encapsulation
What is a benefit of component-based development?
Ability to support multiple development envrionments
What is, check digits?
A check digit is an extra digit, used for error detection. It helps to ensure that original data is not tampered or altered.
What are parity bits?
They are used to verify complete and accurate data transmission. Used as the simplest form of error-detecting code when data is transfered from one machine to another.
What are checksums?
Similar to parity bits but have the capability to recognise multi-bit errors.
What is forward error control?
Can detect errors but can also help to correct the errors on the receiving computer
What are the four data intergirty principles?
Atomicity, Consistency, Isolation and Durability
What is meant by atomicity?
Atomicity ensures that a process is completely fully or not processed at all. If there is an error during transfer, then it should be rolled back.
What is meant by consistency?
This ensures that all integrity conditions are appliced to each transaction in a database
What is meant by isolation?
This ensures that each transaction is kept seperated from other transactions
What is meant by durability?
This ensures that databases are resilient to survive any system failures
What are limit checks?
This is for input control. To ensure that only data within a predefinded limit can be entered to the system
What is automated systems balancing?
Helps to reconcile the total input with the total output. Helps to highlight if any transactions are lost during processing.
What is DSS?
The decision support system is an interactive decision-making framework. It supports semi-structured or less structured decisions. It also enables flexibility.
What is decision trees?
A questionnaire based process that helps lead a user through a series of choices.
What is unit testing?
Where individual units are tested. For example, Module A is tested seperately to Module B
What is intergrated testing?
This is where the connections between units is tested.
What are all the testing phases?
Unit testing > intergration testing > system testing and final acceptance training
What is the testing approach for unit testing?
Whitebox testing
What is the testing approach when testing the network between two or more systems?
Interface testing
When conducting regression tests, what datasets should be used?
The same dataset as previous
What is a benefit to bottom-up testing approach?
Erorrs can be found early in critical modules
What information source is best for detecting unauthorised input from a terminal?
The transaction journal because it records all transaction activity which can then be compared to authorised source documents
What is the greatest benefit in implementing an expert system?
Capturing the knowledge and experience of individuals in an organisation
What is the primary benefit to intergrating a total quality management into a softdev project?
End-user satisfaction because this is ultimately the measure of quality for staff.
When discovering that a IS department does not use any formal documented methodology or standards, what is the best cause of action?
To document the informal standards and test for compliance.
Which stage of the SDLC represents the last phase for software baselining to occur?
Design phase, any changes after this should go through a formal process
What can a control total check be used for?
This can be used when a system has been converted and you need to check that all the data has been converted
What does cohesion refter to?
Cohesion refers to the performance of a single, dedicated function
What does coupling refer to?
Coupling refers to the independce of comparable units.
What is the most effective way to control application maintenance?
By obtaining user approval for program changes
What is one of the tasks during the research stage of the benchmarking process?
Benchmarking partners are identified
What control is useful in detecting the duplication of a message?
Digital signature’s will ensure nonrepudication and avoid dummy/duplicate messages
What is the greatest risk within an Electronic Data Interchange environment?
Unauthroised transactions
What are Run-to-run totals?
Run-to-run totals provide the ability to verify data values through the stages of application processing. Run-to-run total verification ensures that data read into the computer were accepted and then applied to the updating process.
What are the benefits of an EDI system?
EDI enables real-time visibility into transaction status. This in turn enables faster decision-making and improved responsivenessw.
Why would an IS auditor be most concerned with the level of experience/skills contained in the knowledge base for an expert system?
Decision errors based on a lack of knowledge could have a severe impact on the organisation.
At what point is best to implement controls to prevent data loss?
During data preperation
What control is best to ensure batch data is completely and accurately transferred between systems?
Control total
In an AI system, why should access to the knowledge base be restricted?
The knowledge base contains information related certain subjects so restricting access and protecting integrity is key
What is a trace utility used for?
To get a picutre of the internal memory’s content at different stages during program execution
What is most cruical for a data warehouse?
Accuracy of the source data, it is a preqequisite
For a project, requirement specifications is the ultimate responsibility of who?
Project sponsor
Who assumes overall responsibility for system development projects?
Project steering committee
