Domain 3 - IS Acquisition, Dev, & Implementation Flashcards
Methods that estimate project duration or timelines
PERT/CPM (PERT is first preference)
What helps schedule/monitor progress of a project (simply)?
Gantt chart
What helps monitor the progress of a project with detail around budget/actual/estimates?
EVA - earned value analysis
What technique estimates the size of software development efforts? (Indirect measure)
FPA (function point analysis)
What prevents cost overruns and delivery delays?
Timebox management
Zero slack time =
Overall completion time - time for activity
(Critical activity)
Which phase should a proper plan and strategy for new systems be developed ?
The design phase
Scope creep
Uncontrolled project scope due to continuous changes in project requirements
- major factor in project failure
Waterfall approach
-Most common method of software development
-for stable and well defined projects
-after completion of each stage, testing is done before moving on to next stage
System development life cycle (SDLC) phases
1) feasibility study
2) requirements definition
3A) software selection & acquisition (purchased systems)
3B) design (in-house development)
4A) configuration (purchased)
4B) development (in-house)
5) final testing and implementation
6) post implementation review
What develops systems quickly while reducing costs and maintaining quality ?
RAD - rapid application development
Prototypes (RAD approach)
Provides time and costs savings
Most effective testing method for prototype
Top down approach
Major risk to agile development
Lack of documentation
Major benefit of (OOSD) object oriented system development
Ability to reuse objects/modules
OOSD Polymorphism
Same message is interpreted differently 2 or more objects
OOSD encapsulation
Permits enhanced degree of security over data
Difference between reengineering and reverse engineering
Reengineering- updates a system
Reverse engineering- produces a similar system
Major benefit of component based development ?
Ability to support multiple development environments
Important characteristic to the agile approach
A systematic review after the completion of each iteration to identify areas of improvement
The prototyping approach is used to design:
Screens, interactive edits, and sample reports
What detects transposition and transcription errors and ensure data accuracy ?
Check digit
What detects transmission errors and ensures data integrity and COMPLETENESS?
Parity Bit
What is the same as parity bit but used for more complex errors?
Checksum
Most advanced version of parity and checksum
CRC cyclical redundancy checksums
Forward error control
Same as CRC but corrects the error
Objective - to correct data transmission error
Automated system balancing
Reconciles total input and total output; helps determine if any transactions are lost during processing
Data integrity principles of ACID
Atomicity
Consistency
Isolation
Durability
Atomicity
Transaction is processed completely or not at all
Consistency
All integrity conditions applied to each transaction
Isolation
Each transaction should be separated from other transactions
Durability
Database should be resilient enough to survive any system failure
What is best to prevent duplication of vouchers during data entry
Sequence check
DSS (decision support system) enables
Flexibility in the users approach to decision-making
Main risk of DSS
Inability to specify purpose and usage patterns
When reviewing the DSS, an IS auditor should be most concerned with
The level of skills and experiences contains in the knowledge base
White box approach
-Applied in unit testing
-Testing of internal program logic
Recovery testing
Checking systems ability to recover after a hardware or software failure
Security testing
Testing of appropriate access control and other security measures
Load testing
Testing of performance of systems during peak hours (processing large quantity of data)
Volume testing
Testing to determine max volume of records/data the application can handle
Stress testing
Testing to determine the max number of concurrent users/services the application can process
-best to use live data in a test environment
Performance testing
Comparing the performance of the system to other equivalent systems using well defined benchmarks
Regression testing
Ensures changes or corrections in a program have not introduced new errors
Sociability testing
Ensures new or modified system can work in a specific environment w/o greatly impacting the existing system
Parallel testing
Ensures implementation of new system meets user requirements
Parallel changeover (cutover)
-When both a new and old system are running simultaneously to test reliability and performance of new system before discontinuing old.
-greatest redundancy (duplication)
Abrupt (direct) changeover
New system is implemented and old system is taken off immediately; riskiest changeover
Checksum ensures
Integrity
Stress testing should be carried out in a:
Test environment using live workloads
Unit testing
Development stage / white box approach
Integrated/interface testing
Testing of 2 or more modules or components that pass info from one area to another (connection)
System testings (6)
Recovery, security, load, volume, stress, performance
Hash totals
Help detect errors in data processing; indicates an error in data integrity
Functional acknowledgments
One of the main controls used in data mapping; acts as an audit trail for EDI transactions
3 primary dimensions of a project
Deliverables
Allocated resources
Delivery time
EUCs may not be subject to
Testing and IT general controls
When using agile development, what should be found during review
Postiteration reviews that identify lessons learned for future use in the project
