Phases of the System Development Life Cycle (SDLC)

1. Feasibility Study

  • Purpose: Evaluate technical, economic, and social feasibility to determine strategic benefits and ROI.
  • Activities: Identify cost savings, justify business needs, build a business case.
  • Role of IS Auditor:
    • Review documentation for reasonableness.
    • Verify cost justification and benefit schedules.
    • Ensure alternate solutions are reasonable.
    • Validate business needs for system development or acquisition.

2. Requirements Definition

  • Purpose: Define functional, service, and quality requirements.
  • Activities: Gather user inputs, study user needs, and create requirement documents.
  • Role of IS Auditor:
    • Verify representation of affected users and project team members.
    • Review requirements documentation for completeness and accuracy.
    • Validate Data Flow Diagrams (DFD) and specifications.

3a. System Analysis

  • Purpose: Analyze current systems, identify problems, and recommend improvements.
  • Activities: Map current processes, decide system design approaches.
  • Role of IS Auditor:
    • Verify project initiation approval.
    • Ensure vendor proposals cover project scope (for acquisition).
    • Assess embedded audit routines in the design.

3b. System Design

  • Purpose: Finalize system specifications and establish baseline for development.
  • Activities: Define hardware, software, interfaces, databases, and security considerations.
  • Role of IS Auditor:
    • Review system flowcharts and input/output controls.
    • Assess audit trail adequacy.
    • Verify system design completeness and alignment with requirements.

4. Development

  • Purpose: Transform design specifications into a functional system.
  • Activities: Coding, documentation, development of manuals, and quality assurance.
  • Role of IS Auditor:
    • Ensure documentation is complete.
    • Review QA reports and adherence to coding standards.
    • Assess bug reporting and resolution procedures.

Software Escrow: Ensure necessary proprietary materials (e.g., source code, manuals) are safeguarded by a neutral agent.


5. Testing

  • Purpose: Validate system functionality and identify issues.
  • Activities: Perform QA Testing, Integration Testing, and User Acceptance Testing (UAT).
  • Role of IS Auditor:
    • Review test plans and error reports.
    • Verify data integrity during testing.
    • Ensure participation of relevant users in testing.
    • Validate reconciliation of control totals and converted data.

6. Implementation

  • Purpose: Deploy the system using strategies like cut-off, phased, pilot, or parallel implementation.
  • Activities: User sign-off, change control adherence, data conversion validation.
  • Role of IS Auditor:
    • Verify test plans and acceptance sign-offs.
    • Ensure adherence to change control processes.
    • Validate documentation completeness.
    • Verify accurate data conversion.

7. Maintenance

  • Purpose: Ensure system stability, support users, and handle deficiencies or changes.
  • Activities: Record issues, track changes, and measure ROI.
  • Role of IS Auditor:
    • Verify achievement of system objectives.
    • Review cost-benefit realization.
    • Assess system controls and error logs.
    • Validate authorization of system changes.
    • Ensure emergency access controls are adequate.

Similar Posts