Attendance Monitoring System: Systems Development Life Cycle
Systems Development Life Cycle and IT Audits | | Tommie W. Singleton, Ph.D., CISA, CMA, CPA, CITP
In systems development, the temptation to skip certain prescribed tasks associated with documentation, combined with the fastpaced life of IT professionals, can create an environment that is not able to properly employ the best practices of systems development. However, the employment of best practices has proven over the years to provide returns in both efficiencies and effectiveness.
In all types of audit, the employment of any set of “best practices” is generally seen by auditors as a positive impact on the quality of the information, systems or operations being audited. In the case of the systems development life cycle (SDLC), some practices provide additional benefits in terms of IT audits. Specifically, throughout the steps in the SDLC, documentation is being created that provides valuable potential sources of evidence for IT auditors. In other words, employing SDLC as it is prescribed in the industry is a control.
In this article, the conventional phases of the SDLC—and how each one can provide this potential evidence—will be discussed. Different groups use different lists of steps in the SDLC, but almost all agree on the same elements. Herein, a list of eight phases is used to demonstrate this process of analyzing an entity’s SDLC. A summary of six of the eight phases and examples of related documentation are depicted in figure 1. Other documentation should exist; those contained in the figure are for illustrative purposes.
Phase One: Systems Planning
In phase one, systems are planned using a strategic approach. Executives and others evaluate the effectiveness of systems in terms of meeting the entity’s mission and objectives. This process includes general guidelines for system selection and systems budgeting. Management develops a written long-term plan for systems that is strategic in nature. The plan will change in a few months, but much
In systems development, the temptation to skip certain prescribed tasks associated with documentation, combined with the fastpaced life of IT professionals, can create an environment that is not able to properly employ the best practices of systems development. However, the employment of best practices has proven over the years to provide returns in both efficiencies and effectiveness.
In all types of audit, the employment of any set of “best practices” is generally seen by auditors as a positive impact on the quality of the information, systems or operations being audited. In the case of the systems development life cycle (SDLC), some practices provide additional benefits in terms of IT audits. Specifically, throughout the steps in the SDLC, documentation is being created that provides valuable potential sources of evidence for IT auditors. In other words, employing SDLC as it is prescribed in the industry is a control.
In this article, the conventional phases of the SDLC—and how each one can provide this potential evidence—will be discussed. Different groups use different lists of steps in the SDLC, but almost all agree on the same elements. Herein, a list of eight phases is used to demonstrate this process of analyzing an entity’s SDLC. A summary of six of the eight phases and examples of related documentation are depicted in figure 1. Other documentation should exist; those contained in the figure are for illustrative purposes.
Phase One: Systems Planning
In phase one, systems are planned using a strategic approach. Executives and others evaluate the effectiveness of systems in terms of meeting the entity’s mission and objectives. This process includes general guidelines for system selection and systems budgeting. Management develops a written long-term plan for systems that is strategic in nature. The plan will change in a few months, but much