Chapter 27 - Design, Acquisition, and Development of Information Technology and Systems - Overview PDF

# Chapter 27: Design, Acquisition, and Development of Information Technology and Systems - Overview ## Design, Acquisition, and Development of Information Technology and Systems - Overview ### Software development life cycle - Phase 1: Initial feasibility study - Phase 2: Requirements analysis - Phase 3: Application design/selection - Phase 4: Implementation - Phase 5: Maintenance and system changes ### Components of IT infrastructure - **Hardware:** Physical elements of IT infrastructure, including computers, servers, monitors, printers, and scanners. - **Software:** Applications that tell the hardware how to function by gathering, organizing, and manipulating input data. - **Storage:** Components needed to save digital data for future retrieval - **Networks:** Allow computers to communicate with each other and facilitate the distribution of data and other resources. - **Security:** Protects IT systems and networks from theft, disruption, damage, and data leaks. - **Facilities:** Physical location where the IT systems are kept, including offices, network facilities, manufacturing facilities, and off-site storage facilities. ## Lesson 1: IT Infrastructure and the System Development Life Cycle ### Technical competencies: - 3.1.1: Evaluates management information requirements - 3.1.2: Documents and assesses business processes, systems and data requirements and recommends improvements to meet information needs - 3.5.1: Performs sensitivity analysis ### Learning outcomes: - Describe the components of information technology infrastructure. - Discuss how information technology infrastructure is managed by an organization. - Discuss the five phases of the system development life cycle. - Discuss cost-benefit analysis considerations in the systems development life cycle. ## 27.1 IT infrastructure Information technology (IT) infrastructure includes the components required to develop, test, execute, monitor, control, and support IT services. - **Hardware:** Refers to the physical elements of an IT system, including computers, servers, monitors, printers, and scanners. - **Software:** Is the technology that tells the hardware how to function. It gathers, organizes, and manipulates input data. Xero Accounting is an example of cloud computing software used in an accounting information system. - **Storage:** Consists of the components needed to save digital data for future retrieval. This includes internal storage, such as random access memory (RAM) and hard disk drives; external storage, such as flash drives or compact discs; and cloud storage. - **Networks:** Allow computers to communicate with each other, and they facilitate the distribution of data and other resources among the various users of the system. - **Security:** Refers to the protection of IT systems and networks from theft, disruption, damage, and data leaks. Security is generally accomplished through firewalls, user access controls, and intrusion detection systems. - **Facilities:** Include the physical location where the IT systems are kept, including offices, network facilities, manufacturing facilities, and off-site storage facilities. ## 27.1.1 Managing IT infrastructure In today's business environment, organizations principally rely on technology for managing information. As a result, it is essential that the organization implements and adequately maintains proper controls over the information systems that support ongoing performance monitoring, operations, and strategic decision-making. Such controls must ensure the following: - Systems can only be accessed by those with proper authority and should have sufficient controls over who can read information and who can modify it. This includes safeguarding data from external organizations as well as ensuring that only authorized internal staff can access and change files. - Adequate backup processes are in place to protect data from corruption or loss, and recovery plans are sufficient (and tested) to ensure business continuity in the event of a disaster or major system failure. - Systems comply with legal requirements, such as privacy protection for employee and customer data. - Data processing is reliable and accurate, so that data integrity is maintained. - Legacy systems (outdated systems still in use because replacing them is too costly or is otherwise infeasible) are integrated in a manner that ensures accuracy. ## 27.2 Introduction to systems development life cycle In order for organizations to successfully acquire, design, develop, and/or implement software and hardware platforms, they require a structured process called the systems development life cycle (SDLC). - **Initial feasibility study:** A need has been identified, and something has been found to address that need. A feasibility study is done to determine the strategic benefits of developing or acquiring a system, and to identify the best solution. The business case is developed if the feasibility study indicates the system will address the problem, and includes items like the cost, timeline, and benefits of the project. The project moves ahead when the business case is approved. - **Requirements analysis and definition:** Stakeholders and the project team determine the specific resource and technical requirements for the system, including information needs, functional requirements, capacity requirements, user requirements, and number of users. - **Application design/selection:** For a system that is being developed internally, system design includes determining how information will flow through the system, documenting the system processes and database design, and developing test plans and implementation plans. In this phase, it is important to obtain user feedback to reduce end-user resistance to the new way of doing things. Some organizations choose to purchase an off-the-shelf system rather than design it internally. In this situation, the focus is on selecting an appropriate system and configuring it to meet the needs of the users and organization. - **Implementation:** Common methods of implementing a new system include: - **Direct cutover:** After testing is complete, the old system is shut down and the new system is implemented immediately. - **Modular or pilot-study changeover:** The new system is used in a limited manner to start, such as a single department. Once that is successful, the new system is then implemented for the rest of the organization. - **Phased changeover:** The new system is implemented in steps, such as one department at a time. - **Maintenance and system changes:** A post-implementation evaluation is often performed to identify both what was done well and areas for improvement throughout the entire systems development process. The information gathered in this evaluation can be used to develop a plan for future system changes. System maintenance is required to ensure the system continues to work as required. This involves fixing errors identified by users and adapting the system to changing requirements. ## 27.2.1 Cost-benefit analysis Cost-benefit analysis involves assessing the economic feasibility of a system. Is the system worth the costs that will be required to develop it? - Initially, when costs and future cash flows are estimated, financial tools like net present value can be used to assess the economic feasibility of a project. As costs become firmer, the analysis can be updated with new figures to validate the continued economic success of the project. It is usually quite straightforward to indicate the cost savings of a new IT project, such as replacing three instant messaging applications in the organization with one. - The most troublesome aspect of cost-benefit analysis is measuring the intangible benefits of computer systems. One way to measure intangible benefits is to express them in monetary terms. This technique is not always satisfactory, because monetary values assigned to intangible benefits can be arbitrary, and these measurements can make a significant difference in the decision to accept or reject a system proposal. - Another approach is to use a tangible benefit as a substitute for the intangible benefit. ## Lesson 2: Design, Acquisition, and Development of Information Technology and Systems - Overview - Summary Problem ### Technical competencies - 3.1.1: Evaluates management information requirements - 3.1.2: Documents and assesses business processes, systems and data requirements and recommends improvements to meet information needs - 3.5.1: Performs sensitivity analysis ### Learning outcome: - Determine issues and implications of system design and implementation, and make recommendations. ### Summary Problem Figaro Ltd. is considering replacing its manual sales invoice process with a new system that generates invoices automatically based on sales made. The organization will develop the new system internally if it goes ahead with the project. #### Required - Describe the five phases of the SDLC that Figaro will go through in the development of a new sales invoice system. - Briefly describe controls Figaro may use to manage its IT infrastructure. #### Solution: - The phases in the SDLC include: - **Initial feasibility study:** Figaro has identified the need for a system that automatically generates sales invoices. A feasibility study will consider the strategic benefits of a new system and identify a solution. A business case is then created that discusses the costs of the project, a timeline, a project team, and benefits to the organization of a sales invoice system. - **Requirements analysis and definition:** In this phase, the technical requirements for the system are developed, including information needs, functional requirements, capacity requirements, user requirements, and number of users. - **Application design:** In this phase, Figaro will design the new system so that it meets the user needs that were identified in the previous phase. The system is also documented and tested to ensure the system prepares sales invoices in the manner expected, and the new systems functions with the existing system. - **Implementation:** Figaro will implement the system. Since there is no previous computerized system, Figaro will start using the new system when it is ready, but it can continue to use the old manual system for a short period of time to ensure the new system can accurately create sales invoices. - **Maintenance and system changes:** After implementation, Figaro must address any errors or changing requirements of the users of the system. In addition, a post-implementation review could be performed to determine what the organization did well and what needs improvement when future systems are developed. - To protect its IT infrastructure, Figaro may implement controls such as: - Backup controls to protect the organization from data loss as a result of data corruption, acts of nature, or theft. - Access controls to ensure that only the appropriate employees have access to the information required to perform their duties. - In addition, the SDLC is performed so that systems that have been replaced are integrated so that data is not lost, and data is processed reliably and accurately within the new system. ## **End-of-Chapter Practice** ### Practice Problems #### Practice Problem 1 (25 minutes) The Poison Response Line (PRL) is a publicly funded emergency health service that offers advice on poisoning-related emergencies 24 hours per day. For example, a parent who thinks that their child may have swallowed a poisonous substance can call the PRL and receive immediate advice. If needed, the PRL can also dispatch emergency services, such as an ambulance or an environmental containment team in the case of a chemical spill. The PRL is currently using an out-of-date information system to track poisons and to log calls. The current system frequently freezes, and it also requires the same data to be entered in several places. In addition, there are no access controls built into the system, so all employees log in under the same credentials! It is therefore impossible to track which employee logged a call. For these reasons, the PRL’s board of directors has decided to urgently replace its information system with a new system that will both track poisons and log calls. #### **Required:** - Describe the systems development life cycle (SDLC) phases as they apply to the PRL’s new information system, including possible methods of implementation. - Describe factors the PRL needs to consider: - From a control perspective (Hint: Consider how the PRL will ensure system reliability) - From a strategic perspective (Hint: Consider how the PRL will enhance its services to the community) - The type of conversion is most appropriate given the PRL’s needs. #### Solution to Practice Problem 1 - **Competencies:** - 3.1.1: Evaluates management information requirements (Entry Level B) - 3.1.2: Documents and assesses business processes, systems and data requirements and recommends improvements to meet information needs (Entry - Level C) - **Knowledge Item:** - Systems life cycle - Role of the accountant/business advisor/auditor and typical steps in the systems life cycle (Entry - Level C) - Systems testing (internal audit function) and management of data conversion (Entry-Level C) - **The systems development life cycle (SDLC) for the PRL includes the following phases:** - **Initial feasibility study:** In this stage, the need for a new system is identified, which has already occurred for the PRL. An initial feasibility is performed to determine the strategic benefits of a new system and to identify the best solution. A business case is then developed with details such as the cost, timeline, and benefits of the new system. The PRL’s board would need to approve the business case, so that the project can move forward. - **Requirements analysis and definition:** Each of the PRL’s stakeholders is considered, including employees using the system and external parties, such as emergency services or environmental containment teams. Stakeholders identify their information needs and functional requirements, to ensure that the system that meets the users’ needs. For the PRL, this includes the ability to track poisons and to log calls and access controls, and to ensure that each employee has a unique user ID. - **Application design:** The system will be designed based on the requirements identified in the previous stage, including determining how information will flow, creating the database, and designing documentation. The system must also be tested extensively by the PRL’s users in this stage to ensure that it meets their needs. - **Implementation:** In this stage, the PRL will implement the new system, using a method such as: - **Parallel conversion:** Both the new system and the old system are run simultaneously for a period of time to ensure that the new system functions as expected. - **Direct cutover:** The new system is implemented, and the old system is shut down immediately. - **Modular or pilot-study changeover:** One department implements the new system as a pilot study, and then the rest of the organization implements the new system later. - **Phased changeover:** The new system is implemented one department at a time. - **Maintenance and system changes:** After implementation, the PRL may initiate a post-implementation evaluation to identify what was done well and what could be improved. The PRL must also perform system maintenance in the future. This includes fixing errors and making minor changes based on new user requirements. This also includes ensuring that the system updates are downloaded/implemented in a timely manner. - **Factors the PRL needs to consider:** - **From a control perspective:** The PRL needs to ensure that any new system has guaranteed reliability. Also, effective controls must be in place to keep the integrity of the data being captured and relied on by staff who are guiding the public. A key part of these controls will be access controls, ensuring that each user has a unique user ID with access to specific tasks that are based on the user’s profile, and that passwords are required. Validity checks that require certain parameters to be met before the data will be processed can also be built into the system. - **From a strategic perspective:** The PRL can use an updated system to enhance its services to the community. Perhaps it can incorporate more online tools to provide general information and education, to help concerned citizens learn how to reduce the risk of poisoning in the home. Another possibility may be tracking where calls are coming from. If there is a high instance of calls from one area, a targeted marketing campaign could be launched to increase awareness of poison-related risks, to reduce the number of calls coming from that area. - **The type of conversion:** The PRL is more likely to run a parallel conversion system than other businesses are because of the critical nature of its service. The added cost is justified to make sure that the new system is working and reliable before the old system is discontinued.

Chapter 27 - Design, Acquisition, and Development of Information Technology and Systems - Overview PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue