pertemuan 15 matakuliah: a0214/audit sistem informasi tahun: 2007
Post on 22-Dec-2015
229 views
TRANSCRIPT
Bina Nusantara
Software Acquisition Process• Defining the information and system
requirements• Identifying various alternatives• Performing a feasibility analysis• Conducting a risk analysis• Defining ergonomic requirements• Carrying out the selection process• Procuring the selected software• Completing final accpetance
Bina Nusantara
Reviewing software Acquisitions• Alignment with the company’s business and IT strategy• Definition of the information requirements• Feasibility studies (cost, benefits, etc)• Identification of functionality, operational acceptance, and
maintenance requirements• Conformity with existing information and system architecture• Adherence to security and control requirements• Knowledge of available solutions• Understanding of the related acquisition and implementation
methodologies• Involvement and buy in form the user• Supplier requirements and viability
Bina Nusantara
Alignment with the Company’s Business and IT Strategy
• Should support the organization’s business and IT strategy
• The business requirements associated with the solution being sought should link to goals and objectives identified in the company’s business and IT strategy
Bina Nusantara
Definition of the information requirements
• System and information requirements should be evaluated to determine if they are current and complete.
• The fast pace of business, requirements can change quickly.
• Prototypes
Bina Nusantara
Risk associated with prototyping• Incomplete system design• Inefficient processing performance• Inadequate application controls• Inadequate documentation• Ineffective implementations
Bina Nusantara
Feasibility Studies• Should be reviewed to ensure that the selected solution not
only meets the requirements but also is compared and contrasted with the feasibility of the other solutions.
• Economic feasibility– Should be reviewed and approved by an involved and
knowledgeable sponsor prior to the final decision to ensure that the “make versus buy” question is effectively evaluated.
• Technical feasibility– Should be reviewed and approved by an involved and
knowledgeable sponsor prior to the final decision to ensure the organization’s ability to implement and support the selected solution
Bina Nusantara
Identification of functionality, operational acceptance, and maintenance requirements
• Specific detailed measures• Inspections• Functional tests• Workload trials• User requirements• Performance expectations• Term of contract
Bina Nusantara
Conformity with existing information and system architecture
• This control is directly correlated with the evaluation of technical feasibility and the business information elements.
Bina Nusantara
Adherence to security and control requirements
• A complete understanding of the company’s security and control requirements is needed to ensure that the selected solution is appropriate
• Company security policies and applicable regulations need to be reviewed during the selection process to ensure that security and control requirements are considered in the selection process
• System acquisitions and implementations become more difficult when these requirements are not well understood or documented. The result will be missed security functionality or poorly implemented security.
Bina Nusantara
Knowledge of Available Solutions• System development and acquisition efforts become
more focused on a specific solution due to the knowledge or experience of the participants.
• By focusing on a specific end result, other alternative are not considered. By not considering other alternatives, the selected solution may increase cost, scope, or the timeline for the project because they did not meet basic requirements such as incompatibility with the current company infrastructure or business practice.
Bina Nusantara
Understanding of the related acquisition and implementation
methodologies• Acquisition methods• Selected implementation methods
Bina Nusantara
Involvement and buy in form the user• User involvement and buy in is critical• Without user involvement, requirements will be
missed and they will not support new systems.• Increases awareness of the criticality of user
support and buy in. • System implementation success relies on
effective communication.
Bina Nusantara
Supplier requirements and viability• The acquisition process should ensure that the
selected vendor meets the vendor requirements of the organization as outlined in the proposal. – Stability of the vendor company– Volatility of system upgrades– Existing customer base– Vendor’s ability to provide support– Required software in support of the vendor application– Required modifications of the base software