Pertemuan 15

Matakuliah : A0214/Audit Sistem Informasi Tahun : 2007

Bina Nusantara

SOFTWARE ACQUISITON

Bina Nusantara

Software Acquisition Process• Defining the information and system

requirements• Identifying various alternatives• Performing a feasibility analysis• Conducting a risk analysis• Defining ergonomic requirements• Carrying out the selection process• Procuring the selected software• Completing final accpetance

Bina Nusantara

Reviewing software Acquisitions• Alignment with the company’s business and IT strategy• Definition of the information requirements• Feasibility studies (cost, benefits, etc)• Identification of functionality, operational acceptance, and

maintenance requirements• Conformity with existing information and system architecture• Adherence to security and control requirements• Knowledge of available solutions• Understanding of the related acquisition and implementation

methodologies• Involvement and buy in form the user• Supplier requirements and viability

Bina Nusantara

Alignment with the Company’s Business and IT Strategy

• Should support the organization’s business and IT strategy

• The business requirements associated with the solution being sought should link to goals and objectives identified in the company’s business and IT strategy

Bina Nusantara

Definition of the information requirements

• System and information requirements should be evaluated to determine if they are current and complete.

• The fast pace of business, requirements can change quickly.

• Prototypes

Bina Nusantara

Risk associated with prototyping• Incomplete system design• Inefficient processing performance• Inadequate application controls• Inadequate documentation• Ineffective implementations

Bina Nusantara

Feasibility Studies• Should be reviewed to ensure that the selected solution not

only meets the requirements but also is compared and contrasted with the feasibility of the other solutions.

• Economic feasibility– Should be reviewed and approved by an involved and

knowledgeable sponsor prior to the final decision to ensure that the “make versus buy” question is effectively evaluated.

• Technical feasibility– Should be reviewed and approved by an involved and

knowledgeable sponsor prior to the final decision to ensure the organization’s ability to implement and support the selected solution

Bina Nusantara

Identification of functionality, operational acceptance, and maintenance requirements

• Specific detailed measures• Inspections• Functional tests• Workload trials• User requirements• Performance expectations• Term of contract

Bina Nusantara

Conformity with existing information and system architecture

• This control is directly correlated with the evaluation of technical feasibility and the business information elements.

Bina Nusantara

Adherence to security and control requirements

• A complete understanding of the company’s security and control requirements is needed to ensure that the selected solution is appropriate

• Company security policies and applicable regulations need to be reviewed during the selection process to ensure that security and control requirements are considered in the selection process

• System acquisitions and implementations become more difficult when these requirements are not well understood or documented. The result will be missed security functionality or poorly implemented security.

Bina Nusantara

Knowledge of Available Solutions• System development and acquisition efforts become

more focused on a specific solution due to the knowledge or experience of the participants.

• By focusing on a specific end result, other alternative are not considered. By not considering other alternatives, the selected solution may increase cost, scope, or the timeline for the project because they did not meet basic requirements such as incompatibility with the current company infrastructure or business practice.

Bina Nusantara

Understanding of the related acquisition and implementation

methodologies• Acquisition methods• Selected implementation methods

Bina Nusantara

Involvement and buy in form the user• User involvement and buy in is critical• Without user involvement, requirements will be

missed and they will not support new systems.• Increases awareness of the criticality of user

support and buy in. • System implementation success relies on

effective communication.

Bina Nusantara

Supplier requirements and viability• The acquisition process should ensure that the

selected vendor meets the vendor requirements of the organization as outlined in the proposal. – Stability of the vendor company– Volatility of system upgrades– Existing customer base– Vendor’s ability to provide support– Required software in support of the vendor application– Required modifications of the base software