Information Technology Reference
In-Depth Information
would explore the proposal further. The team will include users and IT department and pos-
sibly chaired by a senior member of management depending of the scale of the proposal.
The use of a team is important so that the team can draw different ideas from across the
enterprise. If the project affects the entire enterprise or a large part of the enterprise, it is
recommended to use as chairperson a senior member of management who can not only rep-
resent management but also give the team the required influence and importance.
The feasibility will focus on the problems the proposal will address and how the team in-
tends to address the problem, possible project costs, resource requirements, and the overall
fit into the current operations of the enterprise.
The IS auditor should be part of the feasibility team in order to assist in the understanding
of the requirements of the project and not to influence or have a say in the design of the
system. Project background information will be important to the IS auditor as he prepares
to take on this important role of advising, reviewing controls, security, and user require-
ments on the project.
The IS auditor can, at this stage, carry out preliminary investigations into what type of con-
trols should be considered for the new system or what improvements to the control regime
need to be included into the proposed system. The IS auditor can also look at controls in
existing systems and what overall controls exist in the enterprises.
In order to ensure that the needs of the enterprises are taken care of, the feasibility team
should look at the enterprise business strategy. The new project should not be in conflict
with the business strategy but enhance its implementation.
The other area the team will look at is whether the new system will require introduction of
new business processes or enhancing the current processes. This would be of particular in-
terest to the IS auditor on how these new business processes will be integrated into existing
business processes.
The IS auditor will need to review whether the feasibility analysis is also looking at how
the new system will comply with the enterprise's IT policies and procedures. IT security
policies and procedures are also of important concern to the IS auditor as these will be
translated into security controls when the system is designed and deployed.
Operational requirements should be considered for the new system when conducting the
feasibility study. The IS auditor should have a good understanding of the operations of the
enterprise so that consideration can be made on the implications of introducing new sys-
tems or upgrading existing systems.
There are always important technical and administrative issues to be considered when in-
troducing new systems. It is recommended that these issues are taken care of to avoid hic-
cups during implementation of the project. A good feasibility study will help unearth issues
which need to be addressed and ensure appropriate analysis and conclusions.
Search WWH ::
Custom Search