Information Technology Reference
In-Depth Information
System Requirements Analysis
After conducting a feasibility analysis, the team will have developed an idea of what type
of system the users are proposing to deal with problems the enterprise is facing. The team
is now tasked with the responsibility of determining what resources are required to imple-
ment the new system. The resources would include human, hardware and software, and
financial resources.
Human resources include technical staff who will be involved in the designing, develop-
ment, and implementation of the system. This will also include the IS auditor who will en-
sure that the system requirements are properly defined and meet the needs of the system to
be deployed.
Hardware resources will include servers, workstations, networking equipment, and storage
devices. Software resources would include systems such as databases, operating systems,
utilities, and other supporting software. Each of these systems will need to be analysed in
order to come up with specifications which will be used to procure systems which meet the
proposed system requirements.
The enterprise might have its own internal standards which are used for defining system
requirements. The enterprise might also use international standards for defining system re-
quirements. It is important that standards are used as they help in determining appropriate
standards for system requirements.
Financial resources are an important requirement which can be expressed in the form of a
project budget. The budget should include the above indicated resources and other support
services which would be required to successfully complete the project.
System Specification
This activity involves development of a specification which will be used to design a new
system. A specification is a detailed blueprint of the proposed system. It is used to describe
how the system will be developed, operated, and what type of technical resources will be
required.
This is a very important stage as it also requires the IS auditor to assess the type of security
and controls which have been proposed to be included in the system. The controls may in-
clude input, output, processing, and storage controls.
Input controls would include range checks, format checks, date checks, consistency checks,
and other checks which can be used to validate data being captured.
Output controls also should be considered which address rights to access and produce out-
put. Output authorisation might include output to hard copy or soft copy. Output controls
Search WWH ::
Custom Search