Chapter 6-1 IT Governance Chapter 6-2 Accounting Information Systems, 1st Edition Study Objectives 1. An overview of IT governance and its role in strategic management 2. An overview of the system development life cycle (SDLC) 3. The elements of the systems planning phase of the SDLC 4. The elements of the systems analysis phase of the SDLC 5. The elements of the systems design phase of the SDLC 6. The elements of the systems implementation phase of the SDLC 7. The elements of the operation and maintenance phase of the SDLC 8. The critical importance of IT governance in an organization 9. Ethical considerations related to IT governance Chapter 6-3 Introduction to IT Governance How does a company decide, which IT systems are appropriate? which accounting software package to buy? when it has outgrown its accounting software or when to upgrade the software? whether to use IT systems to sell products on the web? whether to establish a data warehouse for analyzing data such as sales trends? whether to use ERP systems or customer relationship management (CRM) software? Chapter 6-4 SO 1 An overview of IT governance and its role in strategic management Introduction to IT Governance IT systems must be strategically managed. Strategic management is the process of determining the strategic vision for the organization, developing the long-term objectives, creating the strategies that will achieve the vision and objectives, and implementing those strategies. Chapter 6-5 SO 1 An overview of IT governance and its role in strategic management Introduction to IT Governance Proper management, control, and use of IT systems is IT governance. IT Governance is defined as: [A] structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes. IT governance provides the structure that links IT processes, IT resources and information to enterprise strategies and objectives. Chapter 6-6 SO 1 An overview of IT governance and its role in strategic management Introduction to IT Governance Management must focus on the following activities: aligning IT strategy with the business strategy cascading strategy and goals down into the enterprise providing organizational structures that facilitate the implementation of strategy and goals insisting that an IT control framework be adopted and implemented measuring IT’s performance Chapter 6-7 SO 1 An overview of IT governance and its role in strategic management Introduction to IT Governance The board and top management must ensure that the organization has processes to accomplish the following: 1. Continually evaluate the match of strategic goals to the IT systems in use. 2. Identify changes or improvements to the IT system. 3. Prioritize the necessary changes to IT systems. 4. Develop the plan to design and implement those IT changes that are of high priority. 5. Implement and maintain the IT systems. 6. Continually loop back to step 1. Chapter 6-8 SO 1 An overview of IT governance and its role in strategic management Introduction to IT Governance Company should have an IT governance committee and a formal process to select, design, and implement IT systems (system development life cycle, or SDLC). Chapter 6-9 SO 1 An overview of IT governance and its role in strategic management Introduction to IT Governance Concept Check IT governance includes all but which of the following responsibilities? a. Aligning It strategy with the business strategy. b. Writing programming code for IT systems. c. Insisting that an IT control framework be adopted and implemented. d. Measuring IT’s performance. Chapter 6-10 SO 1 An overview of IT governance and its role in strategic management An Overview of SDLC The systems development life cycle (SDLC) is a systematic process to manage the acquisition, design, implementation, and Operation and use of IT systems. Maintenance Exhibit 6-1 An Overview of the Systems Development Life Cycle Chapter 6-11 System Planning System Implementation System Analysis System Design SO 2 An overview of the system development life cycle (SDLC) An Overview of SDLC Exhibit 6-2 Process Map of the System Development Life Cycle (SDLC) Chapter 6-12 SO 2 An overview of the system development life cycle (SDLC) Elements of Systems Planning Phase of SDLC IT governance committee must monitor the IT system through feedback about network utilization, security breaches, and reports on the operation of the system. IT governance committee should consider: 1) the assessment of IT systems and their match to strategic organizational objectives, and 2) the feasibility of each of the requested modifications or upgrades. Chapter 6-13 SO 3 The elements of the systems planning phase of the SDLC Elements of Systems Planning Phase of SDLC Exhibit 6-3 System Planning Process Map Chapter 6-14 SO 3 The elements of the systems planning phase of the SDLC Elements of Systems Planning Phase of SDLC Feasibility Study IT governance committee should evaluate the feasibility of each competing proposal. Four feasibility aspects 1. Technical 2. Operational 3. Economic 4. Schedule feasibility Chapter 6-15 SO 3 The elements of the systems planning phase of the SDLC Elements of Systems Planning Phase of SDLC Planning and Oversight of Proposed Changes IT governance committee must decide which of the changes can be undertaken at the current time. Next phases of the SDLC: 1. Formally announce the project. 2. Assign the project team that will begin the next phase, the systems analysis. 3. Budget the funds necessary to complete the SDLC. 4. Continue oversight and management of the project team and proposed IT changes. Chapter 6-16 SO 3 The elements of the systems planning phase of the SDLC Elements of Systems Planning Phase of SDLC Concept Check Which of the following feasibility aspects is an evaluation of whether the technology exists to meet the need identified in the proposed change to the IT system? a. Technical feasibility. b. Operational feasibility. c. Economic feasibility. d. Schedule feasibility. Chapter 6-17 SO 3 The elements of the systems planning phase of the SDLC Elements of Systems Planning Phase of SDLC Concept Check The purpose of the feasibility study is to assist in? a. Selecting software. b. Designing internal controls. c. Designing reports for the IT system. d. Prioritizing IT requested changes. Chapter 6-18 SO 3 The elements of the systems planning phase of the SDLC Elements of Systems Analysis Phase of SDLC Exhibit 6-4 System Analysis Process Map Preliminary Investigation The purpose of the preliminary investigation is to determine whether the problem or deficiency in the current system really exists. “go” or “no-go” decision Chapter 6-19 SO 4 The elements of the systems analysis phase of the SDLC Elements of Systems Analysis Phase of SDLC System Survey A systems survey requires collecting data about the current system, including the following: Inputs Data storage Outputs Transaction volumes Processes Errors Controls Chapter 6-20 SO 4 The elements of the systems analysis phase of the SDLC Elements of Systems Analysis Phase of SDLC Determination of User Requirements To gain a complete understanding of the system under study, the project team should not only observe and review documentation, but also seek the opinions and thoughts of those who use the system. Interviews Questionnaires Chapter 6-21 SO 4 The elements of the systems analysis phase of the SDLC Elements of Systems Analysis Phase of SDLC Analysis of the System Survey Analysis phase is the critical-thinking stage. In many cases, the analysis phase may lead to business process reengineering (BPR). “ fundamental rethinking and radical redesign of business processes to bring about dramatic improvements” in performance. Chapter 6-22 SO 4 The elements of the systems analysis phase of the SDLC Elements of Systems Analysis Phase of SDLC System Analysis Report The report to inform the IT governance committee of the results of the systems survey, user needs determination, and BPR. Chapter 6-23 SO 4 The elements of the systems analysis phase of the SDLC Elements of Systems Analysis Phase of SDLC Concept Check Which phase of the system development life cycle includes determining user needs of the IT system? a. Systems planning. b. Systems analysis. c. Systems design. d. Systems implementation. Chapter 6-24 SO 4 The elements of the systems analysis phase of the SDLC Elements of Systems Design Phase of SDLC Purchased Software Exhibit 6-5 System Design Process Map for Purchased Software Chapter 6-25 SO 5 The elements of the systems design phase of the SDLC Elements of Systems Design Phase of SDLC When evaluating each proposal, the IT governance committee should consider: 1. Price of software or software modules 2. Match of system and user needs to features of the software 3. Technical, operational, economic, and schedule feasibility 4. Technical support provided by the vendor 5. Reputation and reliability of the vendor 6. Usability and user friendliness of the software 7. Testimonials from other customers Chapter 6-26 SO 5 The elements of the systems design phase of the SDLC Elements of Systems Design Phase of SDLC In-House Design Chapter 6-27 Exhibit 6-6 System Design Process Map for In-House Design SO 5 The elements of the systems design phase of the SDLC Elements of Systems Design Phase of SDLC Conceptual Design Involves identifying the alternative conceptual design approaches to systems that will meet the needs identified in the system analysis phase. Chapter 6-28 SO 5 The elements of the systems design phase of the SDLC Elements of Systems Design Phase of SDLC Evaluation and Selection Feasibility assessments are: 1. Technical feasibility 2. Operational feasibility 3. Economic feasibility 4. Schedule feasibility In most cases, the cost–benefit analysis is the most important of the four tests. Chapter 6-29 SO 5 The elements of the systems design phase of the SDLC Elements of Systems Design Phase of SDLC Detailed Design The purpose of the detailed design phase is to create the entire set of specifications necessary to build and implement the system. The various parts of the system that must be designed are the outputs, data storage, and inputs, internal controls. Processes, Chapter 6-30 SO 5 The elements of the systems design phase of the SDLC Elements of Systems Design Phase of SDLC Concept Check A request for proposal (RFP) is used during the? a. Phase-in period. b. Purchase of software. c. Feasibility study. d. In-house design. Chapter 6-31 SO 5 The elements of the systems design phase of the SDLC Elements of Systems Implementation Phase Exhibit 6-7 Implementation and Operation Process Map Parallel Direct cutover Phase-in Pilot Chapter 6-32 SO 6 The elements of the systems implementation phase of the SDLC Elements of Systems Implementation Phase Concept Check Which of the following steps within the systems implementation phase could not occur concurrently with other steps, but would occur at the end? a. Employee training. b. Data conversion. c. Software programming. d. Post-implementation review. Chapter 6-33 SO 6 The elements of the systems implementation phase of the SDLC Elements of Systems Implementation Phase Concept Check Each of the following are methods for implementing a new application system except a. Direct cutover conversion. b. parallel conversion. c. Pilot conversion. d. Test method conversion. Chapter 6-34 SO 6 The elements of the systems implementation phase of the SDLC Elements of the Operation and Maintenance Phase Management should receive regular reports regarding the performance of the IT system. Examples of reports are: IT performance IT load usage and excess capacity Downtime of IT systems Maintenance hours on IT systems IT security and number of security breaches or problems IT customer satisfaction, from both internal and external customers. Chapter 6-35 SO 7 The elements of the operation and maintenance phase of the SDLC Elements of the Operation and Maintenance Phase Concept Check The use of the SDLC for IT system changes is important for several reasons. Which of the following is not a part of the purposes of the SDLC processes? a. As a part of strategic management of the organization. b. As part of the internal control structure of the organization. c. As part of the audit of an IT system. d. As partial fulfillment of management’s ethical obligations. Chapter 6-36 SO 7 The elements of the operation and maintenance phase of the SDLC Critical Importance of IT Governance Three major purposes are served by the continual and proper use of the IT governance committee and the SDLC: 1. The strategic management process of the organization 2. The internal control structure of the organization 3. The fulfillment of ethical obligations Chapter 6-37 SO 8 The critical importance of IT governance in an organization Ethical Considerations Related to IT Governance Management has an ethical obligation to maintain a set of processes and procedures that assure accurate and complete records and protection of assets. Employees should not subvert the process. Consultants have at least four ethical obligations: 1. Bid the engagement fairly, and completely disclose the terms of potential cost increases. 2. Bill time accurately to the client. 3. Do not oversell unnecessary services or systems. 4. Do not disclose confidential or proprietary information. Chapter 6-38 SO 9 Ethical considerations related to IT governance Ethical Considerations Related to IT Governance Concept Check Confidentiality of information is an ethical consideration for which of the following party or parties? a. Management. b. Employees. c. Consultants. d. All of the above. Chapter 6-39 SO 9 Ethical considerations related to IT governance Copyright Copyright © 2008 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein. Chapter 6-40