Online Courses
IS Auditing, Controls and Assurance
Online Courses
IS Auditing, Controls and Assurance
  • Information Systems Auditing, Controls and Assurance
  • Introduction to Information Systems (IS) Auditing
    • Risk in Information Systems (IS)
    • Risk Management Process
    • Identify Internal Controls
    • Quiz
  • General IS Audit Procedures
    • Understant the audit areas/subjects
    • Compliance Testing and Substantive Testing
    • Practice Quiz
    • Evidence
    • ISACA Outlines Five Steps to Planning an Effective IS Audit Program
    • Quiz
  • Business Application Development and the Roles of IS Auditors
    • What is business application development process / Systems Development Life Cycle (SDLC)?
      • SDLC Models
    • Feasibility and Requirements
    • Design and Selection
    • Development and Configuration
    • Configuration - Input/Output Controls
    • Implementation
    • Post-Implementation Review
    • Risks Associate with Application Development
    • Role of IS Auditor in SDLC
    • Quiz
  • IS Maintenance and Control
    • IS Maintenance Practices
    • Change Management
    • Documentation
    • Emergency Changes
    • IS Controls
    • Quiz
Powered by GitBook
On this page
  1. Business Application Development and the Roles of IS Auditors

Risks Associate with Application Development

When we develop software, the most important people we need to consider are the users. If the users are not happy with the system, it won't last long. The highest risk in software development is when users don't feel comfortable or don't like the system.

To address this risk, we need to communicate with the users during the requirement phase and get their feedback. We should also do a final user acceptance test to make sure the users feel comfortable with the system. This is important because even if we put a lot of time and effort into developing a system with many features, it won't matter if the users don't like it.

There are other risks associated with software development as well. One risk is called "scope creep", which happens when users or management keep adding new features or modules to the system during the development phase. This can make the system more complex and increase the risk of failure.

There are also risks within the project, with suppliers, within the organization, and in the external environment. For example, if we don't follow proper system development guidelines or do good project management, it can be a risk within the project. If suppliers don't provide the modules we need in a timely manner or with good quality, it can be a risk with suppliers. If there are changes in senior management during the development process, it can be a risk within the organization. And if competitors develop a better system or there are changes in economic conditions or regulations, it can be a risk in the external environment.

To reduce these risks, we should spend a lot of time on the requirement phase, communicate with all the users and stakeholders, and do feasibility studies. It's also important to review and learn from past system implementations to improve future development processes.

PreviousPost-Implementation ReviewNextRole of IS Auditor in SDLC

Last updated 9 months ago