Share:
View:
4936
Apr 24, 2020
PART 1 – CISA Domain 3 – Information Systems Acquisition, development and implementation
- Overall understanding of Domain 3
- What is benefits realization?
- What is portfolio management?
- What is Business case development and approval?
- What are the business realization techniques?
Overall understanding of the domain:
Weightage – This domain constitutes 18 percent of the CISA exam (approximately 27 questions)
Covers 14 Knowledge statements covering the process of auditing information systems
- Knowledge of benefits realization practices, (e.g., feasibility studies, business cases, total cost of ownership [TCO], return on investment [ROI])
- Knowledge of IT acquisition and vendor management practices (e.g., evaluation and selection process, contract management, vendor risk and relationship management, escrow, software licensing) including third-party outsourcing relationships, IT suppliers and service providers.
- Knowledge of project governance mechanisms (e.g., steering committee, project oversight board,
- project management office)
- Knowledge of project management control frameworks, practices and tools
- Knowledge of risk management practices applied to projects
- Knowledge of requirements analysis and management practices (e.g., requirements verification, traceability, gap analysis, vulnerability management, security requirements)
- Knowledge of enterprise architecture related to data, applications, and technology (e.g., web-based applications, web services, n-tier applications, cloud services, virtualization)
- Knowledge of system development methodologies and tools including their strengths and weaknesses (e.g., agile development practices, prototyping, rapid application development [RAD], object-oriented design techniques, secure coding practices, system version control)
- Knowledge of control objectives and techniques that ensure the completeness, accuracy, validity and authorization of transactions and data
- Knowledge of testing methodologies and practices related to the information system development life cycle (SDLC)
- Knowledge of configuration and release management relating to the development of information systems
- Knowledge of system migration and infrastructure deployment practices and data conversion tools, techniques and procedures
- Knowledge of project success criteria and project risk
- Knowledge of post-implementation review objectives and practices (e.g., project closure, control implementation, benefits realization, performance measurement)
Important concepts from exam point of view:
The objectives of benefits realization are
- Is to ensure that IT and the business fulfill their value management responsibilities
- IT-enabled business investments achieve the promised benefits and deliver measurable business value
- Required capabilities (solutions and services) are delivered on time and within budget
2. Portfolio/Program Management:
|
The objectives of project portfolio management are:
- Optimization of the results of the project portfolio (not of the individual projects)
- Prioritizing and scheduling projects
- Resource coordination (internal and external)
- Knowledge transfer throughout the projects
3. Business case development and approval:
|
- A business case provides the information required for an organization to decide whether a project should proceed
- A business case is the first step in a project or a precursor to the commencement of the project
- The business case should also be a key element of the decision process throughout the life cycle of any project
- The initial business case would normally derive from a feasibility study undertaken as part of project initiation/planning
- The feasibility study will normally include the following six elements:
- Project Scope – defines the business problem and/or opportunity to be addressed
- Current Analysis – defines and establishes an understanding of a system, a software Product. At this point in the process, the strengths and weaknesses of the current system or software product are identified.
- Requirements – defined based upon stakeholder needs and constraints
- Approach – Recommended system and/or software solution to satisfy the Requirements
- Evaluation – is based upon the previously completed elements within the feasibility study. The final report addresses the cost-effectiveness of the approach selected
- Review – A formal review of feasibility study report is conducted with all stakeholders
4. Benefit realization techniques:
|
- COBIT 5 provides the industry accepted framework under which IT governance goals and objectives are derived from stakeholder drivers with the intent of enterprise IT generating business value from IT-enabled investments
- COBIT 5 based on 5 principles and 7 enablers
5 Principles |
7 Enablers |
1. Meeting Shareholders needs |
1. Principles, Policies and Frameworks |
2. End-to-End coverage |
2. Processes |
3. Holistic Approach |
3. Organizational Structures |
4. Integrated Framework |
4. Culture, Ethics and Behaviour |
5. Separate governance from management |
5. Information |
|
6. Services, Infrastructure and Applications |
|
7. People, Skills and Competencies |
Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9