Assume that you are Chief Information Officer (CIO) of a multinational manufacturing company. Your company is planning to replace current system and develop a new in-house software to manage its sales employees‘ attendance who are always in the field. What will you do in following situations?
1. As CIO what are the strategies (strategies for system design, input design and output design) you will consider most appropriate in designing a new system?
2. What control mechanisms (logical access control and application control) will you look for in this new software?
a) There are many strategies or techniques for performing system design. They include modern structured analysis, information engineering, prototyping, JAD, RAD and object-oriented
design. These designs are often viewed as competing alternative approaches to systems design. In reality, certain combinations complement one another.
1. Modern structured design is a process oriented technique of breaking of large program into hierarchy of modules that result in computer program that is easier to implement and design. Synonyms are top down design and structured programming. Structured design has lost some of its popularity with many of today‘s applications that call for newer techniques that focus on event driven and object oriented programming techniques. However, it is still a popular technique for the design of mainframe-based application software and to address coupling and cohesion issues at the system level.
2. Information engineering is a data centered technique. IE involves conducting a business area requirements analysis from which information system application are carved out and prioritized.
3. Prototyping approach is an iterative process involving a close working relationship between designer and users. The main advantage of using it is that encourages the active participation of end-users and its disadvantage is that since users may not exactly know what they want so too much interaction with end user may result in delay or overrun of project because of additional requirements creeping in.
4. Joint Application Development (JAD) was introduced as technique that complement other system analysis and design techniques emphasizing participative development among system owners, users, designer and builders. Thus JAD is frequently used in conjunction with the above design technique.
5. Rapid Application Development (RAD) is the merger of various structured techniques with Prototyping techniques and Joint Application Development techniques to accelerate system development. RAD calls for the interactive use of structured techniques and prototyping to define the user‘s requirements and design the final system.
6. Object-Oriented Design (OOD) is the newest up and coming design strategy. The technique is an extension of the object oriented analysis strategy. OOD techniques are used to refine the object requirements definitions identified earlier during the analysis and to define design specific process.
Citing upon all the above techniques I will consider use of any one or more than one techniques to develop the new system depending upon several factors like budget, time constraints, urgency on need of new software, size and level of skill of IT team and end users knowledge on system requirements.
b) The main security features that I would be interested more in new software would be: Application controls
• Application controls are built into each application (payroll, accounts payable, inventory management, etc.).
• Application controls are designed to ensure that only correct, authorized data enter the system and that the data are processed and reported properly
• Application Control are divided into input control, processing control and output control
a) Input controls provide reasonable assurance that data submitted for processing are (1) authorized, (2) complete, and (3) accurate. These controls vary depending on whether input is entered in online or batch mode. The most basic input control is thus authorization.
b) Processing controls provide reasonable assurance that (1) all data submitted for processing are processed and (2) only approved data are processed. These controls are built into the application code programmers during the systems development Process.
c) Output controls provide assurance that the processing result (such as account listings or displays, reports, files, invoices, or disbursement checks) is accurate and that only authorized personnel receive the output.