Page 45 - ITGC_Audit Guides
P. 45
Cloud Applications
Due to potential cost and time savings, as well as ease of implementation, many organizations
are willing to forego some application features and adapt to the features provided by different
cloud applications (see the Network Architecture section for details on the different types of cloud
service models). This allows organizations to forego developing applications in-house or
purchasing off-the-shelf software from vendors. In many cases, the cloud application cost is
cheaper than developing an application in-house, but each organization should determine if
selected cloud applications can fulfill the organizational and regulatory requirements.
Due to their focus on specific services, cloud applications often put an organization in a better
position to reduce internal hardware and network resource costs versus maintaining their current
IT infrastructure. Utilizing the cloud can also provide the organization with a competitive
advantage over their competition when it comes to deploying emerging technologies.
Application Development and Maintenance
For some organizations, application development may be a core competency that helps them
meet their strategic objectives. Application development involves creating and integrating
programs that can facilitate business processes, automate control activities, and advance
efficiency. Applications connect with the organization’s network and infrastructure and carry out
the business logic intended by the process. Software programs can have embedded application
controls to address risk related to accuracy, completeness, and authorization.
Applications and software have been traditionally developed using the waterfall project
management method. A simple way to think of the waterfall method is to consider the way
housing is developed. A house is designed, built, and inspected before a certificate of occupancy
is granted. This can sometimes be inefficient.
Application and software development can take a more incremental approach, which can address
the potential delay in deliverables. Rather than delivering an entire product at once, a method
known as Agile (or adaptive software development) is now often used. With this method, there is
still a blueprint and a known final outcome — as there is for a house — but one deliverable at a
time can be developed or built, in what are referred to as sprints. Using the analogy of building a
house, the Agile method of software development would be like following the blueprint, building,
inspecting, and granting of a home’s occupancy one room at a time, but instead for delivering a
unit or section of an entire application or project.
The Agile method can be effective in application development, given the waterfall approach
requires all the in-between steps to be completed before delivering the final product.
Agile, properly implemented, has created a new software development and testing process
referred to as DevOps (a combination of the words development and operations) or DevSecOps
(development, security, and operations). Using this method, an organization does not need to
know the final product because it is based on program vs. project management. The focus is
more customer-centric, building one feature at a time. This may address frustrations that come
with waiting for complete project deliverables.
37 — theiia.org
