Once the appropriate structure receives the business case, it will be evaluated based on general
            guidelines provided by the BoD. That could involve the amount of investment executive management is
            willing to make on a single project, or how much of the annual capital budget is remaining compared to
            the amount requested in the business case. There should also be a strategic alignment evaluation. Is the
            objective and functionality of the proposal aligned with the strategic goals and objectives of the entity,
            especially those most recently communicated from the BoD to the IT governance structure?


            If the proposal is approved by the IT governance structure, or whatever approval mechanism exists, then
            the system development process begins. Typically, that beginning is to complete a thorough information
            requirements analysis. Systems analysts or business analysts would interview end users and the project
            sponsor to determine the information needs. This step would also include reviewing existing business
            processes, existing applications (if applicable), and outputs or proposed outputs.

            The systems analyst should also make sure a security specialist scrutinizes the proposal, and even
            considerations for BI data that should be captured that might otherwise not be recognized. The process
            would also capture the business environment requirements, functional requirements, and business
            process requirements.

            Once a requirements document is completed and vetted among all key stakeholders, then the process
            typically looks at alternative solutions.

            Solution selection could be “build it or buy it” (if the IT staff includes programming capabilities). If it is to
            buy, there are several alternative solutions. Major projects seeking alternative solutions could take the
            information requirements documents and create a request for proposal (RFP) that asks software
            vendors to propose based on those requirements. Some due diligence would then be performed to sort
            through the vendor proposals to make the best choice from among them.

            If the entity decides to develop its own solution, then the system design needs to be developed in detail
            from the high-level documentation and information requirements developed up to this point. This phase
            should include a full set of application or system development documentation. The scope of application
            development is not included in this dimension.


            Second phase
            The second phase takes the system design or choice of vendor product from an RFP selection, and goes
            through some due diligence before being implemented.

            System or application development involves turning the system design into a fully functional, high quality
            solution, ready to go through an appropriate testing process, and on to implementation.

            The application should be tested alone, which would have been done by the programmer. It should also
            be tested by the end user or the project sponsor for full functionality and errors. Then the application
            should be tested with other applications it regularly interfaces, usually an accounting or financial module.
            Then the application should be tested in the accounting cycle as a whole, if there are multiple modules in
            the cycle. Finally, the application should be tested with the GL and enterprise applications and databases.






            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-37