Unit 5: Business System Development and Implementation
Business System Development and Implementation
Developing a business system is not just about coding; it involves testing, documentation, proper implementation, hardware/software selection, and ongoing maintenance. Each step ensures the system is reliable, efficient, and aligned with business goals.
System Testing and Quality Assurance (QA)
System testing ensures that the developed system meets business requirements and performs correctly. QA is the process to maintain high-quality standards throughout development.
Types of Testing
| Type | Purpose | Example |
|---|---|---|
| Unit Testing | Test individual components/modules | Testing login functionality separately |
| Integration Testing | Ensure modules work together correctly | Payment gateway integration with order processing |
| System Testing | Test the complete system end-to-end | E-commerce website testing all features |
| User Acceptance Testing (UAT) | Verify system meets user requirements | End-users test the dashboard and reports |
| Performance Testing | Check speed, scalability, and response time | Load testing during Black Friday sale |
| Security Testing | Identify vulnerabilities and threats | Penetration testing for banking applications |
QA Techniques: Code reviews, automated testing, regression testing, and adherence to software development standards.
Documentation for Systems
Documentation ensures that the system’s design, processes, and usage are recorded, helping in maintenance, audits, and knowledge transfer.
Types of Documentation
| Type | Description |
|---|---|
| User Documentation | Manuals, guides, tutorials for end-users |
| Technical Documentation | System architecture, ER diagrams, coding standards |
| Process Documentation | Workflow charts, standard operating procedures (SOPs) |
| Testing Documentation | Test plans, test cases, bug reports, QA reports |
Tip: Good documentation reduces errors, improves maintenance, and helps new team members understand the system quickly.
Implementation and Development Processes
Implementation is the deployment of a system into a live environment, while development involves coding and constructing the system.
Implementation Approaches
1- Parallel Implementation
- Old and new systems run simultaneously until the new system is stable.
- Advantage: Low risk; Disadvantage: Costly.
2- Direct Cutover
- Old system is completely replaced by the new system.
- Advantage: Quick; Disadvantage: High risk.
3 - Pilot Implementation
New system tested in a limited environment before full rollout.
4 - Phased Implementation
- System is deployed module by module.
- Advantage: Less risk, easier problem detection.
Development Methodologies
- Waterfall Model: Sequential, well-structured approach.
- Agile Model: Iterative, adaptive development with user feedback.
- Rapid Application Development (RAD): Focus on quick prototyping and iterative delivery.
Hardware and Software Selection Criteria
Choosing the right hardware and software ensures the system performs efficiently and meets business needs.
Hardware Selection Criteria
- Processing power (CPU, GPU for intensive operations)
- Memory and storage capacity
- Reliability and scalability
- Compatibility with existing systems
- Cost and energy efficiency
Software Selection Criteria
- Functional suitability for business processes
- User-friendliness and learning curve
- Integration capabilities with other software
- Vendor support and maintenance
- Security and compliance features
- Cost of licensing and updates
Example: For an ERP system, servers must handle multiple users, and software should integrate with CRM, accounting, and inventory modules.
System Maintenance and Support
System maintenance ensures the system continues to function efficiently after deployment. It includes corrective, adaptive, perfective, and preventive maintenance.
Types of Maintenance
| Type | Purpose | Example |
|---|---|---|
| Corrective Maintenance | Fix bugs and errors | Patching login failures |
| Adaptive Maintenance | Adapt system to new environments | Upgrading to new OS or database |
| Perfective Maintenance | Improve performance or add features | Adding a new reporting module |
| Preventive Maintenance | Prevent future issues | Regular system audits, backups, and updates |
Support Activities
- User training and helpdesk services
- Performance monitoring and optimization
- Updating documentation with changes
Tip: Proper maintenance increases system lifespan, reduces downtime, and improves user satisfaction.
Summary Table
| Aspect | Key Points | Example / Tools |
|---|---|---|
| System Testing & QA | Unit, integration, system, UAT, performance, security testing | Selenium, JMeter, LoadRunner |
| Documentation | User, technical, process, testing | User manuals, ER diagrams, SOPs |
| Implementation & Development | Parallel, direct, pilot, phased; Waterfall, Agile, RAD | ERP, CRM, online platforms |
| Hardware & Software Selection | CPU, memory, storage; software integration, usability, cost | Servers, Oracle DB, SAP, Microsoft 365 |
| Maintenance & Support | Corrective, adaptive, perfective, preventive; user training | System updates, helpdesk, monitoring tools |
Security and Auditing of Information Systems
Security of Information Systems ensures protection against unauthorized access, misuse, or damage.
Auditing of Information Systems is the process of evaluating and verifying the effectiveness of controls and security mechanisms.
Key Objectives
- Safeguard organizational data and resources.
- Ensure compliance with laws and regulatory requirements.
- Detect and prevent fraud, errors, and security breaches.
- Evaluate efficiency and effectiveness of system operations.
- Maintain trust and accountability for stakeholders.
Objectives and Techniques of Information System Controls
Information system controls are measures to manage risks and secure systems.
Objectives of IS Controls
| Objective | Description |
|---|---|
| Preventive Control | Stop security breaches or errors before they occur. |
| Detective Control | Identify and report errors or security violations. |
| Corrective Control | Rectify errors or restore systems after a breach. |
| Directive Control | Establish policies and procedures to guide system usage. |
Techniques of IS Controls
| Technique | Purpose | Example |
|---|---|---|
| Authentication & Authorization | Verify user identity and access rights | Passwords, biometrics, role-based access |
| Encryption | Protect data in transit and at rest | SSL/TLS, AES encryption |
| Firewalls & Intrusion Detection | Prevent unauthorized network access | Cisco firewall, Snort IDS |
| Backup & Recovery Procedures | Ensure data restoration after loss | Cloud backups, RAID storage |
| Audit Trails | Track system activity for accountability | System logs, transaction logs |
Tip: Explain controls with real business examples like banking, e-commerce, or ERP systems.
Auditing Information Systems
Information System Auditing evaluates controls, security, and compliance.
Key Steps in IS Auditing
- Planning & Risk Assessment - Identify critical systems, data, and potential threats.
- Control Evaluation - Assess effectiveness of preventive, detective, and corrective controls.
- Testing & Verification - Test system functionality, security, and data accuracy.
- Reporting & Recommendations - Highlight vulnerabilities and suggest improvements.
Types of IS Audits
- Internal Audit: Conducted by in-house IT or audit team.
- External Audit: Conducted by third-party auditors for compliance or certification.
- Compliance Audit: Ensure adherence to legal and regulatory frameworks (e.g., GDPR, ISO 27001).
Example: Auditing ERP systems to ensure inventory, finance, and payroll data accuracy and security.
Disaster Recovery and Business Process Continuity Planning
Even with strong controls, systems may fail due to natural disasters, cyber-attacks, or human errors. Planning ensures business operations continue with minimal disruption.
Disaster Recovery (DR)
-
Objective: Restore IT systems and data quickly after an incident.
Key Components
- Backup and replication of critical data
- Redundant servers and storage
- DR site (hot, warm, or cold site)
- Recovery Time Objective (RTO) and Recovery Point Objective (RPO)
Business Continuity Planning (BCP)
-
Objective: Ensure critical business processes continue during and after a disaster.
Key Steps
- Risk assessment and business impact analysis (BIA)
- Identify critical processes and dependencies
- Develop contingency and communication plans
- Conduct regular drills and testing
Example: Banks maintain real-time backup at multiple data centers and BCP to handle system outages.
Summary Table
| Topic | Key Points | Example / Tools |
|---|---|---|
| Security of IS | Protect against unauthorized access, misuse, errors | Firewalls, encryption, authentication |
| IS Controls | Preventive, detective, corrective, directive | Passwords, audit trails, backup systems |
| Auditing IS | Internal, external, compliance audits | ISO 27001 audits, SOC reports, system logs |
| Disaster Recovery | Restore systems and data quickly | DR sites, cloud backups, RTO/RPO planning |
| Business Continuity | Maintain critical business processes | BCP plans, drills, contingency procedures |
Exam Tips
- Explain controls with examples from banking, ERP, or e-commerce systems.
- Draw audit flowcharts and DR/BCP frameworks for visual clarity.
- Highlight difference between DR and BCP.
- Emphasize regulatory compliance and security standards like ISO 27001.