CISA Domain 3 Information Systems Acquisition, Development, and Implementation – Part 1

PART 1 – CISA Domain3 – Information Systems Acquisition and Development, and Implementation
Domain 3: Understanding the domain in general
What is benefits realization?
What is portfolio management?
What is Business case approval and development?
What are the best business realization techniques?

Understanding the domain in general
Weightage – This domain accounts for 18 percent of the CISA exam (approximately 27, questions).
This Knowledge Statement covers 14 topics related to the auditing of information systems
Knowledge of benefits realization techniques (e.g. feasibility studies, business case, total cost of ownership [TCO], Return on Investment [ROI]).
Knowledge of IT acquisition and vendor management practices (e.g. evaluation and selection process; contract management, vendor risk management and relationship management); including third-party outsourcing relationships with IT suppliers and service providers.
Knowledge of project governance mechanisms (e.g. steering committee, project oversight boards).
Project Management Office
Knowledge of project management controls frameworks, practices, and tools
Project management knowledge and risk management practices
Knowledge of management practices and requirements analysis (e.g. traceability, gap analysis or vulnerability management, security requirements),
Knowledge of enterprise architecture in relation to data, applications and technology (e.g. web-based apps, web services, ntier applications, cloud services or virtualization).
Knowledge of system development methodologies, tools, and their strengths and weaknesses (e.g. agile development practices, prototyping and rapid application development [RAD], object oriented design techniques, secure programming practices, system version control).
Understanding of control objectives and techniques to ensure that transactions and data are complete, accurate, valid, and authorized
Knowledge of testing methods and practices related the information system development cycle (SDLC).
Knowledge of configuration management and release management is essential for the development of information systems
Knowledge of system migration, infrastructure deployment practices, and data conversion techniques, tools and procedures
Understanding project success criteria and project risks
Knowledge of post-implementation review practices and objectives (e.g. project closure, control implementation benefits realization, performance measurement)

Exam concepts:
1. Realize the benefits
Realizing benefits is one of the objectives.
It is to ensure that IT and business meet their value management responsibilities
IT-enabled business investment deliver tangible business value and the promised benefits
Delivered on time and within budget, the required capabilities (solutions or services) are available
2. Portfolio/Program Management:
The following are the objectives of project portfolio management:
Optimization of the results of the portfolio (not individual projects)
Prioritizing and scheduling projects
Resource coordination (internal as well as external)
Knowledge transfer throughout the projects
3. Business case development and approval
A business case is the information needed for an organization to decide if a project should be pursued
A business case is either the first step of a project, or a precursor to the actual start of the project.
The business case should be an integral part of any decision making process throughout the entire life cycle of any project.
A feasibility study, which is usually part of project planning/initiation, would provide the initial business case.
The following six elements will be included in a feasibility study:Project Scope – This defines the business problem or opportunity to be addressed
Current Analysis – Describes and establishes a understanding of a system or a software product.

Related Posts

Drive Letters

By Val Bakh 2.4.1 Drive letters (part 1)Disk drives can be referred to using alphabet letters. Drives A and C were used commonly for floppy disk drives….

Drive Letters (Part 2)

By Val Bakh 2.4.2 Drive letters (part 2) In the first part, we covered the basics of drive letter assignment and the changes that Windows Vista has…

Activation Part 2

2.2.2 A product code in an answer file. Let’s say you have a WIM image of Windows 7 Enterprise and a Multiple Activation Key (MAK). How do…

Activation Part 1

By Val Bakh2.2 Activation 2.2.1 Volume activation Every Windows 7 installation must be activated. It is a legal requirement to ensure that the operating system is properly…

Microsoft Vista Tips and Tricks

By Val Bakh 1. Vista 1.1. Boot architecture All Windows versions that are designed for business, starting with Windows NT include built-in support to multiboot configurations. Multiple…

Multicloud Storage Service Spans AWS Microsoft Azure Nimble Storage Inc. has today launched a beta offering that claims to be the only enterprise-grade multicloud block store service for Amazon Web Services Inc. (AWS), and Microsoft Azure public cloud. The product is called Nimble Cloud Volumes, and its enterprise-grade availability as well as data services can be used to help organizations move new types enterprise apps to the cloud. Nimble Storage believes that the first wave cloud apps will be mostly content-centric, native Web and mobile apps. They lack enterprise-friendly features like data durability and data services such as snapshots, and the ability to share the same volumes with multiple hosts. The next wave of cloud applications comprises traditional transactional-centric workloads — like transactional databases — moving to the public cloud space, with stringent storage requirements. The company stated that NCV flash-based storage could provide enterprise functionality, opening up new frontiers. It also offers other benefits, such as the elimination of cloud vendor lock-in, better data reliability, and uninterrupted data access. Ajay Singh, a senior executive at AWS, stated that the NCV service delivers flash storage volumes or block storage to AWS EC2 instances and Azure Virtual machines. It offers significant advantages over native cloud block storage services such as Amazon EBS and Azure Disk Volumes. The company highlighted the following three main benefits of the new NCV service:

Data mobility between public clouds or on-premises datacenters is easy without large data egress fees. Global visibility and predictive analytics allow for information such as usage history,…