Overlooked steps in software development and how to overcome the risks & impacts

Fa calendar 16 grey August 29, 2019   
Fa thumbs o up 16 grey 2   

If little attention is given to the software development life cycle (SDLC) and project management in the creation of a system, excessive maintenance costs may be incurred.

Normal 6836ab40 d273 4a1d 9fa3 c3b85c4cfc9b

Applications developed in-house or acquired from manufacturers are the backbone of a business’ operations. These systems (both automated and manual) provide the source for analysis related to business decisions, and either perform or control processes critical to the business’ livelihood. There are a number Standards and frameworks like ISO/IEC/IEEE 12207:2017, ISO /IEC 27001, ISO/IEC/IEEE 24748-2, ISO 9001 developed to ensure good practice in the system development projects. Therefore, failure to reference / implement such good practice for systems development and project management standards in the process may result into the following risks and impacts:

  • Misunderstanding of project objectives and requirements.

  • Inappropriate supplier selection due to loopholes in the establishment of the business case.

  • Management unaware of risks in the acquisition of software.

  • Increased reliance on key staff, problems in daily operations, help desk overload.

  • Inability to implement a new system or ability to back-out the new system and restore old system (roll back plan).

  • Solution failing to meet business and/or user requirements, not performing as expected, or unable to integrate with the strategic IT plan, information architecture and technology direction hence leading to incapability to confirm Return on Investment.

  • Insufficient stakeholder participation in defining requirements and reviewing deliverable.

  • Gaps between controls and actual threats or risks.

  • System security and confidentiality compromised.

  • Invalid transactions or transactions processed incorrectly.

  • Costly compensating controls.

  • Reduced system availability and questionable integrity of information.

  • Poor software quality, inadequate testing and a high number of failures.

  • Disorganized and ineffective approach to project management, inappropriate priorities, delayed critical functions, inappropriate.

  • Incorrect solution selected or significant missing requirements discovered later in the project, causing costly reworking and implementation delays.

  • Alternate solutions not identified.

  • High costs of disjointed / incompatible solutions.

  • Contractual discrepancies and gaps between business expectations and supplier / developer capabilities and priorities.

  • Inadequate budgets and resources due to project management inconsistencies.

  • Failure to respond to project issues with optimal and approved decisions.

  • Unclear responsibilities and accountability for ensuring cost control and project success.

It has been estimated that a major portion of the cost of an application over its valuable life is incurred for maintenance after the application becomes operational. If little attention is given to the software development life cycle (SDLC) and project management in the creation of a system, excessive maintenance costs may be incurred, especially if it is necessary to put controls in after the application is already in production.

Remember: Redesign is not only expensive, but difficult to accomplish”.

Therefore, if accurate and comprehensive documentation is maintained, business case well defined, assessment on controls and modifications made appropriately to application and system software, the above risks and impacts will be adequately controlled, and the business can then attest for the integrity/reliability of the software / application.

How does it all add up?

The SDLC ensures that project development is sufficiently integrated to provide adequate security in the resulting system or application. The SDLC should be documented and project development activities should conform to them; all should be guided by written standards and procedures for each phase. These standards should address design, programming, testing, implementation, documentation and maintenance and be flexible while incorporating security checkpoints to validate the adequacy of controls within the system or application.


  This article was originally published on here by Veronica Rose, a certified Information Systems Auditor and an Author.


Share this article with your friends and family

  Share on Facebook  Share on WhatsApp

    Register or log in to like and comment the article.