Skip to main content
Sign In |
  Help (new window)

CobiT

Go Search
Home
  
CobiT > Wiki Pages > WorkDefinition - Acquire and Maintain Application Software  

WorkDefinition - Acquire and Maintain Application Software

View All Site Content

Recent Changes
WorkDefinition Information

Acquire and Maintain Application Software

Description

Applications are made available in line with business requirements. This process covers the design of the applications, the proper inclusion of application controls and security requirements, and the development and configuration in line with standards. This allows organisations to properly support business operations with the correct automated applications.

 

Management of the process of Acquire and maintain application software that satisfies the business requirement for IT of aligning available applications with business requirements, and doing so in a timely manner and at a reasonable cost is:

0 Non-existent when
There is no process for designing and specifying applications. Typically, applications are obtained based on vendor-driven offerings,brand recognition or IT staff familiarity with specific products, with little or no consideration of actual requirements.

1 Initial/Ad Hoc when
There is an awareness that a process for acquiring and maintaining applications is required. Approaches to acquiring and maintaining application software vary from project to project. Some individual solutions to particular business requirements are likely to have been acquired independently, resulting in inefficiencies with maintenance and support.

2 Repeatable but Intuitive when
There are different, but similar, processes for acquiring and maintaining applications based on the expertise within the IT function. The success rate with applications depends greatly on the in-house skills and experience levels within IT. Maintenance is usually problematic and suffers when internal knowledge is lost from the organisation. There is little consideration of application security and availability in the design or acquisition of application software.

3 Defined when
A clear, defined and generally understood process exists for the acquisition and maintenance of application software. This process is aligned with IT and business strategy. An attempt is made to apply the documented processes consistently across different applications and projects. The methodologies are generally inflexible and difficult to apply in all cases, so steps are likely to be bypassed. Maintenance activities are planned, scheduled and co-ordinated.

4 Managed and Measurable when
There is a formal and well-understood methodology that includes a design and specification process, criteria for acquisition, a process for testing and requirements for documentation. Documented and agreed-upon approval mechanisms exist to ensure that all steps are followed and exceptions are authorised. Practices and procedures evolve and are well suited to the organisation, used by all staff and applicable to most application requirements.

5 Optimised when
Application software acquisition and maintenance practices are aligned with the defined process. The approach is componentbased, with predefined, standardised applications matched to business needs. The approach is enterprisewide. The acquisition and maintenance methodology is well advanced and enables rapid deployment, allowing for high responsiveness and flexibility in responding to changing business requirements. The application software acquisition and implementation methodology is subjected to continuous improvement and is supported by internal and external knowledge databases containing reference materials and good practices. The methodology creates documentation in a predefined structure that makes production and maintenance efficient.

Develop formalised methodologies and processes to manage the application development processTrack and manage application requirementsDevelop a plan for the maintenance of software applicationsCustomise and implement acquired automated functionality.Specify application controls within the designTranslate business requirements into high-level design specificationsPrepare detailed design and technical software application requirementsCreate a software QA plan foro the project

Attributes

Element CategoriesAI2.7 Development of Application Software, AI2.2 Detailed Design, AI2 Acquire and Maintain Application Software, AI2.4 Application Security and Availability, AI2.6 Major Upgrades to Existing Systems, AI2.1 High-level Design, AI2.3 Application Control and Auditability, AI2.10 Application Software Maintenance, AI2.5 Conf and Implementation of Acquired Application Software, AI2.9 Applications Requirements Management, AI2.8 Software Quality Assurance
IT ResourcesApplication
Primary Business RequirementsEffectiveness, Efficiency
Secondary Business RequirementsIntegrity, Reliability
Primary IT Governance Focus AreasStrategic alignment, Value delivery
Secondary IT Governance Focus AreasRisk management
Goals and Metrics

IT Goals
-Define how business functional and control requirements are translated into effective and efficient automated solutions
-Acquire and maintain integrated and standardised application systems

IT Metrics
-Percent of projects delivering business change in the required time frame
-Number of projects where stated benefits were not achieved due to poor application design or development
-Percent of users satisfied with the functionality delivered


Process Goals
-Acquire and maintain applications that cost-effectively meet the defined business
requirements
-Acquire and maintain applications in line with IT strategy and IT architecture
-Ensure that the development process is timely and cost effective

Process Metrics
-Percent of development projects on time and on budget
-Percent of development effort spent maintaining existing applications
-Number of production problems per application causing visible downtime
-Reported defects per month (per function point)


Activity Goals
-Translating business requirements into design specifications
-Adhering to development standards for all modifications
-Prioritising requirements based on business relevance
-Separating development, testing and operational activities
-Leveraging investment in existing technology

Activity Metrics
-Percent of application software projects with a software QA plan developed and executed
-Percent of application software projects with appropriate review and approval of compliance with development standards
-Average time to deliver functionality based on measures such as function points or lines of code
-Average programming effort to deliver functionality based on measures such as function points or lines of code

Inputs and Outputs

WorkProductInputOutputAllowable States
Application and package software knowledge(none)
Application security controls specification(none)
Availability, continuity and recovery specification(none)
Business requirements feasibility study(none)
Initial planned SLAs(none)

Last modified at 12/10/2007 3:51 PM  by Administrator