Organizations should establish development standards that, at a minimum, address project management, system control, and quality assurance issues. Project management standards should address issues such as project management methodologies, risk management procedures, and project approval authorities. System control standards should address items such as an application's functional, security, and automated control features. Quality assurance standards should address issues such as the validation of project assumptions, adherence to project standards, and testing of a product's performance. Development standards should include procedures for managing changes during the development process. "Scope creep" is a common problem associated with software development projects. It occurs when developers receive requests to add or modify a program's features while the program is being developed. Although the addition or modification of functional, security, or control features may be appropriate, uncontrolled changes disrupt the development process. Establishing change approval procedures and cut-off dates (after which requested changes are deferred to subsequent versions) assist organizations manage change during the development process. Development standards should also include procedures for managing internally developed spreadsheets and database reports. Financial institutions often rely on the spreadsheets and reports to make important budgeting and asset/liability decisions, but fail to implement adequate testing, documentation, and change-control procedures. Management's reliance on the spreadsheets and reports should dictate the formality of their development procedures, change controls, and backup techniques.
Systems Development Life Cycle