The waterfall system development process is a

sequential, multistage system development

process in which work on the next stage cannot
begin until the results of the current stage are
reviewed and approved or modified as
necessary.
System Investigation is the initial phase in the development of a new or modified business
information system whose purpose is to gain a clear understanding of the specifics of the
problem to solve or the opportunity to address.

What is the scope of the problem?

Who is affected and how?
How often does this occur?
After gaining a good understanding of the problem, the next question is,
“Is the problem worth addressing?”
Given that organizations have limited resources—people and money—this question deserves
careful attention.
What are the potential costs, both the one-time initial costs and recurring costs?
What risks are associated with the project?
If successful, what benefits, both tangible and intangible, will the system provide ?

The steps of the investigation phase are:

1. Review system investigation request.
2. Identify and recruit team leader and team members.
3. Develop budget and schedule for investigation.
4. Perform investigation.
5. Perform preliminary feasibility analysis.
6. Prepare Draft of Investigation Report
7. Review results of investigation with steering team

1. Review system investigation request.

Many organizations have adopted a formal procedure for initiating a system investigation.
2. Identify and recruit team leader and team members.
The next step is to identify and recruit a person who will lead the investigation phase,
followed by the other members of the investigation team.
3. Develop budget and schedule for investigation.
After the team has been formed, its members work together to develop a list of specific
objectives and activities that must be accomplished during the system investigation phase
along with a schedule for completing the work.
4. Perform Investigation.
The major tasks to perform during investigation include refining the initial problem
definition and scope described in the system investigation request

5. Perform preliminary feasibility analysis.

The technical, economic, legal, operational, and schedule feasibility are assessed during
the feasibility analysis, which is only a preliminary analysis that will be repeated with
more accuracy during the analysis and design phases
Technical feasibility: The process of determining whether a project is feasible within the
current limits of available technology.
Economic feasibility: The process of determining whether the project makes financial
sense and whether predicted benefits offset the cost and time needed to obtain them.
Legal feasibility: The process of determining whether laws or regulations may prevent or
limit a system development project.
Operational feasibility: The process of determining how a system will be accepted by
people and how well it will meet various system performance expectations.
Schedule feasibility: The process of determining whether the project can be completed
within a desired time frame.
6. Prepare Draft of Investigation Report

The system investigation ends with

production of a
System investigation report :Summarizes
the results of the system investigation and
recommends a course of action

7. Review results of investigation with steering team

The system investigation report is reviewed with the steering team to gain their input and
counsel. Typically, the written report is shared in advance and then the project manager and
selected members of the team meet with the steering team to present their
recommendations. After the project review, the steering team might agree with the
recommendations of the system development team or it might suggest a change in project
focus to concentrate more directly on meeting a specific company objective.
System Analysis
System analysis: The phase of system development that focuses on gathering data on the
existing system, determining the requirements for the new system, considering alternatives
within identified constraints, and investigating the feasibility of alternative solutions. The
primary outcome of system analysis is a prioritized list of system requirements and a
recommendation of how to proceed with the project. The steps in the system analysis :

1. Identify and recruit team leader and team members.

2. Develop budget and schedule for system analysis activities.
3. Study existing system.
4. Develop prioritized set of requirements.
5. Identify and evaluate alternative solutions.
6. Perform feasibility analysis.
7. Prepare draft of system analysis report.
8. Review results of system analysis with steering team

1. Identify and Recruit Team Leader and Team Members

In many cases, there is some personnel turnover when a project moves from the system
investigation phase to the system analysis phase. Some players may no longer be available to
participate in the project, and new members with a different set of skills and knowledge may
be required. So, the first step in system analysis is to identify and recruit the team leader and
members. Ideally, some members of the original investigation team will participate in
the system analysis to provide project continuity.

2. Develop Budget and Schedule for System Analysis Activities

After the participants in the system analysis phase are determined, the team develops a list of
specific objectives and activities required to complete the system analysis. The team also
establishes a schedule—complete with major milestones to track project progress. The group
also prepares a budget of the resources required to complete the system analysis, including
any required travel expenses as well as funds to cover the use of outside resources.
3. Study Existing System
The purpose of studying the existing
system is to identify its strengths and
weaknesses and examine current inputs,
outputs, processes, security and controls,
and system performance. While analysis
of the existing system is important to
understanding the current situation, the
study team must recognize that after a
point of diminishing returns, further
study of the existing system will fail to
yield additional useful information
Many useful sources of information
about the existing system are available,
as shown

4. Develop Prioritized Set of Requirements

The purpose of this step is to determine user, stakeholder, and organizational needs for the new
or modified system. A set of requirements must be determined for system processes (including
inputs, processing, outputs, and feedback), databases, security and controls, and system
performance. See Figure. As requirements are identified, an attempt is made to prioritize
each one by using the following categories
• Critical. Almost all users agree that the system is simply not acceptable unless it performs this
function or provides this capability. Lack of this feature or capability would cause users to call
a halt to the project.
• Medium priority. While highly desirable, most users agree that although their work will be
somewhat impaired, the system will still be effective without this feature or capability. Some
users may argue strongly for this feature or capability but, in the end, would want the project
to continue even without this capability.
• Low priority. Most users agree that their ability to use the system to accomplish their work
will only be minimally impaired by lack of this feature or capability, although it would be
“nice to have.” Almost no user argues strongly for this feature or capability.
Processes: The functional decomposition performed
during the investigation phase identifies the majority of
the processes to be included within the scope of a new
system. Now, the processes must be further defined so
that they will be practical, efficient, economical, accurate,
and timely to avoid project delays.
A process requires input that it uses to create output.
Often, feedback is generated. The questions that need to
be answered during system analysis are:
what data entities are required ?
where will this data come from ?

what methods will be used to collect and enter the data ?

who is responsible for data input ? and what edits should be performed on the input data to
ensure that it is accurate and complete?
Another important consideration is the creation of an audit trail that records the source of each
data item, when it entered the system ?, and who entered it ?.
The audit trail may also need to capture when the data is accessed or changed and by whom.

Data-Flow Diagram A data-flow diagram (DFD)

is a diagram used during both the analysis and
design phases to document the processes of the
current system or to provide a model of a
proposed new system. A DFD shows not only the
various processes within the system but also
where the data needed for each process comes
from, where the output of each process will be
sent, and what data will be stored and where.
 Databases Data modeling is the process of defining
the databases that a system will draw data from as
well as any new databases that it will create. The
use of entity-relationship (ER) diagrams is one
technique that is frequently used for this critical step.
An ER diagram is used to show logical relationships
among data entities, such as in Figure. An ER
diagram (or any other modeling tool) cannot by itself
fully describe a business problem or solution because
it lacks descriptions of the related activities. It is,
however, a good place to start because it describes
entity types and attributes about which data might
need to be collected for processing.

Security and Control considerations need to be an integral part of the entire system development
process. This approach usually leads to problems that become security vulnerabilities, which can
cause major security breaches resulting in significant legal and system modification expenses. The
following list of security and control requirements:
• Access controls, including controls to authenticate and permit access only to authorized individuals.
• Encryption of electronic customer information, including while in transit or in storage on networks or
systems to which unauthorized individuals may have access.
• Dual control procedures, segregation of duties, and employee background checks for employees with
responsibilities for or access to customer, employee, or organization-sensitive information
• Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into
information systems
• Measures to protect against destruction, loss, or damage of customer, employee, or organization-
sensitive data due to potential environmental hazards, such as fire and water damage, technological
failures, or disasters such as hurricanes and terrorism
• Business resumption procedures to get the system up and running with no major business disruption and
with no loss of data in the event of a disaster (e.g., fire, hurricane, terrorism)

System Performance How well a system performs can be measured through its performance
requirements
5. Identify and Evaluate Alternative Solutions
The analysis team must think creatively and consider several system solution options. By
looking at the problem in new or different ways, questioning current assumptions and the
way things are done today, and removing current constraints and barriers, the team is free to
identify highly creative and effective information system solutions .

6. Perform Feasibilit Analysis

At this stage in the system development process, the project team has identified several
promising solutions based on implementing all or most of the critical requirements and
various subsets of the medium and low-priority requirements. The feasibility analysis
conducted during the investigation phase is repeated for each of the candidate solutions the
team wants to consider. At this stage, the analysis can be more in-depth because more is
known about the system and its requirements as well as the costs and benefits of the various
options.

7. Prepare Draft of System Analysis Report

System analysis concludes with a formal system analysis report summarizing the findings
of this phase of the project. The report is a more complete and detailed version of the
system investigation report. At this phase of the project, the costs and benefits of the project
should be fairly accurate, certainly more accurate than at the end of the investigation phase.

8. Review Results of System Analysis with Steering Team

The system analysis report is presented to the project steering team with a recommendation to
stop, revise, or go forward with the system development project. Following the steering team
meeting, the project team incorporates the recommendations and suggested changes into the
final report. It is not unusual for changes to the project scope, budget, benefits, or schedule to
be requested based on the findings from the analysis phase. However, the project sponsor and
the steering team must request and formally approve of any changes.
System Design
The purpose of system design phase is to answer the question, “How will the information system
solve this problem?” The primary result of the system design phase is a technical design that
details system outputs, inputs, controls, and user interfaces; specifies hardware, software,
databases, telecommunications, personnel, and procedures; and shows how these components are
interrelated. In other words, system design creates a complete set of technical specifications that
can be used to construct the information system. The steps of system design:

1. Identify and recruit team leader and team members.

2. Develop schedule and budget for system design activities.
3. Design user interface. Most systems provide a sign-on procedure that requires identification
numbers, passwords, and other safeguards to improve security and prevent unauthorized use.
With a menu-driven system, users select what they want to do from a list of alternatives

Principles of Good User Interface Design

4. Design System Security and Controls.

The system analysis phase identified areas where system security and controls need to be
defined. During the design phase, designers must develop specific system security and controls
for all aspects of the information system, including hardware, software, database systems,
telecommunications, and Internet operations, as shown in Table. Security considerations involve
error prevention, detection, and correction; disaster planning and recovery; and systems controls.
The goal is to ensure secure systems without burdening users with too many identification
numbers and passwords for different applications. After the controls are developed, they should
be documented in standards manuals that indicate how to implement the controls. The controls
should then be implemented and frequently reviewed. It is common practice to measure how
often control techniques are used and to take action if the controls have not been implemented.
Organizations often have compliance departments to make sure the IS department is adhering to
its systems controls along with all local, state, and federal laws and regulations.
5. Design Disaster Recovery Plan.

Is a documented process to recover an organization’s business information system assets

including hardware, software, data, networks, and facilities in the event of a disaster. It is a
component of the organization’s overall business continuity plan, which also includes an
occupant emergency plan, a continuity of operations plan, and an incident management plan. A
disaster recovery plan focuses on technology recovery and identifies the people or the teams
responsible to take action in the event of a disaster, what exactly these people will do when a
disaster strikes, and the information system resources required to support critical business
processes. Disasters can be natural or manmade.

Various Disasters can Disrupt Business Operations

• Intentional Man-Made Disasters
9 Sabotage
9 Terrorism
9 Civil unrest

• Accidental Man-Made Disasters

9 Auto accident knocks down power lines to a data center
9 Backhoe digs up a telecommunications line
9 Operator error
9 Fire

• Natural Disasters
9 Flood
9 Tsunami
9 Hurricane/cyclone
9 Earthquake
9 Volcanic eruption
Mission-Critical Process: A process that plays a pivotal role in an organization’s continued
operations and goal attainment.
Hot Site: A duplicate, operational hardware system that is ready for use (or immediate access to
one through a specialized vendor)
Cold Site: A computer environment that includes rooms, electrical service, telecommunications
links, data storage devices, and the like
Cloud computing has added another dimension to disaster recovery planning. If your organization
is hit by a disaster, information systems that are running on the cloud are likely to be operational
and accessible by workers from anywhere they can access the Internet.
Files and databases can be protected by making a copy of all files and databases changed during
the last few days or the last week, a technique called:
Incremental backup. This approach to backup uses an Image log, which is a separate file that
contains only changes to applications or data. Whenever an application is run, an image log is
created that contains all changes made to all files. If a problem occurs with a database, an old
database with the last full backup of the data, along with the image log, can be used to re-create
the current database.

6. Design Database
The database provides a user view of data and makes it possible to add and modify data, store and
retrieve data, manipulate the data, and generate reports. One of the steps in designing a database
involves “telling” the database management system (DBMS) the logical and physical structure of
the data and the relationships among the data for each user. Recall that this description is called
a schema, and it is entered into the DBMS using a data definition language. A data definition
language (DDL) is a collection of instructions and commands that define and describe data and
relationships in a specific database.

7. Perform Feasibility Analysis

As a result of the work done during the design phase, the project team has a much better
understanding of what it will take to build the system, how it will operate, and what benefits it can
deliver. It is appropriate to reassess the technical, economic, legal, operational, and schedule
feasibility based on these new learnings
8. Prepare Draft of System Design Report

System design concludes with a formal system design report summarizing the findings of this
phase of the project. Any changes from the system analysis findings are highlighted and
explained. The table of contents for a typical system design report. This report is a more complete
and detailed version of the system investigation report.

9. Review Results of System Design with Steering Team

The system design report is presented to the project steering team with a recommendation to stop,
revise, or go forward with the system development project. The steering team carefully reviews
the recommendations because if the project is to proceed, considerable human and financial
resources will be committed and legally binding vendor contracts will be signed. Following the
steering team meeting, the project team incorporates the recommendations and changes suggested
into the final report.

Construction

system construction: The phase of system development that converts the system design into an
operational system by acquiring and installing hardware and software, coding and testing software
programs, creating and loading data into databases, and performing initial program testing.

1. Code software components.

2. Create and load data.
3. Perform unit testing.
 1. Code Software Components
Software code must be written according to defined design specifications. Most software
development organizations use a variety of software tools. The following list includes a
sampling of these types of software tools:
• Some template-driven code generators can create source code automatically. CodeSmith
Generator is an example of a template-driven code generator that automates the creation of
common application source code for several languages (e.g., C#, Java, VB, PHP, ASP.NET,
and SQL).
• Screen painter programs are used to design new data-entry screens and then use “dialog
boxes” to define the characteristics of the data that goes in each field.
• Menu-creation software allows users to develop and format menus
• Report generator software captures an image of a desired report

An organization also needs useful software documentation to accompany the software code.
Technical Documentation includes written details that computer operators follow to execute the
program and that analysts and programmers use to solve problems or modify the program.
Technical documentation explains the purpose of every major piece of computer code. It also
identifies and describes key variables.

User Documentation is developed for the people who use the system. In easy-to-understand
language, this type of documentation shows how the program can and should be used to perform
user tasks. Linx Software produces LinxCRM, a customer relationship management system. The
company implemented special software to help it create high-quality user documentation
including annotated screen shots from the system. Linx also created a video to help train users
 2. Create and Load Data
For many projects, considerable time and effort is expended in
creating and loading a new database.

3. Perform Unit Testing

Unit Testing: Testing of individual components of code (subroutines, modules, and programs)
to verify that each unit performs as designed.
Integration Testing: Testing that involves linking all of the individual components together and
testing them as a group to uncover any defects in the interfaces between individual components.
System Testing: Testing the complete, integrated system (hardware, software, databases,
people, and procedures) to validate that the information system meets all specified requirements.
Volume Testing: Testing to evaluate the performance of the information system under varying
yet realistic work volume and operating conditions to determine the work load at which system
performance begins to degrade and to identify and eliminate any issues that prevent the system
from reaching its required service-level performance.
User Acceptance Testing: Testing performed by trained system users to verify that the system
can complete required tasks in a real-world operating environment and perform according to the
system design specifications.
Implementation
A number of steps are involved in system implementation. These are outlined next and discussed
in the following sections.
1. User preparation
2. Site preparation
3. Installation
4. Cutover

1. User Preparation
User preparation is the process of readying managers, decision makers, employees, system users,
and stakeholders to accept and use the new system

2. Site Preparation
Site Preparation : A location for the hardware associated with the new system needs to be
prepared. For a small system, site preparation can be as simple as rearranging the furniture in an
office to make room for a computer. The computer and associated hardware in a larger system
might require special wiring, air conditioning, or construction. A special floor, for example,
might have to be built and cables placed under it to connect the various computer components,
and a new security system might be needed to protect the equipment. The project team needs to
consider the amount of site preparation that may be necessary and build sufficient lead time into
the schedule to allow for it.
3.Installation

Installation is the process of physically placing the computer equipment on the site and making
it operational. Although normally the manufacturer is responsible for installing computer
equipment, someone from the organization (usually the IS manager) should oversee the
process, making sure that all equipment specified in the contract is installed at the proper
location. After the system is installed, the manufacturer performs several tests to ensure that
the equipment is operating as it should.

4. Cutover
Cutover is the process of switching from an old
information system to a replacement system. Cutover is
critical to the success of the organization; if not done
properly, the results can be disastrous.
System cutover strategies. Organizations can follow one
of several cutover strategies:

Direct conversion, Phase-in approach, Pilot start-up, or

Parallel start-up.
• Direct Conversion: A cutover strategy that
involves stopping the old system and starting
the new system on a given date; also called
plunge or direct cutover.

• Phase-in Approach: A cutover strategy

that involves slowly replacing components
of the old system with those of the new
one; this process is repeated for each
application until the new system is running
every application and performing as
expected; also called a piecemeal approach.

• Pilot start-up: A cutover strategy that involves running the complete new system for one
group of users rather than for all users.

• Parallel start-up: A cutover strategy that involves running both the old and new systems for
a period of time and closely comparing the output of the new system with the output of the
old system; any differences are reconciled. When users are comfortable that the new system
is working correctly, the old system is eliminated.
System Operation and Maintenance
The steps involved in system operation and maintenance are: Operation, Maintenance,
and Disposal
System Operation involves the use of a new or modified system under all kinds of
operating conditions. Getting the most out of a new or modified system during its
operation is the most important aspect of system operations for many organizations.
Monitoring: Is the process of measuring system performance by tracking the number of
errors encountered, the amount of memory required, the amount of processing or CPU
time needed, and other performance indicators. If a particular system is not performing
as expected, it should be modified or a new system should be developed or acquired .
System performance products can measure all components of an information system,
including hardware, software, database, and network systems.
System Review: Is the process of analyzing a system to make sure it is
operating as intended. System review often compares the performance and
benefits of the system as it was designed with the actual performance
and benefits of the system in operation.

Maintenance
System Maintenance is a stage of system development that involves changing and enhancing
the system to make it more useful in achieving user and organizational goals. Reasons for
program maintenance include the following:
• Poor system performance, such as slow response time for frequent transactions
• Changes in business processes
• Changes in the needs of system stakeholders, users, and managers
• Bugs or errors in the program
• Technical and hardware problems
• Corporate mergers and acquisitions
• Changes in government regulations
• Changes in the operating system or hardware on which the application runs
The maintenance process can be especially difficult for older software. A legacy system is an old
system, which might have cost millions of dollars to develop, patch, and modify over the years.
The maintenance costs for legacy systems can become quite expensive, and, at some point, it
becomes more cost effective to switch to new programs and applications than to repair and
maintain the legacy system.
System-maintenance efforts
This chart shows the relative amount of change
and effort associated to test and implement
slipstream upgrades, patches, releases, and
versions

Slipstream Upgrade: A minor system upgrade-typically a code adjustment or minor bug fix; it
usually requires recompiling all the code, and in so doing, it can create entirely new bugs.
Patch: A minor system change to correct a problem or make a small enhancement; it is usually
an addition to an existing program.
Release: A significant program change that often requires changes in the documentation of the
software.
Version: A major program change, typically encompassing many new features

Disposal

System Disposal: A stage of system development that involves those activities that ensure the
orderly dissolution of the system, including disposing of all equipment in an environmentally
friendly manner, closing out contracts, and safely migrating information from the system to
another system or archiving it in accordance with applicable records management policies.
The steps involved in system disposal

1. Communicate intent.
2. Terminate contracts.
3. Make backups of data.
4. Delete sensitive data.
5. Dispose of hardware.
Communicate Intent A memo communicating the intent to terminate the information system
should be distributed to all key stakeholders, months in advance of the actual shutdown. This
ensures that everyone is aware of the shutdown and allows time for them to convert to the new
system or process replacing the terminated system. For example, the Microsoft Windows XP
operating system was released in 2001. Microsoft announced in September 2007 that it would end
support of this popular operating system in April 2014.
Terminate Contracts The various vendors who provide hardware, software, or services
associated with the information system must be notified well in advance to avoid any penalty fees
associated with abrupt termination of a contract.
Make Backups of Data Prior to deleting files associated with the system, backup copies of data
must be made according to the organization’s records management policies.

Delete Sensitive Data Extreme care must be taken to remove customer, employee, financial,
and company-sensitive data from all computer hardware and storage devices before disposing
of it. When a file is deleted, the bits and pieces of the file physically stay on a computer hard
drive until they are overwritten, and they can be retrieved with a data recovery program. To
remove data from a hard drive permanently, the hard drive needs to be wiped clean. The
program used should overwrite or wipe the hard drive several times. An alternative is to
remove the hard drive and physically destroy it.

Dispose of Hardware After backing up and then removing data from drives, members of the
project team can dispose of obsolete or damaged computer hardware. Governments,
environmental agencies, and leading hardware manufacturers are attempting to reduce
hazardous materials in electronic products; however, some hardware components still contain
materials that are toxic to the environment. Responsible disposal techniques should be used
regardless of whether the hardware is sold, given away, or discarded. Many computer
hardware manufacturers including Dell and HP have developed programs to assist their
customers in disposing of old equipment.
User Acceptance Testing for New Accounting System
You are a member of the finance and accounting organization of a midsized sporting goods
retailer. You are knowledgeable of all facets of your firm’s current accounting systems and have
been working in accounts receivable for the past three years. The firm is implementing a new
cloud-based accounting system to handle general ledger, accounts payable, accounts receivable,
and payroll tasks. You have been selected to plan and lead the user acceptance testing for the
accounts receivable portion of the system. This will be a full-time activity for you over the
next two-to-three months, and during that time, other employees will fill in to take care of most
of your day-to-day responsibilities.