Naslov
Auditing of risk and quality in information systems development
(Provjera rizika i kvalitete tijekom izgradnje informacijskih sustava)

Autori
Trad, Antoine

Vrsta, podvrsta i kategorija rada
Ocjenski radovi, doktorska disertacija

Fakultet
Fakultet elektrotehnike i računarstva

Mjesto
Zagreb

Datum
03.05

Godina
2002

Stranica
190

Mentor
Kalpić, Damir

Ključne riječi
audit; project; risk; reengineering; information system
(provjera; projekt; rizik; restrukturiranje; informacijski sustav)

Sažetak
The introduction explains reasons and importance of information systems auditing throughout all the phases of design, implementation and maintenance. The author introduces his own step-by-step method called ISRQC, as an abbreviation of Information System Risk and Quality Check. It takes into account costs, time, quality, volume and feasibility of information system projects. The second chapter presents the basic ideas of the ISRQC method and describes author's personal experience and related works in this field. In sequence, an overview of some methods and publications dealing with information systems is given, together with argumentation for introduction of ISRQC. A comparison between some known auditing and quality assurance methods is given. A proper comparison of ISRQC to the other methods results with a list of advantages and disadvantages of the proposed method. At the end of this chapter preferable characteristics of an auditor are exposed. The third chapter is the crucial part of the thesis, describing to details the ISRQC components: organisation, decision-making and information technology. A detailed description follows, consisting of 37 weighted factors, identified by the author as relevant for success of an information system project. A list of 16 identified weighted problem types follows. Factors are put to a causal relation to the problems. There are 16 identified typical constraints, which are also weighted. In addition, 15 weighted actions are listed. The actions are related to the problems. The solutions result from the corresponding actions. The global solution is represented by a tree structure. The global view is dismembered into 10 partial views: team, technical, domain, security, design, organisational, financial, legal, political and the audit view. The views and adjacent block diagrams are described. Finally, the global view is described together with an incidence table of views to factors. In the fifth chapter, the author describes his personal experience in the information system project aimed for an insurance company from Winterthur, Switzerland. The steps of the method are illustrated to detail using realistic data. The worldwide experience of high failure rate of information system projects is analysed and the role of ISRQC to alleviate this problem is proposed in the conclusion. The appendices abound with valuable information, which is complementary to the thesis main text. They consist of an adequate description of author's personal experience, a selection and review of proceedings and methods, the practices of known institutions and standards and the related bibliography. Based upon the evaluation of the submitted thesis, this Commission concludes: The practical experience worldwide shows that more than 70% of complex information systems eventually fail, which is an optimistic estimation. This dissertation makes a contribution to the audit proceedings during the whole lifespan of an information system, with the aim to reduce the risk of failure and to increase the quality. It is based upon the rich professional experience of the author, his acquaintance with the related literature and upon his ability for creative scientific achievement. The submitted thesis is a contribution to the methods and proceedings aimed to timely and steadily check the risk and the quality, in order to lower the probability of unfavourable outcome of an information system project. The dissertation deals with an important topic because even a slight improvement of success rate results in considerable savings of money and effort.

Izvorni jezik
Engleski

Znanstvena područja
Računarstvo

POVEZANOST RADA