Information Technology Audits

An Information Technology Audit examines and evaluates the information system of an organization. Audits can be made to check whether various parameters, like any people, a company, a building, a system or a document that are been used by people is correct. With the help of evidences IT audit states whether the IT controls are safeguarding corporate virtue, ensuring data integrity, confidentiality and availability of data in an IT Infrastructure.

Information Technology Controls

Information Technology controls are used to meet the business goals and objectives. In Information Technology Audit IT controls objectives are almost similar to the availability, confidentiality, and integrity of data in the business enterprise. There are two types of IT controls as follows,

1. ITGC (Information technology general controls)

2. ITAC (Information technology application controls)

IT general controls are used to have control over the information technology environment, access to programs and data, changes in the program, computer operations performed, program change and program development. IT application controls are used to process transaction.

The COBIT Framework

Cobit stands for Control objectives for Information Technology. It is a framework made by International professional association ISACA (Information system audits and control associations) to govern and manage the Information technology. Cobit was promoted by the IT governance institute. 

Cobit was first released in 1996 as COBIT1, by ISACA as a set of control objectives for financial audit. ISACA then released COBIT2 in 1998, and expanded it further with management guidelines in 2000 as COBIT3. Later in 2005 and 2007, COBIT 4.0 and COBIT 4.1 were released respectively with IT governance controls. In 2012, COBIT 5 was released which included functionality of cobit 4.1, Val IT and Risk IT as one framework, which acts as associate framework for enterprise to operate along with other framework and standards.

Conclusion:

Basically, IT audit is evaluation and examination of IT Fundaments, operations and policies for an organisation. Information Technology audit look over whether IT controls safeguards corporate virtue, to ensure sincerity and achieve business goals. COBIT is a set of processes to manage Information Technology, and each processes include process input and output, process objectives and performance measures.

About Author:

Vinita Vaishnav is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: vinita.vaishnav@spluspl.com

Why Not Pair Testing?

There is a long available concept for pair programming. Pair programming in one form of agile software development technique wherein 2 developers code together on one machine. Out of the 2 developers, one is acts like a driver and other like a navigator or an observer.

The job of the driver is to code and the job the navigator is to review each line of as and when it is typed. The 2 developers can switch roles on need basis. This method is implemented for decades and has increased the quality of software’s by reducing the amount of bugs and errors. Pair programming can be stated to be as one of the successful techniques of software development. If this technique has proven to be efficient in software development, why not use this technique in testing. Hence the title, why not pair testing?

There are various steps and entities involved when it comes to testing a software application. There are several rounds of testing involved. 

BA testing is purely functional and logical testing of the application. More emphasis and focus is on testing the functionality, business logic and GUI aspects. But when it comes to QA testing, the spectrum widens to encompass not only the functionality, business logic and GUI but also load, quality, validations, unit, smoke, sanity, system integration, regression, security, etc.

Yet, there are many similar loop holes that the BA and QA are trying to find while testing a software application. Combined forces together, BA and QA can effectively reduce the amount of time that is required to test the application. This will provide more time for the developers to fix the issues that come up during pair testing. Also, lot of knowledge and techniques is shared between the BA and QA when they test a build together. It also helps to come up with multiple scenarios including negative test cases. The testing is validated by 2 people instead of 1 which increases the reliability of testing. Improves bonding between teammates. Pair testing can also be seen as an opportunity to train new member in the team.

Pair testing can also be done in various combinations wherein a developer is also involved in testing. However, the prime job of the developer is to code and not to test so it is better that the developer’s time is more utilized in coding and unit testing rather than in pair testing.

Conclusion:

Pair testing is a good option in projects where time is less and more emphasis is on testing. It is better to have 4 eyes finding defects rather than 2. In projects where time is not a constraint, 1 round of pair testing can be done followed by individual rounds of BA and QA testing or vice versa.

About Author:

Sachin poojary is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, he actively contributes to the areas of Technology and Information Security. He can be contacted at: sachin.poojary@spluspl.com

Pre Sales: Arty Marketing

Pre sales as a process defines a set of activities carried out before a customer is acquired, though sometimes pre sales also extends into the period the product or service is delivered to the customer.

The use of pre sales gives an educated overview of sales made due to pre sales and an educated guess of future sales. This marketing technique helps insure more number of services needed so that the business does not exhaust resources in services when they are not being utilized, thereby reducing waste and loss.

Pre sales in all of its many forms is truly an art. There are methodologies behind its success but practicing those methods and studying them alone won’t get you far past good. To be great you need to invest effort into the technology, the business, and most importantly your personal style.

The role of pre sales falls right in the middle of marrying the customer needs to the (provider) company's services or products. This role is especially crucial in Software industries because the products and services are often heavily customizable and also because the requirements of different customers are often unique.

A typical Sales Process includes:

• Product Knowledge
• Prospecting
• Approach
• Needs Assessment
• Customer Presentation
• Sales Close
• Follow Up

Of the above, pre sales is involved in:

• Product Knowledge
• Needs Assessment
• Customer Presentation
• Sales Close

Why Pre Sales?

• Keeping a customer happy is more than matching customer’s needs with the right technical solution. Customers expect vendors to provide them best partnership in meeting their evolving business needs.
• The complex process of bidding involves intelligent negotiation on price, scope of work, schedule and other contract requirements.
• Sales will not have the required technical knowledge to design proposal and provide solution.
• Delivery heads may not have skills to match customer’s business needs with the right technical solution.

Pre Sales Engineering

The task of a pre sales person starts from the initial contact phase and often ends once the customer is acquired. In some cases, pre sales also provide some initial or transitional support post sale.

As Joe Onisick suggests, the 5 rules of Pre Sales Engineering are:

• You are a member of the sales team.
• You are not a salesperson.
• You must be Business Relevant.
• You must be Technically Knowledgeable.
• Know your audience.

These are really rules of thumb that should be used to get into the right mind-set when engaging with customers in a pre sales fashion.

Like any other art pre sales must be practiced. One must study the products and services your company sells, develop your presentation skills, and constantly work on your communication.

While presenting to customers, a pre sales engineer should start by painting a picture for them, start with broad strokes outlining the technology and add detail to areas that the customer shows interest in. Drill down into only the specifics that are relevant to that customer, this is where knowing your audience is key.

The conversation with the customer should go as provided in above diagram. Begin at the top level big picture and drill down into only the points that the customer shows an interest in or are applicable to their data centre and job role.

Conclusion:

Pre sales is a skill set that must be practiced. Create your own dynamic style and method that works for you and don’t hesitate to change or modify them as you find areas for improvement. The more you practice, the better value you deliver to your customer, team and organization.

About Author:

Sonam Anand  is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: sonam.anand@spluspl.com

Factors ruling the SLA Management

Service Level Agreement can be explained as an official commitment between a service provider and the customer. It is the key component of the SLM (Service Level Management) Strategy. It stands as a communication link between the two entities to build the expectation bridge. SLA functions as a mutual agreement between an organization and its customer’s expectations. It draws a clear outline for customers receiving services and suppliers providing them.

Service level agreements are also defined at different levels:

• Client-based SLA: Defined basis the customer requirement and needs.
• Service-based SLA: A generic SLA defined basis the services being delivered by the service provider. 
• Hierarchy- based SLA: Defined based on the hierarchical level of the customers for the same SLA and the same service.

Factors that drive for developing an SLA with customers are listed below: 

• New SLM strategy implemented by the IT organization
• New Technology/Product going live
• IT Services delivery concerns raised by customers 

Defining an SLA is a combined effort of many factors. Few major factors to be considered are: 

1. Service Description

2. Service Standards

3. Timespan 

4. Roles and responsibilities

5. Evaluation criteria

1. Service Description: 

Writing specific descriptions of your services leads to an affirmation to your customers that you know what they need. A very good practice is, creating a service catalog that provides a better picture of services that can be offered to clients easily. A catalog should contain all of the services that one can provide to its customers, including applications, infrastructure, and other business functions. A service catalog is a separate document that needs to be accessible to your customers.

As a practice in our organization, we provide a documented severity matrix as part of the SOW for approval. This matrix contains the severity level and description for various types of support request that we are adhered to provide to the customer. For example, a request such as ‘System Down. Application not accessible to all users’ is considered as high impact issue and needs immediate action. Whereas a request such as ‘System not accessible to a single user’ can be considered as medium impact issue and expected SLA may be between 1-2 working days.

2. Service standards: 

Next factor that needs to be defined is the Service Standard. This factor helps us set our organizations standards for our customers, which would include concepts like support availability, response and resolution times. For example, if our customer’s business hours for support is from 8:00 A.M. to 5:00 P.M. CET as per the agreement, then we provide support to their business processes during the same time. 

Also, one needs to consider disaster recovery or emergency services that can be offered to the customers. Other standards such as response times and resolution times also need to be considered as services. The type of services or severity of a request may differ from business to business. 

3. Timespan: 

A start and end date of an SLA should be mentioned and communicated to the customers. The duration that is communicated needs to be explicitly declared against the service list and the type of service that we as an organization will cater to the customer.

For example, if a particular product support is to be provided for 18 months and the product license expires within 12 months then, the communicated SLA duration is not aligned as expected.

4. Roles and responsibilities: 

Assigning a contact person is one of the obligations that the organization and its client is responsible for. A well-aligned contact hierarchy with roles and responsibilities streamlined as per the process and customer needs is the key to managing your customer’s effectively and efficiently. 

A customer representative also plays a very important role in the purposes of discussing and negotiating the delivery of IT services. It is suggested that the customer representative should be from the organization. For example, an IT Head would be the right person to negotiate the project cost and define the scope of the project. Whereas, an IT executive will be the right person to understand the exact activities that are carried within the department to maintain required support supply for an organization.

5. Evaluation criteria: 

The best way to see your success is to measure it. So is the case with Service industry. An evaluation criteria, will determine how well your IT organization is performing. An important suggestion is to set the measuring criteria with the consent of your customers. You need to have appropriate tools to track the progress of the services offered to meet your customer’s expectations. 

A mutual goal agreement benefits you and your customer to determine how they will judge the service received rather than guesswork based solutions. Nowadays, customers are driven by meaningful and result oriented metrics. As a best practice in our organization, a status on a regular basis is shared with the customers on the services provided on monthly basis. Also, the expectation metrics is shared with the execution and delivery team to confirm their compliance towards the service delivery standards.

Conclusion: We should consider the evolving environment for service industry and set the SLA goals accordingly. Gaining customer consensus is one of the key criteria for a successful SLA management.

About Author:

Mrudula Palyekar is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at:   mrudula.palyekar@spluspl.com

Build SSRS Project OR Solution with MSBuild by customizing build template

In build definition, there is trigger option called “Gated Check-in”. When this option is selected in build definition, any check-in happened in the associated workspace will trigger a verification build. Once the build succeeds, the code changes will be submitted to the repository and the projects related folder are created on the build drop location. Microsoft MS build support only web project to be built during this process.

During the deployment process in release management, I wanted to build the SSRS project along with my other projects during the gated check-in build. But unfortunate MS build (in my case MS Build v12.0) doesn’t support to build the SSRS project during gated check-in trigger.

So to get published SSRS report files along with web project I customized the build template process and added the customs process flow to build SSRS project.

Here are the simple steps to include SSRS project into build template process to build along with other projects.

Steps 1 #

Download your default build template and save it on your local machine.

Steps 2 #

After download, your template, create a new Activity library project and add your default template in the project.

Steps 3 #

Double click on template XAML file and add new “Invoke process” after “Run MSBuild” activity as showing in below image. Here we forcefully invoke our custom process to build the solution to include SSRS project in the build process.

Steps 4 #

Set following Invoke process properties value.

Sr.No	Name	Value
1.	Arguments	"/Build Release """ + SourcesDirectory + "\My.sln"""
2.	FileName	"""C:\Program Files (x86)\Microsoft Visual Studio  12.0\Common7\IDE\devenv.exe"""
3.	OutputEncoding	System.Text.Encoding.GetEncoding(System.Globalization. CultureInfo.InstalledUICulture.TextInfo.OEMCodePage)

Note:-  “SourceDirectory “ is the system variable.

After completing above process, build the Activity project to check any compiled time error.

Steps 5 #

Once invoke process will build the SSRS project, we have to copy build files (here .rdl report files) from source control’s bin directory to drop folder.

Add the activity to create the directory and to copy the files.

Create SSRS Directory

Directory : BinariesDirectory + "\_PublishedWebsites\" + "Reports"

Copy SSRS Reports

Destination : BinariesDirectory + "\_PublishedWebsites\" + "Reports"

Source : SourcesDirectory + "\Report\bin\Release"

Note:- “SourceDirectory “ and “BinariesDirectoy” are the system variable.

Steps 6 #

Once done with above steps, add custom template into TFS source control folder so that it’s easily available to set as an active template.

Set modified template as a current template and trigger the check-in with Gated check-in option.

After setting custom template do one check-in with gated check-in trigger option.

It should copy the reports files (.rdl) in your build drop location.

I hope above steps will help you to build SSRS project file using gated check-in trigger.

About Author:

Pushkar Rathod is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, he actively contributes to the areas of Technology and Information Security. He can be contacted at: pushkar.r@spluspl.com

Locators in Selenium

Selenium uses locators to find and match the elements on your web page. There are multiple ways to find elements on the web page through locators. 

There are 8 locators used in Selenium and they are:

No.	Locator
1	ID
2	NAME
3	LINKTEXT
4	PARTIAL LINKTEXT
5	TAG NAME
6	CLASS
7	CSSPATH
8	XPATH

Now let’s see how the elements are identified in Selenium by using the various locators mentioned in the above table. 

• Locating an Element By Id: 

Locating an element with ID is the most efficient and preferred way. ID will be unique on a web page which can be found easily. 

From the performance point of view the IDs are the fastest and safest locator option available at any given point. E.g. an Employee ID will be unique.

Code Example:

<input class="form-control" id="username" maxlength="50" name="username" placeholder="User Name" type="text" value="">

In the above code the element can be identified by id which is as below

id = “username”

Selenium Script:

The Selenium script to identify the element username will be.

WebElement user_ID = driver.findElement(By.id(“username”));

Many a times the ID’s are generated dynamically on runtime, in that case we need to choose another locator from the above list. 

• Locating an Element By Name: 

The next worth seeing if the desired element has a name attribute and if there is no id attribute to use. But most of the time name is not unique then selenium will perform or display first matching element for multiple names. 

Code Example:

<input class="form-control" name="username" maxlength="50" placeholder="User Name" type="text" value="">

In the above code example the element can be identified by name which is as below

name = “username”

Selenium script:

WebElement name = driver.findElement(By.name(“username”)); 

• Locating an Element By LinkText: 

Locating an element by Link text if there is unique link text on whole web page otherwise selenium will perform action on first matching web element. It is very easy to use and find link to locating an element.

Code Example:

<a href="https://www.tutorialspoint.com" target="_self">Click Here</a>

In the above code the element can be identified by link text which is as below LinkText = Click Here

Selenium Script:

WebElement ClickHere_Link = driver.findElement(By.LinkText(“Click Here”)); 

• Locating an Element By Partial LinkText: 

As name suggested user can provide partial text of the link to locate an element in the same way as Link text. 

User can provide partial link text to locate an element.

Code Example:

<a href="https://www.tutorialspoint.com" target="_self">Click Here</a>LinkText = “Click Here” 

PartialLinkText = “Click”

Selenium Script:

WebElement Download_Link = driver.findElement(By.PartialLinkText(“Click”));

• Locating an Element By TagName: 

Locating an element with Tagname is mostly used with Group elements like, Select and check-boxes / dropdowns. 

Code Example:

<Select>

<option value=”USA”> Volvo </option>

<option value=”UK”> Saab < /option>

<option value=”INDIA”> Maruti < /option>

</select>

TagName = “Select”;

Selenium script:

String dropdown = driver.findElement(By.tagName("select")).getText() 

Locating an Element By ClassName: 

There may be multiple elements with the same class name on the same web page, if we just use findElementByClassName, then make sure it is only one. If not then you need to extend using the class name and its sub elements. 

Code Example:

<h1 class="SampleClass"> class </h1>

Selenium Script:

WebElement class_test =driver.findElement(By.className(“SampleClass”));

• Locating an Element By CSS Selector: 

CSS is "Cascading Style Sheets" and it’s mainly used to provide style rules for the web pages. We can use for identifying one or more elements in the web page using CSS. 

If you start using CSS selectors to identify elements, you will love the speed when compared with XPath. Check this for more details on CSS Selectors examples. We can you use CSS Selectors to make sure scripts run with the same speed in IE browser. CSS selector is always the best possible way to locate complex elements in the page. 

Code Example:

<input class="form-control" id="email" maxlength="50" name="username" placeholder="User Name" type="text" value="">CSS = input[id=email]

Selenium Script:

WebElement CheckElements = driver.findElements(By.cssSelector("input[id=’email’]"));

• Locating an Element By XPath: 

XPath is defined as XML (Extensible markup language) path. Find a web element by using XPath locator. It’s done by using HTML DOM structure. 

Syntax for creating XPath:

XPath = //tagname[@Attribute=’Value’]

There are 2 type of XPath 

1. Absolute path 

These XPath start with single forward slash (/), which means its start from root node.

Example: 

/html/body/table/tr/td/td/h4/b 

This XPath is easy to use but if there is any change in path of the element then the whole XPath fails. 

2. Relative path 

These XPath starts with double forward slash (//), which means you can start from any part from the middle of a HTML DOM structure. It can search the element anywhere from webpage. 

//div[@id=‘username’]

Code Example:

In the above image we need to find the XPath for Google logo this we can get directly under fire-path (which is Firefox Add-ons) or we can write from HTML code.

XPath = //div[@id=‘hplogo’]

Selenium Script:

WebElement Google_logo = driver.findElements(By.xpath("//div[@id=‘hplogo’]));

About Author:

Roshni Deshmukh is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: roshni.deshmukh@spluspl.com