IT Examiner School

Risks Primary risks of acquisition projects:

• Inadequately defined requirements • Inadequate vendor assessment • Inadequate product assessment • Inadequate product testing • Inadequate review of contract agreements

The risk of software acquisition, and extent of mitigating controls, will vary depending on nature and criticality of the supported business function

Categories of Software

Off the Shelf • A generic software package with no customization

Customized Package • Still mainly a generic package, but one that can and will be customized by the vendor to better meet your requirements

Custom Code • A package that is written by the vendor to specifically meet your requirements