Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Regulations

Risk

Standards

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

AI7.2 - Test Plan

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective AI7.2 - Test Plan is contained within Process Popup Install and Accredit Solutions and Changes.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
2 Members
0 Online
815 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Points: 3

Test Plan

Establish a test plan based on organisationwide standards that defines roles, responsibilities, and entry and exit criteria. Ensure that the plan is approved by relevant parties.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Commitment of key stakeholders
  • Minimised business interruptions resulting from system processing failure
   Risk Drivers
  • Insufficient testing by automated test scripts
  • Performance problems undetected
  • Lack of cost control over testing activities
  • Undefined testing roles and responsibilities

View Control Practices  help

Hide Control Practices  help

  1. Develop and document the test plan, which aligns to the project quality plan and relevant organisational standards. Communicate and consult with appropriate business process owners and IT stakeholders.
  2. Ensure that the test plan reflects an assessment of risks from the project and that all functional and technical requirements are tested. Based on assessment of the risk of system failure and faults on implementation, the plan should include requirements for performance, stress, usability, pilot and security testing.
  3. Ensure that the test plan addresses the potential need for internal or external accreditation of outcomes of the test process (e.g., financial regulatory requirements).
  4. Ensure that the test plan identifies necessary resources to execute testing and evaluate the results. Examples of resources include construction of test environments and staff for the test group, including potential temporary replacement of test staff in the production or development environments. Ensure that stakeholders are consulted on the resource implications of the test plan.
  5. Ensure that the test plan identifies testing phases appropriate to the operational requirements and environment. Examples of such testing phases include unit test, system test, integration test, user acceptance test, performance test, stress test, data conversion test, security test, operational readiness, and backup and recovery tests.
  6. Confirm that the test plan considers test preparation (including site preparation), training requirements, installation or an update of a defined test environment, planning/performing/documenting/retaining test cases, error and problem handling, correction and escalation, and formal approval.
  7. Ensure that the test plan establishes clear criteria for measuring the success of undertaking each testing phase. Consult the business process owners and IT stakeholders in defining the success criteria. Determine that the plan establishes remediation procedures when the success criteria are not met (e.g., in a case of significant failures in a testing phase, the plan provides guidance on whether to proceed to the next phase, stop testing or postpone implementation).
  8. Confirm that all test plans are approved by stakeholders, including business process owners and IT, as appropriate. Examples of such stakeholders are application development managers, project managers and business process end users.

 

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 69 total

Must be a Topic member to contribute
View All »
Books
Effective Project Management: Traditional, Agile, Extreme, 6th Edition
Posted by ISACA 13 days ago
Books
ITIL Service Management: Implementation and Operation
Posted by ISACA 19 days ago
ICQs and Audit Programs
IT Strategic Management Audit/Assurance Program (Dec 2011)
Posted by ISACA 26 days ago
Books
Information Security Roles & Responsibilities Made Easy, Version 3.0
Posted by ISACA 34 days ago
Books
IT Project Management: 30 Steps to Success
Few businesses could function effectively without their IT systems. At the same time, they depend on IT for more than their day-to-day operations.
Posted by ISACA 56 days ago
Books
An Executive Guide to IFRS: Content, Costs and Benefits to Business
International Financial Reporting Standards have been mandatory in the EU since 2005 and are rapidly being adopted by countries throughout the world.
Posted by ISACA 56 days ago
View All »

Events & Online Learning: 7 total

View All »
7 May 2012
ISACA International Event
North America CACS 2012
Orlando, Florida, USA
Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s North America CACS Conference.
More »
Add to my Outlook
12 Jun 2012
ISACA International Event
Training Dallas Texas USA
Dallas, Texas, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
7 Aug 2012
ISACA International Event
Training Chicago Illinois USA 2012
Chicago, Illinois, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
11 Sep 2012
ISACA International Event
Training San Francisco California USA
San Francisco, California, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
2 Oct 2012
ISACA International Event
Training Orlando Florida USA
Orlando, Florida, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
6 Nov 2012
ISACA International Event
Training New York NY USA
New York, New York, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
View All »

Journal Articles: 105 total

View All »
Volume 3, 2012
Project Portfolio Management
by Aarni Heiskanen, LJK
A program or project portfolio explains how an organization is implementing its strategy with projects.
Volume 3, 2012
Cloud Computing as an Integral Part of a Modern IT Strategy
by Kai-Uwe Ruhse, CISA, PCI QSA, and Maria Baturova
This article describes real cloud computing project case studies, which show that moving to the cloud is an important strategic decision for IT managers.
Volume 3, 2012
A Primer on Nonrelational, Distributed Databases for IS Professionals
by Steve Markey
Once thought of as a technology solely for academia, non-RDBMS are now reaching critical mass in industry.
Volume 2, 2012
A Case for a Partnership Between Information Security and Records Information Management
by Kerry A. Anderson, CISA, CISM, CRISC, CGEIT, CISSP, ISSMP, ISSAP, CSSLP, CFE
The closer alignment between RIM and information security may provide an approach to managing increasing data protection concerns and tough privacy regulations rather than maintaining the separation between these critical compliance functions.
Volume 2, 2012
Testing Controls Associated With Data Transfers
by Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This article addresses some of the IT audit issues associated with data transfers.
Volume 2, 2012
JOnline: Customer Relationship Information Technology Internal Control and Security Framework
by Robbie Sauerberg, Weston Smith and Jonathan Tudor, CCNA
This article first describes the benefits of CRM systems and identifies risk areas inherent in CRM systems that threaten the benefits an organization can receive from a CRM system.
View All »

User Contributed External Links: 0 total

Wikis: 2 total

Blog Posts: 8 total

View All »
17 Aug 2011
IT Security
Posted By : masarker | 0 comments
5 Jul 2011
APT Defense Strategy
APT Defense Strategy   By Kevin J. Murphy, CISSP, CISM, CGEIT September 30, 2010 WHAT IS APT? APT is an acronym for Advance Persistent Threat.  Isn’t that descriptive?  In reality there is a lot behind the APT which might not be that obvious from underst...
Posted By : Kevin J. Murphy | 1 comments
17 Jun 2011
Discover Unstructured processes
These are five possible ways to discover Unstructured Processes. Regulatory and Compliance processes - People-intensive processes that are kicked off as a result of an external regulatory body and these processes tend to be ad-hoc & on-going change, but...
Posted By : Varun | 1 comments
12 May 2011
Welcome to ITGA Blog
ITGA Blog focused IT Governance & IT Architecture Experiences.Here, you will can to learn more about theses topics. Regards,Roberto ArteiroITGA Editor.
Posted By : Roberto Arteiro | 1 comments
17 Feb 2011
Data Protection in the Cloud
There is no shortage of cloud storage providers but the data security story varies widely among them.  How can enterprise customers be assured that their data will remain confidential?  Many cloud storage providers rely on outsourced system administrators...
Posted By : Kevin J. Murphy | 1 comments
21 Dec 2010
Firma del convenio entre PMI Valencia e ISACA Valencia
Se potencia la relación mutua y se acuerda la promoción del Sector TIC de la Comunidad Valenciana. La semana  pasada se llevó a cabo la firma de un convenio de colaboración entre los capítulos valencianos de las asociaciones más importantes a nivel mundia...
Posted By : JavierPeris.Org | 0 comments
View All »
Report An Issue