Standardization of information systems development processes and banking industry adaptations

This paper examines the current system development processes of three major Turkish banks in terms of compliance to internationally accepted system development and software engineering standards to determine the common process problems of banks. After an in-depth investigation into system development and software engineering standards, related process-based standards were selected. Questions were then prepared covering the whole system development process by applying the classical Waterfall life cycle model. Each question is made up of guidance and suggestions from the international system development standards. To collect data, people from the information technology departments of three major banks in Turkey were interviewed. Results have been aggregated by examining the current process status of the three banks together. Problematic issues were identified using the international system development standards.

💡 Research Summary

This study investigates how well three leading Turkish banks align their information‑system development processes with internationally recognized software engineering standards. Recognizing that the banking sector faces heightened regulatory scrutiny, security demands, and competitive pressure to deliver reliable digital services, the authors set out to identify systematic gaps between current practice and best‑practice guidelines.

The authors first performed a comprehensive literature review of major standards such as ISO/IEC 12207 (software lifecycle processes), ISO/IEC 15504 (process capability assessment), IEEE 1471 (architectural description), and CMMI. From these documents they extracted process‑oriented clauses that directly relate to the phases of a classical Waterfall lifecycle: requirements, design, implementation, testing, and maintenance. Each clause was transformed into a questionnaire item consisting of a “guidance” statement (what should be done) and a “suggestion” (how it could be implemented). In total, 45 items were created, covering topics such as requirements traceability, architectural documentation, coding standards, test planning, change control, and quality assurance.

Data were collected through semi‑structured interviews with IT staff responsible for system development in each bank (typically two to three senior developers or project managers per institution). Interviewees were asked to evaluate each item against their most recent projects, indicating whether the practice was fully compliant, partially compliant, or non‑compliant with the referenced standard. Responses were transcribed, coded, and aggregated across the three banks to produce a comparative compliance matrix.

The analysis revealed a consistent pattern of under‑performance across all institutions. In the requirements phase, traceability matrices and formal change‑request logs were either missing or only loosely maintained, violating ISO‑defined traceability requirements. The design phase suffered from insufficient architectural documentation; banks rarely produced the multi‑view models (logical, development, physical) prescribed by IEEE 1471, leading to ambiguities during later testing and maintenance. Implementation practices showed limited use of coding standards and static analysis tools, contrary to ISO 12207’s emphasis on product quality. Testing was often ad‑hoc, with test plans and test case repositories not systematically linked to requirements, breaching the test‑design linkage mandated by the standards. Change management was especially problematic: approvals and impact analyses were conducted informally via email or instant messaging, resulting in undocumented or poorly evaluated modifications. Finally, quality assurance activities were heavily front‑loaded toward the end of projects, missing the opportunity for early defect detection that standards advocate.

The authors attribute these gaps to three interrelated factors. First, organizational culture in the banks places limited emphasis on formal standards, viewing them as bureaucratic overhead rather than value‑adding mechanisms. Second, there is a skills deficit; many developers lack training in the tools and techniques required to operationalize standards (e.g., requirements‑management suites, architecture modeling tools, automated testing frameworks). Third, the strict Waterfall orientation of existing processes hampers responsiveness to rapidly changing business needs, creating tension between compliance and agility. Additionally, regulatory constraints specific to the Turkish banking sector sometimes lead to parallel, non‑standardized procedures that further dilute standard adoption.

Based on these findings, the paper recommends a phased standard‑adoption roadmap. Immediate actions include establishing a concise checklist for each lifecycle phase, integrating automated traceability tools, and adopting a baseline set of coding and testing standards supported by continuous‑integration pipelines. Mid‑term measures involve formal training programs, internal audit mechanisms to monitor compliance, and the introduction of a hybrid development model that blends Waterfall’s documentation rigor with Agile’s iterative feedback loops. Long‑term, the banks should pursue certification against a recognized process‑maturity model (e.g., CMMI Level 3) to institutionalize continuous improvement.

The study concludes that aligning bank development processes with international standards can significantly reduce rework, improve security posture, and enhance overall project predictability. However, successful implementation requires cultural change, investment in tooling, and a flexible process framework that reconciles regulatory demands with modern software‑engineering practices. Future research is suggested to expand the sample size, incorporate quantitative performance metrics (time, cost, defect density), and evaluate the impact of standard adoption over multiple development cycles.