Explanation
The design phase of the system development life cycle (SDLC) is where an IS auditor would expect to find that controls have been incorporated into system specifications, because this is where the system requirements are translated into detailed design specifications that include the technical, functional, and security aspects of the system34. The implementation phase is where the system is deployed and tested, the development phase is where the system is coded and unit tested, and the feasibility phase is where the system objectives and scope are defined. References: 3: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2 4: CISA Online Review Course, Module 4, Lesson 2

The best time to initiate the discussion of application controls is during the Application Design phase, when the process functionalities are finalized. This is according to the ISACA CISA Study Manual, which states, "Application controls should be discussed during the design phase and implemented in the development of the system." (ISACA CISA Study Manual, 26th Edition, Section 4.2.2, Page 4.27)

Using capacity-monitoring software to monitor usage patterns and trends enables management to properly allocate resources and ensure continuous efficiency of operations.