1 / 22

Software Process Reviews/Audits

Software Process Reviews/Audits. Process Overview. by Tom Gilchrist , CSQA, CSQE,. Before we start…. SQA Context Overview of SW Audit Process SW Audit Examples. Information in this presentation are my opinions and not necessary those of my employer. Some Terms/Ideas. Process

omer
Download Presentation

Software Process Reviews/Audits

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Software Process Reviews/Audits Process Overview by Tom Gilchrist, CSQA, CSQE,

  2. Before we start… • SQA Context • Overview of SW Audit Process • SW Audit Examples Information in this presentation are my opinions and not necessary those of my employer. 2

  3. Some Terms/Ideas • Process • Deterministic vs. Non Deterministic • Quality vs. Value 3

  4. Software Quality Assurance • Check software products and processes to verify that they comply with the applicable procedures and standards. (Process Reviews or Audits) • Review and measure the quality of software products and processes throughout development. (Dynamic & Static Testing) • Provide software project management (and other appropriate parties) with the results of reviews and process checks. • Work with the software project during early stages to establish plans, standards, and procedures to keep errors from occurring in the first place. 4

  5. Formal Definition Audits provide an independent evaluation of software products or processes to ascertain compliance to standards, specifications, and procedures based on objective criteria that included documents that specify: • The form or content of the product to be produced • The process by which the products shall be produced • How compliance to standards or guidelines shall be measured. IEEE STD 1028, (1988) 5

  6. Audit Types • First Party Audit • Within you company or organization • Second Party Audit • Sometimes called “external audits” • By a Customer on his Supplier • By a Supplier on you. • Third Party Audit • Outside third party is contracted to do the audit. 6

  7. Audit/Process Review Principles • Conducted by individuals who are organizationally independent of the developers. • Begin early in the requirements phase and continue throughout the development process. • Professionally planned, conducted and documented. • Follow-up on corrective action. • Project Management is involved in the Audit process and is responsible for rework and process improvements. 7

  8. What Software Audit Should Do • Determine: • Compliance to requirements • Conformance to plans, policies, procedures, and standards • Drive process improvement based on: • Adequacy of plans, policies, procedures, and standards • Effectiveness and efficiency of plans, policies, procedures, and standards • Assess personnel familiarity to requirements and documentation • Assure availability, use and adherence to software standards 8

  9. What Triggers an Audit? • Quality Assurance Plan • Event • Date • Requests from management • Requests from developers • Requests from customers • Integration with process improvement activities • Outside requirements — regulatory • Gut feel 9

  10. External Standards Audit Target Organizational Procedures and Methods Scope: Requirements, Time, and Target • Spread around organization • Cover all functions and activities • Try to hit things early • Move towards process audits 10

  11. Plan (Requirements, Scope, & Checklist) Prepare Audit Start Conduct Audit Write-up Report & Findings Review with Manager NO Findings? Corrective Actions YES Closeout Audit & File Process Review/Audit Process Project Manager Developers Auditor OK END Follow-up Audit Re-Work 11

  12. Identify Requirements • Policies/Standards Corporate, Group, IEEE • Processes/Plans SCMP, SQAP, SDP, Project Plan • Procedures Change Management, Design Reviews, Document Standards, Testing • Task Instructions Library updates, unit testing, peer reviews • Success of an audit is directly proportional to preparation, research and analysis conducted before the audit is performed. 12

  13. Requirement Types • Functional (ascertainably true or false) • Quality (range of acceptable values) 13

  14. Types of Audits (Internal) • Quality System Audits • Product Audit • Process Audit • Project Audit • CM Audit 14

  15. Evidence Collection • Collect Factual Information • Analyze and Evaluate the Evidence • Draw Conclusions • Generate Findings 15

  16. Corrective Action of Findings • Determine Action • Immediate Remedial Action • Process Improvement/Fix • Acceptable Risk • Identify Root Cause • Corrective Actions Plan • Manage CA Plan to completion • Analyze Effects of CA 16

  17. Develop Audit Checklist • Focus on clear requirements (or unclear to fix) • Select subset of requirements • Focus on important steps/products • Write clear concise questions • Canned checklist vs. straw horse 17

  18. Requirement Checklist Item Details Observations Results (P/F) Company Standard ABC-234, page 7 Does project QA plan will have a list of deliverables subject to Peer Reviews? Check SQA document for a list of approved peer reviews and which documents are to be reviewed. (if no documents are found, then fail. If no peer review procedures are referenced, then fail) Project SQA Plan Were the number of audits completed equal to the number planned? Check to see which audits were planned for the last 60 days. Check for evidence that the audit was completed and if there were findings, that a CA plan was signed. Project SQA Plan Were the number of peer reviews completed equal to the number planned? For each peer review type, check the CM records for the past 60 days to see if the document type specified in the QA plan was checked into CM for the first time. If so, check for records of the peer review being completed as per peer review process cited in SQA plan. Checklist Sample 18

  19. Interviewing • Ask open-ended questions • Know the types of answers expected • Focus on Process and not People • Seek Corroboration and Evidence 19

  20. Sample Interview Questions • How do you track your progress? • Do you have a CM Plan? • Tracing • What are you working on? • Is it a configured item? • Do you have an approved CR or PR? • Is the version you are working on checked out of CM? 20

  21. Desirable Auditor Characteristics • Mechanical • Sampling • Root Cause Analysis • Intellectual • Writing • Planning • Speaking • Detail Oriented • Concise • Emotional • Interviews • Group dynamics • Oral reports • Empathy • Don’t take things personally 21

  22. Desirable Auditor Characteristics(Cont.) • Knowledge of Audit process • Knowledge of target (SW) processes • Knowledge of techniques • Professional attitude • Good listener • Inquisitive/analytical • Communicates at all levels • Detailed Notes and Observations • Diplomatic 22

More Related