260 likes | 492 Views
Project Audits( 审计 ). Presented by : Basker George. Project Audits. In a process oriented approach for software development , two key task are: Process definition Process implementation.
E N D
Project Audits(审计) Presented by : Basker George
Project Audits • In a process oriented approach for software development , two key task are: • Process definition • Process implementation. • The process definition activities deal with identifying & specifying processes, which when followed will give Good Quality & Productivity. • The process implementation activities ensure that the defined process are followed in the project.
Cont… • Unless the projects adhere(坚持) to the standard process • one cannot find the “Capability”(性能) of the process. • Therefore without knowing the capability of a process one cannot Improve the process. • Since the Process are executed by people, there is a possibility that the process may be skipped (遗漏).
Cont… • The reason for not following the process are: • People tend to take shortcuts (捷径) • It maybe do to pressure of deadline (最终期限) • Or maybe some process are not clear • It may also be due to overconfidence (过分相信) • And also people resist (抵抗) changes, because it restrict (限制) their freedom • Taking shortcut or skipping a process may not always lead to project failure. • A project could potentially (潜在地) fail if the processes are not followed.
Cont… • An analogy (类似) for this could be Traffic Rules. • Just because a rash (轻率的) driver failed to observe traffic rule & reaches home safely does not mean traffic rules is unnecessary. • Therefore a active effort is needed to ensure compliance (依从) to the defined process. • The basic purpose of AUDIT is to ensure compliance to the defined process.
Cont… • Audits are essential part of Quality Assurance KPA of Level 2 • It is also a requirement of ISO 9000 Quality System • There are many ways of Organizing AUDIT in an Organization. • We shall study the Audit Mechanism employed at Infosys.
Project Audit (The Challenge) • As the projects become larger and more complex, understanding and providing effective validation of the project management processes is a significant challenge for today’s information systems organizations. • In addition to the awareness and implementation of the project management procedures, recognition of the quality of the standards and practices is critical for continued performance improvement.
The Objective of Audit: • Insight into the project team’s use of the project management standards • Identification of the project’s “Project Management” related risks • Detail corrective action plan for addressing the risks, incomplete procedures and standards training • Awareness of the areas of opportunity for improvement of the “Project Management” methods and behaviors
Audit Process • Auditing is a systematic & independent examination of various activities of project execution. • It is intended to determine compliance with the quality system of a organization • Its main focus is on implementing the process of an Organization. • It is also used to determine the effectiveness (效力) of a process & to identify area of Improvement(改进).
Cont… • Audit can be Internal or External • External Audit is generally employed for some type of certification(证明). • Internal audit is conducted by the Organization using people of the Organization. • The primary goal is to ensure(保证) compliance (依从) with Organization’s process & help in process improvement.
Cont… • To ensure reasonable degree of compliance with the defined process, audit must be done regularly (有规则地). • The people performing audit could be member of SEPG or person who has maturity (完备) & stature (状况) to assess the implementation on a project objectively (客观地). • It could also be performed by other project members.
Cont… • When others perform Audit, they can learn & give advice (建议). • Since they become “Law Keepers” they also respect & appreciate (赏识,) “Law”. • The Audit activity has three components: • Planning • Auditing • Follow-up (继续的)
Planning • Before audits are conducted, they must be carefully planned to achieve optimal result. • Planning of Audit operates at three level: • Strategy (策略) • High-level plan • Detailed schedule.
Audit strategy • The Audit strategy defines how Audit will be scheduled & planned, so as to monitor compliance & the effectiveness of processes. • The strategy at Infosys are: • Audit are conducted monthly • During a audit, a sample of the project is selected for audits, but the projects selected are not known before the month of Audit • Each month has some focus area for audit, which will be examined in detail during audit.
Audit PLAN • The Audit PLAN is an implementation of the audit strategy for a specific period say 6 to 12 months. • The PLAN specifies how strategy will be implemented, such as • Selection of focus area • Selection of projects • Selection of auditors • So…on.. • The plan covers some of the key areas for project that are closely related with CMM.
Auditing • A team of two people normally conduct the internal Audit who are selected from auditor’s pool. • Auditor’s pool is a set of people who are trained to conduct audit. • One standby (备用) Auditor is also selected • A remainder (剩余物) is sent to Auditors & project Leaders, whose project will be Audited, one day before the audit begins.
Cont… • On the day of audit, auditors meet the Quality advisor associated with the project to get views about the process used in the project • The team plans out its audit strategy • What question to ask • Who will they interview • What artifacts are needed • In actual audit, the auditors focus more attention on whether the defined process is followed in the project. • A check list can also be used
Sample checklist • Project Planning Checklist • Is the project plan documented in the standard project plan template? • Has the project plan been group reviewed? • Has the project plan been approved & baselined? • Is it under configuration management? • Is there a signed Contract? • Have the commitments to the customers or other group been reviewed?
Cont… • Is there an estimated effort for the project that is based on historical data? • Have the effort estimates & the schedule been reviewed? • Has the quality plan been reviewed • Is the life cycle used in the project identified & documented?
Cont… • Are personnel identified & responsibility for each work element defined & tracked? • Are reestimation triggers such as scope changes and required corrective actions defined? • Are deliverables to the customer, including user documentation, clearly identified? • Are risk & risk mitigation (缓解) plans identified & properly documented? • Are reviews, progress reporting, tracking, & approval mechanism identified?
Cont.. • Requirement Management Checklist • Is there a requirements document that includes technical & nontechinical requirements? • Have the requirements been reviewed & are the review records available? • Has the requirements document been signed off by the customer & other affected groups? • Are changes to requirement logged?
Cont… • Has traceability to changed requirement been established in other work products? • Has requirement change threshold (极限) been negotiated with customer? • Is status of changed requirement available & maintained properly? • Are acceptance criteria defined & signed off by customer? • Is there record of the re-estimation of size, effort, & other critical resources?
Cont… • The audit process is said to be completed when the audit team has asked all questions at whatever artifacts they require. • An noncompliance report (NCR) is issued if the evidence suggest that the organization-wide process or authorized process for the project is not being followed. • The questions & checklist aid in unearthing noncompliance. • An important point that is stressed during training of auditors is to focus on process & process improvement and problems found should be attributed to process factors & not people. • A report is then sent to coordinator of audit (SEPG member) within three days of conducting an audit.
Follow-up • The audit report & NCR’s are sent to the coordinator of audits, who is a member of SEPG, at the end of AUDIT. • For each NCR, corrective action are taken. • The audit coordinator get approved from the auditors for each corrective action taken. • An audit may also reveal weakness in process • In such cases, the auditors may recommend modification to SEPG team.
Audit Analysis • The data from audit of different project together offer valuable data about the state of the implementation of the process across the organization. • These data can be very useful in analyzing the effectiveness of the processes and offer scope for improvement. • Summaries are produced for: • Number of Audits scheduled vs number conducted. • Total no of NCR given • Closer date of NCR • Distribution of NCR by severity (严重) • These summaries yield information about the health of the audit system and seriousness with which it is conducted. • Its also offers visibility into the implementation of audit process.