Software Configuration Management Audits Part 4 - In Process Audits

In the first part of this article, we introduced the three different types of Software Configuration Management Audit:

• Functional Configuration Audit (FCA) (discussed in Part 2)
• Physical Configuration Audit (PCA) (discussed in Part 3)
• In-Process SCM Audits (discussed in this part of the article)

In this fourth part of the article, we will discuss In-process Software Configuration Management (SCM) audits are performed throughout the software life cycle to provide management with an ongoing independent evaluation of the:

• Adequacy of the organization’s SCM policies, plans, processes and systems to meet the organization’s objectives
• Ongoing compliance to those documented SCM policies, plans, processes and systems
• Ongoing conformance of the configuration items to their requirements and workmanship standards
• Effectiveness of the SCM plans, processes and systems, and their implementation (e.g., SCM training of personnel and SCM tool capabilities)
• Efficiency of resource utilization
• Identification of areas for continuous improvement to SCM plans, processes, systems and products.

In-process SCM audits are typically focused on either SCM processes or SCM baselines.?Table 1 illustrates an example of a checklist for a process-focused in-process SCM audit and lists possible objective evidence-gathering techniques for each item.?Table 2 illustrates an example of a checklist for a product baseline-focused in-process SCM audit and lists possible objective evidence-gathering techniques for each item.?

While several suggested evidence-gathering techniques are listed for each checklist item, the level of rigor chosen for the audit will dictate which of these techniques (or other techniques) will actually be used.

Conclusion

Conducting SCM audits provides management with independent verification that the SCM processes are being complied with and that the software products are being built as required and at production, they are ready to be released.?SCM plans for each project/program should include plans for conducting these SCM audits, including schedules and resource allocations.?

Standardized checklists, like the example checklists in this article, can be created for SCM audits.?The advantage of using standardized checklists include:

• Reduction of effort in recreating checklists for each audit
• Lessons learned from previous audits can be incorporated into the standardized checklists to help improve future audits
• Consistency and continuity of implementation from one audit to the next as well as complete coverage

Prior to each audit, these standardized checklists should be reviewed to ensure that they reflect any changes made in the SCM standards, policies, or plans since the last audit was conducted.?These generic checklists should also be supplemented and tailored to the exact circumstances of each individual audit.?For example, if the corrective actions against prior audit findings are being verified with the current audit, specific checklist items for those actions may be added to the checklist.?Another example might be the auditing of small projects where certain optional processes do not apply and the corresponding items should be removed from the checklist.

References

IEEE-610: IEEE Standards Software Engineering, IEEE Standard Glossary of Software Engineering Terminology, IEEE Std. 610-1990, The Institute of Electrical and Electronics Engineers, 1999.

Kasse-00: Tim Kasse and Patricia A. McQuaid, Software Configuration Management for Project Leaders, Software Quality Professional, Volume 2, Issue 4, September 2000.

Keyes-04: Jessica Keyes, Software Configuration Management, Auerbach Publications, Boca Raton, 2004.

Russell-00: ASQ Audit Division, J. P. Russell editing director, The Quality Audit Handbook, 2nd Edition, ASQ Quality Press, Milwaukee, WI, 2000.

Westfall-07: Linda Westfall, Risk-Based Configuration Control – Balancing Flexibility with Stability, Risk-Based Configuration Control (softwareexcellenceacademy.com)

______________________________________________________________

Invest in yourself and your career: Become a Software Excellence Academy's All-Access Member

Get access to:

• 9 online, on-demand classes taught by Linda Westfall
• 6 online, on-demand classes taught by Robin Goldsmith
• Agile Training series from Scott Duncan
• Registration to all of our online, live classes?
• Access to all the webinars in our webinar vault (over 220+ webinars)
• Monthly Q&A calls with Linda Westfall

For More Information or to Register as an All-Access Member

______________________________________________________________

Upcoming webinars from the Software Excellence Academy:

June 2023 - Topic of the month is Teams

• 6/21/2023 – What If People Came With Instructions? presented by Diana Alt
• 6/28/2023 – Leading Distributed Teams presented by Scott Duncan

For more information about our webinars or to register for one or more of these webinars click here.

_____________________________________________________

The following webinar recordings are currently available for free on our website:

• Power Skills Bootcamp: Teamwork presented by Tom Henricksen
• How to Avoid a Project Death March presented by Neil Potter
• Constructing a Software Work Breakdown Structure, presented by Dennis Frailey
• Project Reviews - Why, When, Who & What, presented by Linda Westfall
• Project Management for Regular People, presented by Robin Goldsmith
• Stakeholder Values-Driven Project Management, presented by Tom Gilb
• Essential Requirements Practices, presented by Karl Wiegers
• 5 Steps to Requirements Management, presented by Linda Westfall

To watch these webinars click here and scroll down to the recordings.

_____________________________________________________

? 2023 Westfall Team. All Rights Reserved