Software Configuration Management (SCM) Audits Part 1 – Introduction to SCM Audits

An audit is a planned and independent evaluation of one or more products, processes, projects, or systems to determine conformance or compliance to a set of agreed to requirements. Auditing is an “objective assurance and consulting activity designed to add value and improve an organization’s operations.” [Hutchins-03] Audits provide assurance by validating that the product, process, project and/or system are implemented in accordance with their requirements and objectives. Audits are management information activities because they provide ongoing analysis of the degree to which those implementations are effective and efficient, and they identify opportunities for continuous improvement. Audits also visibly demonstrate management’s support for the quality program.

In the case of Software Configuration Management (SCM) audits, three types of audits are typically performed:

• Functional Configuration Audit (FCA), which is an evaluation of the completed software products to determine their conformance, in terms of completeness, performance, and functional characteristics, to their requirements specification(s).
• Physical Configuration Audit (PCA), which is an evaluation of each configuration item to determine its conformance to the technical documentation that defines it.
• In-Process SCM Audits, which are ongoing evaluations conducted throughout the life cycle to provide management with information about compliance to SCM policies, plans, processes, and systems, and about the conformance of software products to their requirements and workmanship standards.

Parts 2 through 4 of this article will discuss the purpose of each of these three types of SCM audits. They will also provide examples of checklist items that could be used during audit evaluations and suggests evidence-gathering techniques for each item in those checklists.

When Are Configuration Audits Conducted

At a minimum, FCA and PCA should be conducted just before the final Ready to Beta Test or Ready to Ship review to provide input information into those reviews. In addition, these audits can also be conducted at other major milestones throughout the software development cycle as inputs into milestone reviews or other management oversite activities.?

In traditional software development, as illustrated in Figure 1, the FCA and PCA activities should be conducted as part of creating the Product Baseline. Depending on the level of rigor, FCA and PCA activities could also be conducted at other major milestones (baselines), including:

• The Functional Baseline
• One or More Allocated Baselines
• One or More Development Baselines

In agile software development, as illustrated in Figure 2, the FCA and PCA activities should be conducted as part of the software release milestone. Depending on the level of rigor, FCA and PCA activities could also be conducted at the end of each sprint (iteration).

In-process SCM audits can be conducted throughout development as needed. Plans for any in-process SCM audits should be specified in the Software Quality Assurance (SQA) plans.

_______________________________________________________________

Invest in yourself and your career: Become a Software Excellence Academy's All-Access Member

Get access to:

• 9 online, on-demand classes taught by Linda Westfall
• 6 online, on-demand classes taught by Robin Goldsmith
• Agile Training series from Scott Duncan
• Registration to all of our online, live classes?
• Access to all the webinars in our webinar vault (over 220+ webinars)
• Monthly Q&A calls with Linda Westfall

See https://www.softwareexcellenceacademy.com/membership for more information or to register.______________________________________________________________

Upcoming Live, Online Classes from the Software Excellence Academy

• Addressing Non-Functional (“ilities”) Requirements in Agile User Stories - Thursday, May 4, 2023?10:00 am - 5:30 pm ET
• Defining and Writing Business/User Requirements - Monday - Tuesday, May 22-23, 2023 10 am – 5:30 pm ET

For More Information or to Register for One of These Classes

_______________________________________________________________

Upcoming webinars from the Software Excellence Academy:

April 2023 - Topic of the month is Software Requirements

• 4/12/2023 – User Story Splicing presented by Rumesh Wijetunge
• 4/18/2023 – 5 Steps to Requirements Management presented by Linda Westfall
• 4/26/2023 – Software Requirements Essentials presented by Karl Weigers

For more information about our webinars or to register for one or more of these webinars click here.

_____________________________________________________

The following webinar recordings are currently available for free on our website at https://www.softwareexcellenceacademy.com/webinars: