Software audit review


Software audit review

A software audit review, or software audit, is a type of software review in which one or more auditors who are not members of the software development organization conduct "An independent examination of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria" [IEEE Std. 1028-1997, "IEEE Standard for Software Reviews", clause 3.2] .

"Software product" mostly, but not exclusively, refers to some kind of technical document. IEEE Std. 1028 offers a list of 32 "examples of software products subject to audit", including documentary products such as various sorts of plan, contracts, specifications, designs, procedures, standards, and reports, but also non-documentary products such as data, test data, and deliverable media.

Software audits are distinct from software peer reviews and software management reviews in that they are conducted by personnel external to, and independent of, the software development organization, and are concerned with compliance of products or processes, rather than with their technical content, technical quality, or managerial implications.

The term "software audit review" is adopted here to designate the form of software audit described in IEEE Std. 1028.

Objectives and participants

"The purpose of a software audit is to provide an independent evaluation of conformance of software products and processes to applicable regulations, standards, guidelines, plans, and procedures" [IEEE Std. 10281997, clause 8.1] . The following roles are recommended:

*The "Initiator" (who might be a manager in the audited organization, a customer or user representative of the audited organization, or a third party), decides upon the need for an audit, establishes its purpose and scope, specifies the evaluation criteria, identifies the audit personnel, decides what follow-up actions will be required, and distributes the audit report.
*The "Lead Auditor" (who must be someone "free from bias and influence that could reduce his ability to make independent, objective evaluations") is responsible for administrative tasks such as preparing the audit plan and assembling and managing the audit team, and for ensuring that the audit meets its objectives.
*The "Recorder" documents anomalies, action items, decisions, and recommendations made by the audit team.
*The "Auditors" (who must be, like the Lead Auditor, free from bias) examine products defined in the audit plan, document their observations, and recommend corrective actions. (There may be only a single auditor.)
*The "Audited Organization" provides a liaison to the auditors, and provides all information requested by the auditors. When the audit is completed, the audited organization should implement corrective actions and recommendations.

References


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Software peer review — In software development, peer review refers to a type of software review in which a work product (normally some form of document) is examined by its author and one or more colleagues, in order to evaluate its technical content and… …   Wikipedia

  • Software audit — can mean: * a software licensing audit, where a user of software is audited for licence compliance * software quality assurance, where a piece of software is audited for quality * a software audit review, where a group of people external to a… …   Wikipedia

  • Software review — A software review is A process or meeting during which a software product is [examined by] project personnel, managers, users, customers, user representatives, or other interested parties for comment or approval .IEEE Std. 1028 1997, IEEE… …   Wikipedia

  • Software Security Assurance — Software is itself a resource and thus must be afforded appropriate security. Software also contains and controls data and other resources. Therefore, it must be designed and implemented to protect those resources. Software Security Assurance is… …   Wikipedia

  • Software quality assurance — (SQA) consists of a means of monitoring the software engineering processes and methods used to ensure quality. It does this by means of audits of the quality management system under which the software system is created. These audits are backed by …   Wikipedia

  • audit software — Computer programs used by an auditor to examine an enterprise s computer files. Utility programs may be used, for example, for sorting and printing data files. Package or tailor made programs may be used to interrogate the computer based… …   Accounting dictionary

  • Audit (telecommunication) — In telecommunications, the term audit has the following meanings:* To conduct an independent review and examination of system records and activities in order to test the adequacy and effectiveness of data security and data integrity procedures,… …   Wikipedia

  • Software Quality Analyst — A Software Quality Analyst is responsible for applying the principles and practices of software quality assurance throughout the software development life cycle. The role of a software quality analyst is often confused with the software testing… …   Wikipedia

  • audit software — Computer programs used by an auditor to examine an enterprise s computer files. Utility programs may be used, for example, for sorting and printing data files. Package or tailor made programs may be used to interrogate the computer based… …   Big dictionary of business and management

  • Peer review — For Wikipedia s Peer Review area, see Wikipedia:Peer review. For other uses, see Peer review (disambiguation). Peer review is a process of self regulation by a profession or a process of evaluation involving qualified individuals within the… …   Wikipedia