Beruflich Dokumente
Kultur Dokumente
Process Overview
by
Tom Gilchrist, CSQA, CSQE,
Before we start…
• SQA Context
• Overview of SW Audit Process
• SW Audit Examples
SASQAG 10/17/2002
tomg@tomgtomg.com 2
Some Terms/Ideas
• Process
• Deterministic vs. Non
Deterministic
• Quality vs. Value
SASQAG 10/17/2002
tomg@tomgtomg.com 3
Software Quality Assurance
SASQAG 10/17/2002
tomg@tomgtomg.com 4
Formal Definition
SASQAG 10/17/2002
tomg@tomgtomg.com 5
Audit Types
SASQAG 10/17/2002
tomg@tomgtomg.com 7
What Software Audit Should Do
• Determine:
• Compliance to requirements
• Conformance to plans, policies, procedures, and
standards
• Drive process improvement based on:
• Adequacy of plans, policies, procedures, and
standards
• Effectiveness and efficiency of plans, policies,
procedures, and standards
• Assess personnel familiarity to requirements and
documentation
• Assure availability, use and adherence to software
standards
SASQAG 10/17/2002
tomg@tomgtomg.com 8
What Triggers an Audit?
SASQAG 10/17/2002
tomg@tomgtomg.com 9
Scope: Requirements, Time, and Target
External
Standards
• Spread around
organization
Audit
Target
• Cover all functions and
activities
• Try to hit things early
Organizational
Procedures and • Move towards process
Methods
audits
SASQAG 10/17/2002
tomg@tomgtomg.com 10
Process Review/Audit Process
Plan
Prepare
Start (Requirements,
Audit
Scope, & Checklist)
Findings?
Corrective YES
Actions
OK Closeout
Audit &
File END
Follow-up
Audit
Re-Work
SASQAG 10/17/2002
tomg@tomgtomg.com 11
Identify Requirements
SASQAG 10/17/2002
tomg@tomgtomg.com 12
Requirement Types
SASQAG 10/17/2002
tomg@tomgtomg.com 13
Types of Audits (Internal)
SASQAG 10/17/2002
tomg@tomgtomg.com 14
Evidence Collection
SASQAG 10/17/2002
tomg@tomgtomg.com 15
Corrective Action of Findings
• Determine Action
– Immediate Remedial Action
– Process Improvement/Fix
– Acceptable Risk
• Identify Root Cause
• Corrective Actions Plan
• Manage CA Plan to completion
• Analyze Effects of CA
SASQAG 10/17/2002
tomg@tomgtomg.com 16
Develop Audit Checklist
SASQAG 10/17/2002
tomg@tomgtomg.com 17
Checklist Sample
Requirement Checklist Item Details Observations Results (P/F)
Company Does project QA plan Check SQA document for a list
Standard ABC- will have a list of of approved peer reviews and
234, page 7 deliverables subject to which documents are to be
Peer Reviews? reviewed. (if no documents are
found, then fail. If no peer
review procedures are
referenced, then fail)
Project SQA Were the number of Check to see which audits were
Plan audits completed planned for the last 60 days.
equal to the number Check for evidence that the audit
planned? was completed and if there were
findings, that a CA plan was
signed.
Project SQA Were the number of For each peer review type, check
Plan peer reviews the CM records for the past 60
completed equal to the days to see if the document type
number planned? specified in the QA plan was
checked into CM for the first
time. If so, check for records of
the peer review being completed
as per peer review process cited
in SQA plan.
SASQAG 10/17/2002
tomg@tomgtomg.com 18
Interviewing
SASQAG 10/17/2002
tomg@tomgtomg.com 19
Sample Interview Questions
SASQAG 10/17/2002
tomg@tomgtomg.com 20
Desirable Auditor Characteristics
• Emotional • Mechanical
• Interviews • Sampling
• Group • Root Cause
dynamics Analysis
• Oral reports • Intellectual
• Empathy • Writing
• Don’t take • Planning
things • Speaking
personally • Detail
Oriented
• Concise
SASQAG 10/17/2002
tomg@tomgtomg.com 21
Desirable Auditor Characteristics
(Cont.)
SASQAG 10/17/2002
tomg@tomgtomg.com 22