Soft Audit overview・Purpose 2: Audit to improve development capacity　

25/12/202021/10/2021Audit for soft-Develop..

The three purposes of software development audit are to judge development ability, improve development ability, and ensure software quality.

Three objectives of software development audit to be performed on outsourced software development, ① determine the competence of the development　② to improve the competence of development　③ to ensure the quality of corrective measures for version software out of that, the previous articles about ① Since the outline was introduced in, this article introduces (2) software development audits to improve development capabilities. For a concrete introduction to the actual software development audit, please refer to the article titled “Software Development Audit / Practice" if you are interested in the details.

2. I want to improve the software development capabilities of the development contractor

The second purpose of conducting a software development audit is to improve the software development capabilities of the contractor when the contractor has already been decided and the development work has already started . In order to have the development contractor deliver better deliverables, we will investigate whether there are any problems with the development process or product quality at this point, and if there are any problems, we will take measures before delivery and improve them. We will conduct a software development audit for the purpose of receiving it.

In this case, the development audit is often conducted when the development has progressed by about half and the system test has not started yet. This is because it is easy to identify specific problems when the development is about half advanced, and there is still time to spare for the problems to be improved. In the early days of development, it is difficult to grasp the substance of the development team because the actual work is not so advanced and concrete deliverables are often not produced. On the contrary, just before delivery, even if a problem is found, there is no time left to have the countermeasures implemented.　

In order to identify problems in process quality and product quality while looking at the deliverables of software development and have them implement countermeasures by the final delivery date, it is necessary to conduct a software development audit when development is about halfway through. Since it is the most efficient, we will audit at such a time.

Improving software development capabilities will identify problems from several perspectives and take countermeasures.

Even in audits aimed at improving software development capabilities, the checklist used for software development audits is the same as the checklist used for development audits to select outsourcers. The same checklist is used, but the software development audit aimed at improving competence focuses on checking whether there are any problems with the parts that have a large effect on the product quality of the software, so the following viewpoints We will focus on the checklist for confirmation.

• Test level: Is test design and test management sufficient?
• Bug tracking: Are bugs and reviews pointed out managed?
• Development requirements: Are the requirements consistent between the contractor and the contractor?
• Gate process: Is there a major gate process that exists and is effectively implemented?
• Deliverables: Are detailed test reports and bug information included in the deliverables?

Is the level of quantity and quality of the test sufficient?

The most direct and important thing to pay attention to in order to have the development contractor deliver better software deliverables is to have them carry out good tests . .. Of course, good quality development in the upstream process such as good design and good review is also important, but it is impossible to identify bugs only by desk examination with software that increases complexity. To guarantee the quality of the software, it is most important to carry out sufficient quantity and quality testing . If the software development audit finds a shortage in the quantity or quality of the test, we will ask you to take measures before delivery.

So how do you know if the quantity and quality of the tests aren’t enough? The first thing to check is the test plan . By the time of release, we will confirm what kind of test is to be carried out in what department and in what amount in the test plan etc. Test planning from the perspective of what kind of tests are being carried out, for example, whether test items for confirming non-functional requirements are planned, such as abnormal system tests, high-load tests, and large-scale environment tests. Make sure.

Especially when outsourcing software development overseas, you need to be careful about this type of test ( often called a test category ). If the development team consists of only young engineers with little software development experience, it may be misunderstood that the purpose of the test is only to check the operation of the functions described in the specifications . In such a case, there is a test item to check the operation of the normal system of each function, but it is possible that the test item does not include the test of abnormal system or high load at all.　

Regarding the amount of tests, it is difficult to judge uniformly how good it is, but whether or not the number of test items is about the same as that of similar products with in-house development experience is one thing. It can also be used as a criterion.

Is test management done?

In addition to the quantity and quality of tests, it is also important to check the status of test management . It is necessary to confirm from the viewpoint of whether the planned test is properly carried out, the result is recorded, and the mechanism is to judge the quality of the result. If the test execution management system and the division of responsibilities are not firmly established, there is an increased risk that the test process will be disturbed when the remaining time is short at the end of development.

Regarding test management, if you check what tools are used to manage, what tying is who, what items are checked and managed, as much as possible according to actual examples and actual records, problems can be seen. It will be easier.

Is bug tracking implemented reliably?

It is not important to carry out tests and design reviews, but to correct bugs and findings found in those activities to reduce potential bugs . In order to reduce potential bugs, it is also important to check the bug tracking process, such as recording the detected bugs and issues and tracing them until they are dealt with .

Bugs found in the test and points of design review are recorded in what way, what kind of status management is done, who is tracing at what timing, and when it is in what state it is judged to end Are you doing it? We will check the status of bug tracking from the perspective of whether the test management process and the judgment criteria for proceeding with the management work are clear.

As a bug management tool, we may use a table such as EXCEL, or we may use an integrated management system such as a ticket system. What kind of tool you are using varies because there are various circumstances in the development contractor. However, no matter what tool you use, if the bug tracking operation using that tool is not steadily executed , problems such as the bugs you find may be forgotten without being able to find a countermeasure. Whether or not the development process is in place to prevent such a situation is also an important confirmation item in software development audits.

Are the development requirements matched between the contractor and the contractor?

When outsourcing software development, it is very important that the outsourcer definitely informs the outsourcer of the development requirements such as the functions, performance, and stability required for the software to be developed . For that purpose, the contractor prepares a software development requirement document that specifically describes the requirements, or the contractor creates a development specification that specifically describes the content to be developed , based on some document. The consignor and the consignee will match their consciousness.

At this time, both engineers discuss and confirm what is written in the development requirements and development specifications, so there is not much difference in consciousness. So what do you pay attention to in software development audits? In fact, we will audit while paying attention to whether there is any deficiency in what is written in the development requirements and development specifications.

It is okay for organizations that are accustomed to the work method of outsourcing / contracting business, such as overseas, but for organizations that have developed software in-house, it functions in development requirements and development specifications. In some cases , requirements other than performance are not fully written. For example, are items called non-functional requirements such as disaster recovery, maintainability, stability, and security specifically described in development requirements and development specifications? When I confirm that, there is unexpectedly no concreteness. When developing in-house, even if these non-functional requirements are not clearly stated, it is often the case that development proceeds without problems based on past experience. However, when outsourcing development to another person, it will not be communicated well unless it is clearly written.

In some cases, before conducting an audit, the outsourcer and the outsourcer shall separately conduct hearings on specific items regarding these non-functional requirements, and on the day of the audit, if there is a difference in the responses from both parties. Soft audits may be carried out by checking in detail.

In particular, in the case of a company that outsources development for the first time, it is often the case that the level of strictness regarding non-functional requirements, or the level of quality that is commonplace for the company, is unknown. In such a case, if you do not confirm the non-functional requirements of the required specifications as specifically as possible, there will be a discrepancy between the consignor and the consignee, and somewhere the finished software requested. There remains the risk that it will be different.

Is the development gate process clear?

The gate process is an important process in the software development process. A process that has the role of a gatekeeper is called a gate process, in which the next process cannot proceed without the approval of the person in charge . What is the gate process varies from company to company, but for example, software release review is an important gate process at the final stage of software release as a company. In addition to this, input examination for the requirement specification creation department to convey the requirement specification to the design department and output examination for confirming the deliverable at the end of development in the design department are also adopted in the gate process. There are also many.

In addition to the selection of the gate process, which of the development processes should be positioned as the gate process, whether the implementation status of the gate process is properly monitored, whether the subsequent process is started without the approval of the gate process, etc. The status of development management is a part that affects the quality of the development process, and at the same time, it is an item that greatly affects the product quality of software.

Is the delivery properly decided?

Design documents, source code, test reports, etc. are generally delivered when software development is outsourced. But is this enough? When developing software in-house, a lot of information other than these is left, and that information may be used in subsequent software development.

From that point of view, it is recommended that you also receive a record of design reviews, a record of code reviews, detailed information on all bugs detected in in-house tests, etc. as deliverables. It is better to clarify the contents in the delivery column of the contract of business consignment and the requirement specifications, not the items to be confirmed at the software development audit. However, unfortunately, there are many cases where software development consignment does not have a contract or requirement specifications that are clearly described, so if you check it during a software development audit, it is often unexpectedly omitted.

If you find a problem, prioritize it and ask for countermeasures.

When conducting a software development audit for the purpose of improving the development capability of a development contractor, identify the problems in the development process of the contractor while being aware of the important items mentioned above. Of course, the purpose is not to identify the problems, but to improve the quality of the software delivered to the company by having the problems improved.

Therefore, it will be effective only if there is a follow-up activity that asks you to formulate countermeasures for the problems found in the software development audit and have them implement the countermeasures by the time the software is released . In other words, if software development audits are conducted for the purpose of improving the development capabilities of contractors, the purpose of the audits must be achieved without proper follow-up until the effects of improvement measures for the problems found are confirmed. Please note that it does not become. Therefore, when conducting software development audits for the purpose of improving the competence of development contractors, it is also important to identify problems in the audits and follow-up to steadily implement improvement measures after the audits. increase.

Next : Soft Audit overview・Purpose 3: Audit to confirm the quality of bug-fixed software