Soft audit practice・Preparation 2: Obtaining materials and understanding the organization
- 1. Before the day of the audit, get the materials from the other party and check the contents in advance within the company.
- 2. Grasp the outline of the organization with the materials provided by the other party in advance
- 3. The first thing you need is an explanatory document for the software development process
- 4. Understanding the organization that will then implement the process
- 5. Don’t forget the tools that support the development support environment
- 6. Once you have an overview of the other party, ask the other party to check in advance.
Before the day of the audit, get the materials from the other party and check the contents in advance within the company.
In the audit plan, there is an item called audit preparation next to the itinerary , and here are the materials to be submitted in advance by the other organization by the day of the audit. Therefore, preparing the materials written in this part is the preparation for the audit for the other company.
Also, for the auditing side (it is your company), it is necessary to check the contents of the materials submitted in advance and select the parts to be focused on on the day of the audit to prepare for the audit. .. Let’s introduce the items to be confirmed in advance while looking at the contents of the plan in order.
Grasp the outline of the organization with the materials provided by the other party in advance
To audit, it is important to first get an overview of the organization being audited. Software development site , such as whether it is being developed by a few people or hundreds of people, whether the design and testing are done by the same person, whether the office is divided into several places, etc. The actual situation varies greatly from company to company. First of all, ask them to provide some materials to get an overview of the software development of the other company.
The first thing you need is an explanatory document for the software development process
First, get an overview of the company’s software development process (development procedure) . Since it is software development, the development process roughly proceeds in the order of planning, design, coding, testing, release, and maintenance. However, some organizations carry out all of these processes in-house, while others outsource some of them to other companies. In addition, there are cases where software purchased from other companies is partially modified and used, and there are cases where everything is made in-house from scratch.
Each company should have adopted the development process that is most suitable for their software development form, so getting an overview is the first step in preparing for an audit. For that purpose, first ask them to submit a document that shows the entire software development, and then grasp the contents. This material may be expressed differently depending on the organization, such as a related diagram of the development process, a process flow diagram, or a top-level rule of the development procedure manual.
Understanding the organization that will then implement the process
Next, get an overview of the software development organization of the person you are auditing . How big is the organization , in other words, how many software engineers are there, is there one or more development bases, is it scattered around the world, is there a separate development team and test team ? Understand the general condition of the software development organization, such as whether the development management team and the quality control team are separate from the development team.
To do this, ask them to provide an organizational chart of the departments related to software development of the other company and information about the person in charge of each organization . For software development, the level of management required depends on the size of the development team. Efficient management practices also change between small development teams with a few people and large development teams with hundreds of people. In order to determine whether the optimal development management method is adopted, it is important to first understand the outline including the size of the development organization.
Also, at this stage, check which department is responsible for the quality of the software . In the case of embedded software, even if the company has a quality assurance department, it may not be possible to see the manufacturing quality, and the quality of the software may be left to the development department. Such a point will be clarified in this prior confirmation.
Don’t forget the tools that support the development support environment
Along with the development process and organization, what you are using for systems and tools that support software development is also important information, so check it in advance.
In software development, many software engineers gather together to proceed with the work, so various management is required. Development baseline management, process management, review management, test management, bug management, release management, and various software development management are broken down into work. If only three engineers are working in the same office, managing using the EXCEL table will not cause any problems. However, if there are multiple offices that perform development work, or if some of the development work is outsourced to an overseas software house, management will be difficult without tools to support these management work .
Depending on the size of the development organization and the number of development bases, the management support tools required will vary, but there is no right answer. However, the engineer who is actually developing the software records the information necessary for development management somewhere from the result of the development work, and the administrator manages the development by looking at that information. Therefore, it is necessary to know what kind of tools the target organization of the development audit uses for development management in order to grasp the concrete development work situation.
Once you have an overview of the other party, ask the other party to check in advance.
The purpose of the work up to this point was to get the materials from the other party and read the materials to get an overview of the software development of the other party. Up to this point, the work of the company is mainly to carry out the audit, but in parallel with this, the other party to be audited is also asked to prepare in advance for the audit. Specifically, the work is to give the checklist to be used at the time of audit in advance, fill in the answer there, and have it returned. I will introduce the specific procedure in the next article.