Soft audit Checklist・No7: Outsourcing management process
The sixth of the development process checklist is outsourcing management
In this article, we will introduce each item of the audit checklist used for software development audit . The audit checklist is divided into ( 1) development process, ( 2) requirements management, (3) testing, and (4) design and implementation. In this article, (1 ) individual items of outsourced management in the development process are introduced. (The checklist itself can be found in the article on Software Audit Practice / Checklist Part 1: Development Process (Requirements Management) , so please refer to that.)
Check items for outsourcing management activities
The check item of the development process checklist introduced in the previous article was about in-house software development, but the development contractor not only develops in-house, but also re-development to other companies such as external software houses. It may be outsourced . In that case, it will be a problem if the development contractor does not properly manage the software development work of the subcontractor.
The check item for outsourced management activities is to confirm whether the development outsourcer is correctly implementing the outsourced management activities for the subcontracted organization that has subcontracted the development work , and the item number starts with SM-. There are 13 items.
Since it is a confirmation from the viewpoint of whether the subcontractor is carrying out the same thing as the confirmation item for the subcontractor that we have seen so far, it seems to be a little confusing because similar contents are lined up. However, please be aware that the subcontractor is an activity for the subcontractor . Let’s look at them in order.
[Item number: SM-01]
Clarify which of the software development work to be subcontracted , the scope of consignment, deliverables, delivery date, etc. , and whether there is a procedure to select a subcontractor suitable for that work , delivery date, etc. We will confirm the procedure and implementation status at the stage of selecting a subcontractor and consigning the work, such as whether the plan for the consignment work that clarified the deliverables etc. is clear.
[Item number: SM-02]
The most important thing when choosing a subcontractor is to choose a good subcontractor . This is where more than half the success or failure of subcontracting is determined. It is necessary to judge whether the subcontractor has sufficient ability for software development in various aspects such as software technology and quality assurance ability . The judgment should be made by examining the capabilities of the contractor in an objective manner as much as possible and selecting according to the results of the investigation . Make sure that the selection process is ruled and based on capacity so that the subcontractor can always be selected optimally.
[Item number: SM-03]
Since it is a subcontract of software development work, a contract regarding business consignment should be signed between the subcontractor and the subcontractor . The work performed by the subcontractor and its quality assurance are all determined by the contents of the contract, so whether the contract is messy or whether the demarcation point of responsibility is clearly drawn in the contract. confirm.
[Item number: SM-04]
Of course, software development work at the subcontractor will be carried out by assigning people and equipment at the subcontractor. In order to manage the progress and quality of subcontracted work, it is necessary that the subcontractor first creates a business plan and then manages the actual results in comparison with the plan . So, first of all, whether there is a plan for the work of the subcontractor, the development contractor can properly carry out the work of outsourcing management to confirm that the work is being performed at the subcontractor according to the plan. Check if it is.
[Item number: SM-05]
Whether or not the business is proceeding as planned according to the business plan created by the subcontractor can be managed based on the results such as the review status and test status of the business, and the software development of the subcontractor by the subcontractor Check the status of business management.
[Item number: SM-06]
For operations that are outsourced from a subcontractor to a subcontractor, the required specifications and delivery date may change during development. The requirement specifications may be revised, and in some cases, the consignment contract may be revised. At the time of the change of such consignment business, throat rules that define how to do things if there is, whether the changes work according to the rules have been Susumerae, whether the change management have been made to the procedure as confirm.
[Item number: SM-07]
Subcontractors of administrators layer and the subcontractors of the administrators layer and is, make sure it provided regular meetings to exchange information about the status of issues such as progress and risk concerns of business. This is because we believe that mutual understanding through regular exchange of information is important in order to detect major problems in the subcontracted development work as soon as possible and to devise effective countermeasures.
[Item number: SM-08]
The purpose of the regular meetings by the managers in the previous section is to strengthen business management, but apart from that, for more specific development work and important technical items , the contractor and the subcontractor work closely together at the engineer level. Information exchange is necessary. Make sure that you carry out such activities on a regular basis.
[Item number: SM-09]
The deliverables of the subcontractor’s work can be design documents, source code, test reports, etc., but prior to delivery of these, a joint review by the subcontractor and the subcontractor is required. Make sure that the work procedure is such that such a review is planned in advance, and that it is properly carried out in the actual development work.
[Item number: SM-10]
Check if the subcontractor’s software quality assurance department monitors the status of the subcontractor’s process quality and product quality . In the original CMMI, Software Quality refers only to process quality, but Father Gutara’s checklist also incorporates product quality monitoring here. To guarantee the quality of the product version of the software, it is necessary to monitor the quality of both the process quality and the product quality, so we also added the product quality monitoring in this item.
[Item number: SM-11]
For software configuration management, make sure that the quality assurance department of the subcontractor monitors the configuration management activities of the subcontractor . Since the organization to carry out software development, some kind of configuration management and is the is definitely not for you, but with, what to do with the subject of configuration management and whether to perform configuration management in any way , in short how the correct version of the document Ya Whether to maintain the source code and development environment depends on the development organization. As a way to confirm that the subcontractor is also performing configuration management at the required level, check whether the subcontractor is monitoring the subcontractor from the perspective of configuration management.
[Item number: SM-12]
When the deliverables are delivered from the subcontractor to the subcontractor , quality is uncertain if the subcontractor does not properly inspect the deliverables . When it comes to acceptance, not only do we have the documents and source code with the necessary names, but we also check whether the acceptance is done after conducting tests and confirming the quality of the outsourced work.
[Item number: SM-13]
It is not limited to software outsourcing, but when the outsourced work is completed, the results are evaluated to clarify whether the results were satisfactory or inadequate. After that, by communicating the evaluation result to the subcontractor , the possibility that the deliverable will be delivered in a better condition from the next time will increase. Check if such activities are being carried out by the subcontractor to the subcontractor.
Next, we will introduce the required specifications of the development technology.
In the articles so far, I have briefly introduced the checklist of the development process, what to check and points to note, but how was it? It may overlap with the description in the checklist, but I hope it will help you to get an overview of the software development audit .
By the way, there is no correct answer because the method of software development audit is the method that Gutara’s father named himself . I think it is best for everyone to use it freely by referring to the contents introduced here.
Then, from the next article, I will introduce the software development audit checklist (1) development process (2) requirements management (3) testing (4) design and implementation, which will be the most upstream process of development (2) requirements management , and individual items of the checklist. I will continue.