Software Auditor Skills is a 2-day subset of the Software Auditing course designed to provide a knowledge base and practical skills for anyone interested in improving the software quality auditing techniques and practices for conducting individual audits.  This course starts with an overview of software auditing basics including a discussion of quality concepts, terms and definitions, the definition of an audit, a discussion of the benefits and consequences of conducting audits and of professional conduct.  The different types of audits are described, the audit process is introduced, and industry standards and models related to audits are surveyed.

Course attendees will learn what is involved in initiating an audit including the verification of the audit entry criteria, the definition of the audit’s scope and purpose, and determination of the audit’s inputs.  The audit planning responsibilities of the auditor management and lead auditor are discussed.  Audit strategies and estimation considerations are reviewed, and the contents of an audit plan are outlined.

Attendees will learn how to prepare for an audit by conducting a documentation review and creating audit tools including a checklist, a plan for verifying each checklist item and interview questions.  Attendees will practice executing and audit by holding opening and closing meetings, gathering objective evidence and documenting audit findings.  Attendees will learn how to document the results of an audit in an audit report and what records should be retained for each audit.  This course defines the steps in creating a corrective action plan to address the finding of an audit and the evaluation, verification and follow-up of those corrective actions. 

Method of Instruction: This course is taught through lecture and interactive discussion.  Actual examples from the software industry are utilized to make the information relevant.  Throughout this course, learned skills are practiced using team exercises and case studies.  For in-house courses, these exercises and case studies can be tailored to include actual examples from your organization in order to make the training even more relevant to your environment.  The emphasis of this course is on techniques that allow the attendees to transition the skills learned in this course to their own work environments.  

Target Audience: Software auditors, quality engineers, project managers, functional managers, software developers, testers, and other software stakeholders who will be involved in planning, conducting audits, participating in the audit as an auditor or auditee, reporting audit results, and planning and implementing corrective action.

Course Objectives: Upon successful completion of this course attendees will be able to:

•  Understand the basic concepts & terminology of software auditing

•  Effectively plan a software audit once it has been properly initiated

•  Prepare for a software audit & perform a document review

•  Execute a software audit & gather objective evidence

•  Document the software audit results in an audit report

•  Evaluate corrective action plans & follow-up on software audit findings

Course Materials: Student notebooks are designed to provide reference materials that can be utilized by the attendees long after the completion of the course.  These materials include:

•  Copies of all presentation materials with annotated descriptive notes

• A bibliography of reference materials

• An index and glossary of Software Auditing Terms

Detailed Outlines:

I:  Software Auditing – The Basics

1.       Software Auditing – The Basics

a.       Quality Concepts, Terms & Definitions

  - Quality Defined

  - Prevention vs. Detection

  - Defect Detection Techniques

  - Defect Prevention Techniques

b.       Audit Defined

  - Audit Defined

  - Audit Principles

c.       Benefits & Consequences of Audits

  - Audit Objectives

  - Benefits of Audits

  - Consequences of Audits

d.       Professional Conduct

  - Independence & Objectivity

  - Conflict of Interest

  - Confidentiality & Proprietary Information

2.       Types of Audits

a.       Internal Audits

b.       External Audits

c.       Quality System Audits

d.       Process Audits

e.       Product Audits

f.       Project Audits

g.       Supplier Audits

3.       The Audit Process

4.       Participant Roles

a.       Client

b.       Auditor Management

c.       Lead Auditor

d.       Auditors

e.       Auditee Management

f.       Auditee

g.       Escort

5.       Industry Standards & Models Related to Auditing

a.       ISO 9001:2000

b.       IEEE Software Engineering Standards

c.       SEI SW-CMM^® vs. SEI CMMI^SM Staged

d.       SEI CMMI^SM Staged

II:  Software Audit Initiation & Planning

1.       Software Audit Initiation

a.       Audit Initiation Step

b.       Audit Initiation

c.     Audit Program

d.     Audit Program Schedule - Example

e.       Audit Entry Criteria

f.       Audit Scope & Purpose

g.       Audit Inputs

h.       Audit Inputs – Case Study Exercise

2.       Software Audit Planning

a.       Audit Planning Step

b.       Auditor Management Planning Responsibilities

c.       Lead Auditor Planning Responsibilities

d.       Audit Strategies

e.       Estimation Considerations

f.        Audit Team Selection

g.       Audit Plan

h.       Communication & Distribution of the Audit Plan

III:  Software Audit Preparation

1.       Preparation Responsibilities

a.       Audit Preparation Step

b.       Auditor Preparation Responsibilities

c.       Lead Auditor Preparation Responsibilities

d.       Benefits of Good Preparation

2.       Documentation Review

a.       Documentation Review Purpose

b.       Process Definition

c.       Documentation Review – Case Study Exercise

3.       Audit Tools

a.       Checklists

b.       Standard Checklist Items

c.       Checklist – Example

d.       Evidence Gathering Plan

e.       Interview Questions

f.      Open-Ended Questions

g.     Context Free Questions

h.       Checklist & Interview Question – Case Study Exercise

i.        Sampling

IV:  Software Audit Execution

1.       Steps in the Execution of an Audit

a.       Audit Execution Step

b.       Audit Execution Process

2.       The Opening Meeting

a.       Conducting the Opening Meeting

b.       Opening Meeting – Example Agenda

3.       Gathering Objective Evidence

a.       Objective Evidence Defined

b.       Gathering Objective Evidence

c.       Examining Documents & Records

d.       Observing an Event or Process

e.       Interviewing

f.       Interview - Exercise

g.       Taking Notes

h.       Audit Execution – Case Study Exercise

4.       Daily Meetings

a.       Daily Audit Team Meetings

b.       Classifying Findings

c.       Audit Finding Report – Example

d.       Daily Feedback Meetings

5.       Evaluating Effectiveness

a.       Audit Conclusions

b.       Evaluating Effectiveness

6.       The Closing Meeting

a.       Closing Meeting

b.       Closing Meeting – Example Agenda

V:  Software Audit Reporting

1.       Audit Report

a.       Audit Reporting Step

b.       Turning Requirements into Audit Results

c.       Audit Report

2.       Audit Record Retention

a.       Complete Checklists

b.       Audit Records

c.       Record Retention

VI:  Corrective Action & Follow-Up 

1.       Corrective Action

a.       Audit Corrective Action & Verification Follow-Up Step

b.       Corrective Action

c.       Corrective Action Plan

d.       Evaluating Corrective Actions

e.       Evaluating a Corrective Action Plan – Case Study Exercise

2.       Verification Follow-up