ASQ - Audit Division

Risk-based Vendor Audits of Agile Developed Software

Abstract: Software supplier audits are often a weak spot in a validation and a HUGE hole in purchasing controls and supplier management. According to John W. Helgeson, “[t]he purpose of software quality audits is to monitor software development, the development process, and to help management obtain an independent view of the software development status” (The Software Audit Guide, ASQ Press 2010, p. xv). An audit program of vendor software developed using agile methodologies thus raises particular challenges because of the reliance of such methodologies on “hidden” software tools that sustain the validation environment. This session focuses on auditing software vendors that utilize Agile methodologies (e.g., “test-first,” “loose coupling,” etc.) and some of the newer quality tools and technologies in their software development processes: test-driven development, continuous integration, and continuous verification using automated testing: 1. How do you audit such software, including the “hidden” software tools behind it? 2. Which areas should be investigated? 3. What are some of the most important questions to ask?

Keywords: Risk-based - software - Agile - Audits Vendor Audits

Already a member? Access this Content

You will need Adobe Reader to view this PDF document.
Download the free Reader from Adobe

  • Print this page
  • Save this page

Average Rating

Rating

Out of 0 Ratings
Rate this item

View comments
Add comments
Comments FAQ

ASQ News