Site
Map
Consulting
Training
Hotlist
Articles
Job
Aids
Bulletin
Board
Specialty
Store
Profile
Alliances
Home
Contact
Tantara
Guestbook
Webmaster
In the software industry, does the term assessment and audit mean the same thing? |
- Note: This article focuses on
- some of the similarities and distinguishing factors between
- the terms assessment and audit when expressed in the software industry.
Figure: PDCA (Shewhart/Deming) Cycle
A systematic process is used for both assessments and audits. Both are applied as a management tool as oppose to a technical-review tool. Outcome of both is a report. They both often use similar methods and techniques to perform their appraisal.
Key differences are:
|
|
|
|
| Appraisal customer: | Internal (self-appraisal) or external customer | Internal (self-appraisal) or external customer |
| Purpose: | To determine areas for improvement (and optionally, with people's view of recommended course of action). | To determine effectiveness (suitability), capability, gaps, need to improve, risks to proceed, and/or compliance (i.e., need for Corrective Action). |
| Motivation to improve: | Appraisal-customer imposed motivation; hence, internal appraisals are self-motivated. | Appraisal-customer imposed motivation; hence, internal audits are self-motivated. |
| Scope (determined by the appraisal's customer): | Software organization (system), process, project, or function | System, process, project, function, product, service or work product |
| Type of appraisal: | 1st, 2d and 3rd party; capability analysis or delta comparison analysis | 1st, 2d and 3rd party; compliance, maintenance (surveillance), gap analysis, or follow-up |
| Applicable PDCA stage (see figure above) | Typically triggered in the planning stage or act stage | Typically triggered in the check or act
stage--e.g., compliance audits are triggered as part of the check
stage and follow-up audits are triggered as part of the act stage.
Note: When audits are internally triggered, they may be part of the planning stage--e.g., special audits like some gap analysis. |
| Focus | Before the fact | After the fact |
| Primary questions asked: | What is the current capability, competence and potential?
What are the primary areas of weakness? |
What is being done? By who, when, where and how?
Is it what was expected? What are the risks? |
| Primary type of prevention encouraged: | Prevent occurrence | Prevent recurrence |
| Applicable appraisal standards/guidelines: | ISO 12207 (see the ORG.2.2 assessment process), ISO 15504 (parts 3, 4, and 6) , SEI CBA-IPI | ISO 10011, ISO 12207 (see the SUP.7 audit process), ISO 15504 (parts 3, 4, 6, and 8), SEI SCE |
| Type of evidence collected: | 1st party: Subjective and objective
2d and 3rd party: objective only |
Objective (subjective evidence may be collected for internally triggered gap analysis) |
| Auditor/assessor independence: | 1s party: it is recommended that the lead assessor be
independent of the scope being assessed.
2d and 3rd party: all assessors to be independent of the scope being assessed. |
All auditors to be independent of the scope being audited. |
|
the purpose and circumstances of the assessment/audit. |
||
Auditor/assessor style (e.g., impartial, collaborative) is dependent on the appraisal-customer (internal vs external) and, the appraisal's purpose and potential impact/risks.
Audit/assessment duration and type of interaction (group vs 1-on-1) depends on purpose, scope and type of appraisal.
- Note: The differences shown above are typical -- self-triggered assessments/audits may be
- any combination of that shown or special cases such as that for dry-run audits.
This article was written by Tantara Inc., a business consulting
firm specialized in software best practices and the improvement
of
process effectiveness and software product/service potential.
[ hotlist ] [ training ] [ facilitation ] [ consulting ] [ profile ] [ bulletin ] [ store ] [ contact ]
( Authored: March18, 2002 )