Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Software audit review
open-in-new
<h2 id="objectives-and-participants">Objectives and participants</h2> <p>"The purpose of a software audit is to provide an independent evaluation of conformance of software products and processes to applicable regulations, standards, guidelines, plans, and procedures".<a class="footnote-ref" id="fnref:3" href="#fn:3"><sup>3</sup></a> The following roles are recommended: </p> <ul><li>The <i>Initiator</i> (who might be a manager in the audited organization, a customer or user representative of the audited organization, or a third party), decides upon the need for an audit, establishes its purpose and scope, specifies the evaluation criteria, identifies the audit personnel, decides what follow-up actions will be required, and distributes the audit report.</li> <li>The <i>Lead Auditor</i> (who must be someone "free from bias and influence that could reduce his ability to make independent, objective evaluations") is responsible for administrative tasks such as preparing the audit plan and assembling and managing the audit team, and for ensuring that the audit meets its objectives.</li> <li>The <i>Recorder</i> documents anomalies, action items, decisions, and recommendations made by the audit team.</li> <li>The <i>Auditors</i> (who must be, like the Lead Auditor, free from bias) examine products defined in the audit plan, document their observations, and recommend corrective actions. (There may be only a single auditor.)</li> <li>The <i>Audited Organization</i> provides a liaison to the auditors, and provides all information requested by the auditors. When the audit is completed, the audited organization should implement corrective actions and recommendations.</li></ul> <h2 id="tools">Tools</h2> <p>Parts of Software audit could be done using static analysis tools that analyze application code and score its conformance with standards, guidelines, best practices. From the <a href="/facts/List_of_tools_for_static_code_analysis/E9bcvnrD">List of tools for static code analysis</a> some are covering a very large spectrum from code to architecture review, and could be use for benchmarking. </p> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>IEEE Std. 1028-1997, IEEE Standard for Software Reviews, clause 3.2 <a href="/wiki/IEEE" target="_blank">/wiki/IEEE</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"IEEE 1028-2008 - IEEE Standard for Software Reviews and Audits". IEEE. Retrieved 2019-03-12. <a href="https://standards.ieee.org/ieee/1028/4402/" target="_blank">https://standards.ieee.org/ieee/1028/4402/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>IEEE Std. 10281997, clause 8.1 <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> </ol>