project audits( 审计 )
DESCRIPTION
Project Audits( 审计 ). Presented by : Basker George. Project Audits. In a process oriented approach for software development , two key task are: Process definition Process implementation. - PowerPoint PPT PresentationTRANSCRIPT
Project Audits(审计 )
Presented by : Basker George
Project Audits
In a process oriented approach for software development , two key task are:
– Process definition– Process implementation.
The process definition activities deal with identifying & specifying processes, which when followed will give Good Quality & Productivity.
The process implementation activities ensure that the defined process are followed in the project.
Cont…
Unless the projects adhere(坚持 ) to the standard process
one cannot find the “Capability”(性能 ) of the process. Therefore without knowing the capability of a process
one cannot Improve the process. Since the Process are executed by people, there is a
possibility that the process may be skipped (遗漏 ).
Cont…
The reason for not following the process are:– People tend to take shortcuts (捷径 )– It maybe do to pressure of deadline (最终期限 )– Or maybe some process are not clear– It may also be due to overconfidence (过分相信 )– And also people resist (抵抗 ) changes, because it restrict (限
制 ) their freedom Taking shortcut or skipping a process may not always
lead to project failure. A project could potentially (潜在地 ) fail if the
processes are not followed.
Cont…
An analogy (类似 ) for this could be Traffic Rules.
Just because a rash (轻率的 ) driver failed to observe traffic rule & reaches home safely does not mean traffic rules is unnecessary.
Therefore a active effort is needed to ensure compliance (依从 ) to the defined process.
The basic purpose of AUDIT is to ensure compliance to the defined process.
Cont…
Audits are essential part of Quality Assurance KPA of Level 2
It is also a requirement of ISO 9000 Quality System
There are many ways of Organizing AUDIT in an Organization.
We shall study the Audit Mechanism employed at Infosys.
Project Audit (The Challenge)
As the projects become larger and more complex, understanding and providing effective validation of the project management processes is a significant challenge for today’s information systems organizations.
In addition to the awareness and implementation of the project management procedures, recognition of the quality of the standards and practices is critical for continued performance improvement.
The Objective of Audit:
Insight into the project team’s use of the project management standards
Identification of the project’s “Project Management” related risks
Detail corrective action plan for addressing the risks, incomplete procedures and standards training
Awareness of the areas of opportunity for improvement of the “Project Management” methods and behaviors
Audit Process
Auditing is a systematic & independent examination of various activities of project execution.
It is intended to determine compliance with the quality system of a organization
Its main focus is on implementing the process of an Organization.
It is also used to determine the effectiveness (效力 ) of a process & to identify area of Improvement(改进 ).
Cont…
Audit can be Internal or External External Audit is generally employed for some
type of certification(证明 ). Internal audit is conducted by the Organization
using people of the Organization. The primary goal is to ensure(保证 )
compliance (依从 ) with Organization’s process & help in process improvement.
Cont…
To ensure reasonable degree of compliance with the defined process, audit must be done regularly (有规则地 ).
The people performing audit could be member of SEPG or person who has maturity (完备 ) & stature (状况 ) to assess the implementation on a project objectively (客观地 ).
It could also be performed by other project members.
Cont…
When others perform Audit, they can learn & give advice (建议 ).
Since they become “Law Keepers” they also respect & appreciate (赏识 ,) “Law”.
The Audit activity has three components:– Planning– Auditing– Follow-up (继续的 )
Planning
Before audits are conducted, they must be carefully planned to achieve optimal result.
Planning of Audit operates at three level:– Strategy (策略 )– High-level plan– Detailed schedule.
Audit strategy
The Audit strategy defines how Audit will be scheduled & planned, so as to monitor compliance & the effectiveness of processes.
The strategy at Infosys are:– Audit are conducted monthly– During a audit, a sample of the project is selected for audits,
but the projects selected are not known before the month of Audit
– Each month has some focus area for audit, which will be examined in detail during audit.
Audit PLAN
The Audit PLAN is an implementation of the audit strategy for a specific period say 6 to 12 months.
The PLAN specifies how strategy will be implemented, such as
– Selection of focus area– Selection of projects– Selection of auditors– So…on..
The plan covers some of the key areas for project that are closely related with CMM.
Auditing
A team of two people normally conduct the internal Audit who are selected from auditor’s pool.
Auditor’s pool is a set of people who are trained to conduct audit.
One standby (备用 ) Auditor is also selected A remainder (剩余物 ) is sent to Auditors & project
Leaders, whose project will be Audited, one day before the audit begins.
Cont…
On the day of audit, auditors meet the Quality advisor associated with the project to get views about the process used in the project
The team plans out its audit strategy– What question to ask– Who will they interview– What artifacts are needed
In actual audit, the auditors focus more attention on whether the defined process is followed in the project.
A check list can also be used
Sample checklist
Project Planning Checklist Is the project plan documented in the standard project
plan template? Has the project plan been group reviewed? Has the project plan been approved & baselined? Is it under configuration management? Is there a signed Contract? Have the commitments to the customers or other group
been reviewed?
Cont…
Is there an estimated effort for the project that is based on historical data?
Have the effort estimates & the schedule been reviewed?
Has the quality plan been reviewed Is the life cycle used in the project identified &
documented?
Cont…
Are personnel identified & responsibility for each work element defined & tracked?
Are reestimation triggers such as scope changes and required corrective actions defined?
Are deliverables to the customer, including user documentation, clearly identified?
Are risk & risk mitigation (缓解 ) plans identified & properly documented?
Are reviews, progress reporting, tracking, & approval mechanism identified?
Cont..
Requirement Management Checklist Is there a requirements document that includes
technical & nontechinical requirements? Have the requirements been reviewed & are
the review records available? Has the requirements document been signed
off by the customer & other affected groups? Are changes to requirement logged?
Cont…
Has traceability to changed requirement been established in other work products?
Has requirement change threshold (极限 ) been negotiated with customer?
Is status of changed requirement available & maintained properly?
Are acceptance criteria defined & signed off by customer?
Is there record of the re-estimation of size, effort, & other critical resources?
Cont…
The audit process is said to be completed when the audit team has asked all questions at whatever artifacts they require.
An noncompliance report (NCR) is issued if the evidence suggest that the organization-wide process or authorized process for the project is not being followed.
The questions & checklist aid in unearthing noncompliance. An important point that is stressed during training of auditors is to
focus on process & process improvement and problems found should be attributed to process factors & not people.
A report is then sent to coordinator of audit (SEPG member) within three days of conducting an audit.
Follow-up
The audit report & NCR’s are sent to the coordinator of audits, who is a member of SEPG, at the end of AUDIT.
For each NCR, corrective action are taken. The audit coordinator get approved from the auditors
for each corrective action taken. An audit may also reveal weakness in process In such cases, the auditors may recommend
modification to SEPG team.
Audit Analysis The data from audit of different project together offer valuable
data about the state of the implementation of the process across the organization.
These data can be very useful in analyzing the effectiveness of the processes and offer scope for improvement.
Summaries are produced for:– Number of Audits scheduled vs number conducted.– Total no of NCR given– Closer date of NCR– Distribution of NCR by severity (严重 )
These summaries yield information about the health of the audit system and seriousness with which it is conducted.
Its also offers visibility into the implementation of audit process.
