Configuration audits provide a mechanism for determining the degree to which the current state of the system is consistent with the latest baseline and documentation. They provide greater visibility into the status of a project by evaluating the status of the items. They also determine the traceability from requirements and CRs to the implementation by investigating the baselines and changes to the baselines.
SCM activities are constantly carried out during the development or major enhancement cycle of a product. Configuration items are identified, baselines are established and changes to baselined items are carried out in a formal way. The status accounting provides the information of the SCM activities that have been carried out. When the product the ready for release / delivery, it is necessary to establish that the software product has been build in accordance with the requirements including the approved CRs. In other words, we perform a formal review to verify that the product being delivered will work as advertised, promoted or in any way promised to the customers.
Configuration audits provide such a review. They are not the same as quality audits or product tests. However, they use the information available as an outcome of the quality audits and testing along with the configuration status accounting information, to provide assurance that what was required has been build. Configuration audits are typically performed at the time of delivery and major upgrades to the software.
By ensuring that only reviewed, verified and validated products are checked into the baseline and that only baselines are used to generate releases, the assurance is given that non-conforming products are not released. This is as per the ISO 9001 requirement. Further, by use of configuration audits prior to delivery, we ensure that the actual delivery made is of the correct product.
The audit team typically includes persons independent of the project’s configuration controller or other project team members. Configuration audits can be logically divided into two parts, the functional configuration audit and the physical configuration audit.
The objective of functional configuration audit is to verify that a configuration item is in accordance with its software requirements. The audit team will consist of 3-4 members comprising the customer representative, independent quality assurance members and configuration controller of other projects. The project manager, configuration controller and the testers of the project form the auditee team.
The project team presents the summary of the status of the requirements, the baselines, the CRs and Engineering Change Order and the Verification & Validation activities carried out. Any requirements that are not yet implemented or could not be tested are also presented as deviations to the FCA team.
The FCA team satisfies itself that the deviations will not reduce the effectiveness of the software that is being delivered. The FCA team also studies the CRs, check-in, check-out registers and the test reports to ensure that what has been developed and tested is complete with respect to the requirements. At the end of audit, the FCA team will identify all issues for which action is required.
The objective of the physical configuration audit is to ensure that items in the baseline are of the right version. The physical configuration audit typically follows the functional configuration audit and can be performed by the same audit team or a subset of the functional audit team. The main task is to ensure that naming, numbering and physical location of the configuration items is according to the laid out procedures and standards. If the functional audit is successful, the physical audit typically ends up identifying wrongly versioned configuration items or configuration items not properly checked-in. The issues raised by the physical configuration audit team also need to be closed through the appropriate actions.
http://www.blogcatalog.com/blog/quality-assurance-1/41b1b0c9be710e169295b798f5f6e00a
