The Purpose of This Procedure Is to Define the Process That the Higher Education Information

I.PURPOSE

The purpose of this procedure is to define the process that the Higher Education Information organization (HEI) will follow to conduct Software Quality Assurance (SQA) Audits of project Work Products and Processes. This is the only recognized method for conducting SQA Audits.

An SQA Audit is a technique used to examine conformance of a development process to approved procedures and the conformance of products to adopted standards.

This document describes the SQA audit process. Checking the adequacy or effectiveness of approved standards and procedures is a secondary objective of a SQA Audit.

Audits are preventative measures intended to verify standards and procedures are being followed and to detect nonconformance issues before they become problems. SQA Audits may be conducted for deliverables both in-process as well as completed.

SQA audits may also compare the actual status of a product with the reported status. Process audits are conducted at established points during the Software Development Lifecycle (SDLC). For each SQA audit, selected project activities and work products are examined for compliance with approved policies, standards, and procedures.

II.SCOPE

This document defines the activities that will occur for conducting process and product SQA Audits for all HEI projects. The document also addresses reporting SQA Audit Findings and follow-up activities for handling nonconformance items until they are resolved.

III.REQUIREMENTS

A.Prerequisites

1. The objectives, scope, and purpose of each SQA Audit is defined in an Audit Plan. The actual processes and products examined by an SQA Audit vary depending on the objective of the audit. An all-purpose audit provides a comprehensive approach, while a focused audit examines specific procedures, such as Configuration Management (CM), or checks specific requirements, such as coding or naming standards.
2. A checklist or multiple checklists should be tailored to meet the objectives, scope, and purpose of the audit.
3. Items found to be in nonconformance of approved standards or developed using procedures that do not comply with approved procedures are noted as nonconformance items and a request is made for corrective action. Nonconformance items must be corrected and brought into compliance with approved standards and policies or a tenable reason provided or a waiver secured from management.
4. Nonconformance items are logged and reported to the project team and reviewed with their immediate management. The status of nonconformance items is tracked until resolved. Nonconformance items that are not resolved are brought to the attention of Senior Management. (Note: Nonconformance items with a tenable reason provided are either closed (if the reason is accepted by the SQA Manager) or escalated to Senior Management where the reason is reviewed and either accepted or denied.)
5. It is not practical for the SQA group to examine all processes or all products for all projects because of the volume. The strategy is to examine a representative sample of project activities and deliverables.
6. The SQA Process / Product Audit provides:

• Independent verification of process and product compliance within a project.
• Visibility to management of process and product compliance within a project.
• A mechanism for resolution of process and product deficiencies or nonconformance within a project.

B.Expected Performance and/or Process

SQA Manager

1. Determine the need for an SQA Audit. Select the SQA Analyst to act as Lead Auditor.

SQA Analyst

1. Review the Project Software Quality Assurance Plan (SQAP) and the Statement of Work (SOW). These combined documents will serve as a guide to plan the SQA audit.

1. Review defined, applicable policies, standards, procedures, and processes.

1. Identify the audit participants, meeting scribe, and presenter. Determine the format of the audit and how the audit will be carried out. Make all necessary audit assignments.

1. Review recent status reports to gain insight on the stage of completeness of products and information about problem areas. Also review the results of previous audits and previous nonconformance reports, if available.

1. After becoming familiar with the project background, define areas that require attention. These areas should be noted in the SQA Audit Plan.

1. Develop the SQA Audit Plan. Include information such as schedule, resources, team members, agenda, tasks, reports, documentation, checklists, and areas identified above in item 6 that require attention. An SQA Audit Plan template appears in Exhibit A of this document.

SQA Manager

1. Review the SQA Audit Plan.

1. If the SQA Audit Plan is satisfactory, go to Step 11. If not, provide recommendations.

SQA Analyst

1. Revise the Audit Plan in accordance with recommendations and return to Step 8.

1. Tailor SQA checklists and audit templates to the project and the SQA Audit Plan. Tailoring the checklists consists of selecting targeted audit questions based on the SQA Audit Plan. Tailored checklists are provided to the subject of the audit in advance of the audit. Only items included on the tailored checklists may be logged as nonconformance items in the SQA Audit Findings report.

1. Prepare a detailed agenda of planned activities, a list of documentation and work products to be audited, reserve meeting room(s) that meets the requirements for duration and seating.

1. Schedule the audit.

1. Schedule and prepare the audit area (if necessary).

1. Distribute the agenda with checklists and templates at least 3 working days in advance of the kick-off meeting. These should be distributed so they could be reviewed before the meeting, and explained and discussed during the meeting.

1. Assemble the audit team for a kick-off meeting to discuss the SQA Audit Plan, checklists, templates, and expectations.

1. State the purpose and scope of the audit and conduct the interviews according to the established agenda and schedule.

1. Review project artifacts and work products and the methods used to produce them.

Recorder

1. Complete checklists with observations and notes collected during the interviews and inspections. Note areas of compliance to policies, standards, and procedures and areas of nonconformance.

SQA Analyst / Project Team Member

1. Discuss areas of compliance and nonconformance. The purpose of these discussions is to give the audited organization an opportunity to explain or to correct an item at this stage.

SQA Analyst

1. Record audit results. If there are no nonconformance items reported, go to Step 26. If nonconformance items were uncovered during the audit, initiate Corrective Action Requests (CAR) to identify each nonconformance item and request the subject of the audit to specify corrective actions to be performed, a schedule to perform them, and a plan to validate them.

1. Complete and forward a Corrective Action Request (CAR) to address each nonconformance item. A sample CAR form is provided in Exhibit B.

Project Team Member

1. Address each nonconformance item by completing the requested CAR information, including a description of the actions taken to resolve the nonconformance items, the expected date the actions will be completed, and validation criteria.

1. Ensure all CARs are addressed by updating the required information.

SQA Analyst

1. Verify all nonconformance items were addressed and all items were resolved. If not, return to Step 22 and disapprove the audit.

1. Prepare SQA Audit Findings report.

SQA Manager

1. Review SQA Audit Findings Report.

1. If the SQA Audit Findings Report is satisfactory, go to Step 30. If not, provide recommendations.

SQA Analyst

1. Revise the SQA Audit Findings Report in accordance with recommendations and return to Step 27.

1. Review audit results and SQA Findings Audit Report with Project Manager.

1. Publish the SQA Audit Findings to the [Distribution list] and Software Quality Assurance organization.

1. If all nonconformance items are resolved, skip to item 35. If not resolved, escalate them to Senior Management to address.

Senior Management

1. Review the nonconformance item and either notify the Audited Organization to comply, issue a waiver to the Audited Organization, or declare the policy, standard, or procedure in need of modification or elimination.

1. Notify the SQA Analyst and the Audited Organization with the decision.

SQA Analyst

1. Update the SQA Audit database with the results.

1. Use the Validation and Verification Plan to authenticate all nonconformance items have been resolved as described in the CAR action plan.

1. If Senior Management recommended termination of any policies, standards, or procedures or if during the course of the SQA Audit, the SQA group identified inappropriate or questionable policies, standards, and procedures, create an Issue to log the incident.

IV.MEASUREMENTS

1. Each Audit will be recorded - Measures audits were performed.
2. Nonconformance Items will be counted and recorded - Measures quality of the process/product.
3. The SQA Audit process will be reviewed - Measures the process was followed.

EXHIBIT A

Sample Audit Plan Template

EXHIBIT B

Sample Corrective Action Request (CAR) to address each nonconformance item

Audit Procedure