Add to collection(s) Add to saved
  1. Business

Project Audits

advertisement 
Project Audits(审计)
Presented by : Basker George
Project Audits

In a process oriented approach for software
development , two key task are:
–
–


Process definition
Process implementation.
The process definition activities deal with identifying &
specifying processes, which when followed will give
Good Quality & Productivity.
The process implementation activities ensure that the
defined process are followed in the project.
Cont…




Unless the projects adhere(坚持) to the standard
process
one cannot find the “Capability”(性能) of the process.
Therefore without knowing the capability of a process
one cannot Improve the process.
Since the Process are executed by people, there is a
possibility that the process may be skipped (遗漏).
Cont…

The reason for not following the process are:
–
–
–
–
–


People tend to take shortcuts (捷径)
It maybe do to pressure of deadline (最终期限)
Or maybe some process are not clear
It may also be due to overconfidence (过分相信)
And also people resist (抵抗) changes, because it restrict (限制)
their freedom
Taking shortcut or skipping a process may not always
lead to project failure.
A project could potentially (潜在地) fail if the processes
are not followed.
Cont…




An analogy (类似) for this could be Traffic
Rules.
Just because a rash (轻率的) driver failed to
observe traffic rule & reaches home safely
does not mean traffic rules is unnecessary.
Therefore a active effort is needed to
ensure compliance (依从) to the defined
process.
The basic purpose of AUDIT is to ensure
compliance to the defined process.
Cont…




Audits are essential part of Quality Assurance
KPA of Level 2
It is also a requirement of ISO 9000 Quality
System
There are many ways of Organizing AUDIT in
an Organization.
We shall study the Audit Mechanism employed
at Infosys.
Project Audit (The Challenge)


As the projects become larger and more complex,
understanding and providing effective validation of
the project management processes is a significant
challenge for today’s information systems
organizations.
In addition to the awareness and implementation of
the project management procedures, recognition of
the quality of the standards and practices is critical
for continued performance improvement.
The Objective of Audit:




Insight into the project team’s use of the project
management standards
Identification of the project’s “Project Management”
related risks
Detail corrective action plan for addressing the risks,
incomplete procedures and standards training
Awareness of the areas of opportunity for improvement
of the “Project Management” methods and behaviors
Audit Process




Auditing is a systematic & independent examination of
various activities of project execution.
It is intended to determine compliance with the quality
system of a organization
Its main focus is on implementing the process of an
Organization.
It is also used to determine the effectiveness (效力) of
a process & to identify area of Improvement(改进).
Cont…




Audit can be Internal or External
External Audit is generally employed for some
type of certification(证明).
Internal audit is conducted by the Organization
using people of the Organization.
The primary goal is to ensure(保证) compliance
(依从) with Organization’s process & help in
process improvement.
Cont…



To ensure reasonable degree of
compliance with the defined
process, audit must be done
regularly (有规则地).
The people performing audit could
be member of SEPG or person
who has maturity (完备) & stature
(状况) to assess the
implementation on a project
objectively (客观地).
It could also be performed by
other project members.
Cont…



When others perform Audit, they can learn &
give advice (建议).
Since they become “Law Keepers” they also
respect & appreciate (赏识,) “Law”.
The Audit activity has three components:
–
–
–
Planning
Auditing
Follow-up (继续的)
Planning


Before audits are conducted, they must be
carefully planned to achieve optimal result.
Planning of Audit operates at three level:
–
–
–
Strategy (策略)
High-level plan
Detailed schedule.
Audit strategy


The Audit strategy defines how Audit will be scheduled
& planned, so as to monitor compliance & the
effectiveness of processes.
The strategy at Infosys are:
–
–
–
Audit are conducted monthly
During a audit, a sample of the project is selected for audits,
but the projects selected are not known before the month of
Audit
Each month has some focus area for audit, which will be
examined in detail during audit.
Audit PLAN


The Audit PLAN is an implementation of the audit
strategy for a specific period say 6 to 12 months.
The PLAN specifies how strategy will be implemented,
such as
–
–
–
–

Selection of focus area
Selection of projects
Selection of auditors
So…on..
The plan covers some of the key areas for project that
are closely related with CMM.
Auditing




A team of two people normally conduct the internal
Audit who are selected from auditor’s pool.
Auditor’s pool is a set of people who are trained to
conduct audit.
One standby (备用) Auditor is also selected
A remainder (剩余物) is sent to Auditors & project
Leaders, whose project will be Audited, one day before
the audit begins.
Cont…


On the day of audit, auditors meet the Quality advisor
associated with the project to get views about the
process used in the project
The team plans out its audit strategy
–
–
–


What question to ask
Who will they interview
What artifacts are needed
In actual audit, the auditors focus more attention on
whether the defined process is followed in the project.
A check list can also be used
Sample checklist







Project Planning Checklist
Is the project plan documented in the standard project
plan template?
Has the project plan been group reviewed?
Has the project plan been approved & baselined?
Is it under configuration management?
Is there a signed Contract?
Have the commitments to the customers or other group
been reviewed?
Cont…




Is there an estimated effort for the project that
is based on historical data?
Have the effort estimates & the schedule been
reviewed?
Has the quality plan been reviewed
Is the life cycle used in the project identified &
documented?
Cont…





Are personnel identified & responsibility for each work
element defined & tracked?
Are reestimation triggers such as scope changes and
required corrective actions defined?
Are deliverables to the customer, including user
documentation, clearly identified?
Are risk & risk mitigation (缓解) plans identified &
properly documented?
Are reviews, progress reporting, tracking, & approval
mechanism identified?
Cont..





Requirement Management Checklist
Is there a requirements document that includes
technical & nontechinical requirements?
Have the requirements been reviewed & are
the review records available?
Has the requirements document been signed
off by the customer & other affected groups?
Are changes to requirement logged?
Cont…





Has traceability to changed requirement been
established in other work products?
Has requirement change threshold (极限) been
negotiated with customer?
Is status of changed requirement available &
maintained properly?
Are acceptance criteria defined & signed off by
customer?
Is there record of the re-estimation of size, effort, &
other critical resources?
Cont…





The audit process is said to be completed when the audit team
has asked all questions at whatever artifacts they require.
An noncompliance report (NCR) is issued if the evidence suggest
that the organization-wide process or authorized process for the
project is not being followed.
The questions & checklist aid in unearthing noncompliance.
An important point that is stressed during training of auditors is to
focus on process & process improvement and problems found
should be attributed to process factors & not people.
A report is then sent to coordinator of audit (SEPG member) within
three days of conducting an audit.
Follow-up





The audit report & NCR’s are sent to the coordinator of
audits, who is a member of SEPG, at the end of AUDIT.
For each NCR, corrective action are taken.
The audit coordinator get approved from the auditors
for each corrective action taken.
An audit may also reveal weakness in process
In such cases, the auditors may recommend
modification to SEPG team.
Audit Analysis



The data from audit of different project together offer valuable data
about the state of the implementation of the process across the
organization.
These data can be very useful in analyzing the effectiveness of
the processes and offer scope for improvement.
Summaries are produced for:
–
–
–
–


Number of Audits scheduled vs number conducted.
Total no of NCR given
Closer date of NCR
Distribution of NCR by severity (严重)
These summaries yield information about the health of the audit
system and seriousness with which it is conducted.
Its also offers visibility into the implementation of audit process.
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Marketing Plan Rubric
Marketing Plan Rubric
Big Data As Complementary Audit Evidence
Big Data As Complementary Audit Evidence
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
As the 2nd largest business support solutions (BSS) provider, CSG
As the 2nd largest business support solutions (BSS) provider, CSG
system audit - Study Channel
system audit - Study Channel
Download
advertisement