ISTQB Glossary definition
"An independent evaluation of software products or processes to ascertain compliance to standards, guidelines, specifications, and/or procedures based on objective criteria, including documents that specify (1) the form or content of the products to be produced (2) the process by which the products shall be produced (3) how compliance to standards or guidelines shall be measured."
[IEEE 1028]
In Simple English,
Audit is to check for compliance with a predetermined expected state.
Its very different from actual testing in the fact that most time audits are static checks that do not interact with a system under test a lot.
Field Notes
- Audits are most often used as complimentary process to testing in development projects.
- Audits are not a feasible replacement for software testing.
- Audits are only as effective as the person doing it and his understanding of the audit's purpose and the process or software being audited unlike testing in which once the test is designed properly, anyone even can execute it and determine a pass or fails state.
- Audits for process to be followed are very common. Regular Security audit are very common in most software companies. Process audits like audits for ISO and CMMI are also conducted in software development companies.
- Audits mostly need pre planning in terms of preparing a list of items to audit and the accepted state for each of them. Mature audit systems have also an measure for allowable deviation.
- Audits are most often a group or team activity. There is one who conducts the audit and the one being responsible for the process or product being audited.
- Some instances may however allow self audit with standard process and procedures to be followed.
- The result of audits are not defects or bugs. Audits result in observations, recommendations and non compliance items.
- Check lists are the most common tool used for audits.
For Example:
Code audits are very common examples that are easy to understand.
Say for example, the development team has a guideline that variable names should follow a specific pattern. A auditor may then audit each piece of code for compliance to this standard and issue a non compliance for each instance of variables not following the pattern.
Say for example, the development team has a guideline that variable names should follow a specific pattern. A auditor may then audit each piece of code for compliance to this standard and issue a non compliance for each instance of variables not following the pattern.
