SOFTWARE QUALITY ASSURANCE

SEN 460 : FALL 2018

Lecture 10 : week 10
Credit : (3 + 0) / Week
Prerequisite : Software Engineering (SEN-220)
 TEXT & Reference Books
Text Book:
Software Quality Engineering by Jeff Tian IEEE

Reference Books:
1. Effective methods for Software Testing, William E. Perry,
Third Edition, 2006, (Latest)
2. G. Gordon Schulmeyer (2008), Handbook of Software
Quality Assurance, 4/e, Artech House Inc
3. Software Testing & Quality Assurance (Theory & Practice)
by Kashirasagar Naik & Priyadarshi (2008),John Wiley &
Sons.
4. Software quality assurance from theory to implementation
by daniel galin
2
 Code Of Conduct
• Kindly Switch Silent/Off your Mobile
Phones.

• Make Sure To Maintain Attendance

80%.

3
 Study Material
• For Lectures and Books
https://
sites.google.com/site/hajramasoodbukc

Or

• Email
sqabahria@gmail.com

4
 Outline
• Software Audit
• Audit
• Auditor
• Auditee
• Types of Software Audit
• Privacy Audit
• Security Audit
• Information System Audit
• ISO Standards of Software Audit

5
 Audit
• IEEE Standard Glossary of Software
Engineering Terminology
“An independent examination of a work
product or set of work products to
assess compliance with specifications,
standards, contractual agreements, or
other criteria”

6
 Audit Involves
• The client, person, or organization that

requests the audit;

• The auditor or team who performs the

audit.

• The auditee whose work is being

examined.
7
 Lead Auditor
• The lead auditor shall be free from

bias and influence that could reduce

his ability to make independent,

objective evaluations.

8
 Lead Auditor
1.Determining the team size.
2.Briefing team members on the audit scope and areas to be
audited;
3.Providing background about the organization being audited;
4.Assigning the workload of who will audit what areas;
5.Determining the audit schedule;
6.Notifying and briefing the audited organization on the scope
of the audit and materials that need to be provided;
7.Ensuring that the audit team is prepared to conduct the audit;
8.Ensuring that the audit plan or procedures are performed;
9.Issuing reports in accordance with the audit plan or
procedures.
9
 Auditee
The auditee is the party being audited and
is responsible for:
1. Establishing a professional, positive attitude about the audit
among the members of the audited organization;
2. Participating in the audit;
3. Providing all relevant materials and resources to the audit team;
4. Understanding the concerns of the auditors and verifying their
factual accuracy;
5. Providing a response to the audit report;
6. Correcting or resolving deficiencies cited by the audit team.

10
 Auditee
The auditee is the party being audited and
is responsible for:
1. Establishing a professional, positive attitude about the audit
among the members of the audited organization;
2. Participating in the audit;
3. Providing all relevant materials and resources to the audit team;
4. Understanding the concerns of the auditors and verifying their
factual accuracy;
5. Providing a response to the audit report;
6. Correcting or resolving deficiencies cited by the audit team.

11
 Types of Software Audits
The types of software audits addressed in
this section includes:
1. Software piracy audit;
2. Security audit;
3. Information systems audit;
4. ISO 9001:2000 software audit;
5. CMMI®-DEV appraisal;
6. Automated audits.
12
 1.Software Piracy Audit
The Business Software Alliance (BSA) is interested in
helping all software users ensure that they use only
fully licensed software and are educated about the
ethical and digital security risks associated with
unlicensed software use.
The BSA Web site wonders when was the last time you
conducted an audit of your company’s computers to
check for unlicensed software? Similarly, the Software
& Information Industry Association’s (SIIA) Anti-Piracy
Division conducts a comprehensive, industry-wide
campaign to fight software and content piracy..

13
 2.Security audit
They are a checklist that give an indication of
the kinds of steps that an organization should
take in securing its computer and information
systems. It should always be kept in mind that
security of information systems is not a static
solution that can be fixed once.
Constant attention has to be paid to the issues,
as the risks, the threats, and the things that
have to be protected are always changing.

14
 2.Security Audit
Each of the following issues should be
considered, and appropriate action
taken to protect your information:
1. Backups
2. Antivirus
3. Firewall
4. Access control

15
 2.Security Audit
If any organization is serious about the
security of their business’ information and
computer systems, then it is advisable to
consider the implementation of the Quality
Standard, ISO 17799 (BS 7799). ISO 17799 is
a standard that is a code of practice for
information security management.

16
 3.Information System Audit
Ron Weber, the author of the classic book
Information Systems Control and Audit, says
that information systems auditing evaluates
whether computer-based information
systems safeguard assets, maintain data
integrity, achieve organizational objectives
effectively, and consume resources
efficiently.

17
 ISO 9001:2000 Software Audit
• ISO 9001:2000 requires that an organization
conduct internal audits at planned intervals to
determine compliance to the standard and
effective implementation.
• The organization must also ensure that the
processes in place achieve planned results.
• This is accomplished through monitoring and,
as applicable, measuring process performance
through internal audits and measuring
programs.
18
ISO 9001:2000 Software Audit

19
 CMMI-DEV Appraisal
• Under the CMM® for Software the
assessment methods were termed: CMM®-
Based Assessment for Internal Process
Improvement (CBA-IPI) and Software
Capability Evaluation (SCE).
• With the CMMI® these methods were
combined under the SCAMPISM method.
The Standard CMMI® Appraisal Method for
Process Improvement (SCAMPISM) is
designed to provide benchmark quality
ratings relative to CMMI® models.
20
 Automated Audits
• There are an overwhelming number of
software tools available to help auditors
prepare, perform, and report audits.

21
Questions

22