Importance of Configuration Audit

Vinod Boyina's picture
Vinod Boyina asked on April 10, 2012 - 11:19am | Replies (2).

I am looking for articles or information about importance of performing Configuration Audit for a presentation to development team.

We normally conduct Configuration Audit before a release of Product and also we conduct quaterly audits to make sure that previously released products are recreatable. As this is the requirement of CMMI.

2 Answers

Drew Benson's picture

In my very cynical/pedantic view there is NO value in performing a Configuration Audit.

The value is BEING ABLE to perform it!

You set up your CM system/process to provide all the info/data etc to prove what you have is what you ought to have and to recreate whatever you need to recreate when/if you ever need to recreate it.

Once your CM system/process has been proven to be able to do all this there is no need to keep doing it.....

ie I DON'T "do" an Audit before a Product Release.... my CM system/process is set up to ensure that no Audit is required (but that if you did an Audit you would only report that everything was correct).

Possibly not a mainstream opinion but it is Friday afternoon!!
;-)

bglangston's picture

Vinodboyina,

By and large, I agree with Drew. However, ...

Drew said, "Once your CM system/process has been proven to be able to do all this there is no need to keep doing it....."

A configuration audit should be conducted on some periodic basis if for no other reason than to prove that your CM system/process is still able to do all this[. (If you don't keep doing it once in a while, then how do you know the process is still capable, rather like leaving your car in the garage for 10 years and thinking it will work fine because all it's processes were proven to work 10 years ago?)

What should the periodicity be? Probably at least annually just to make sure everything is there, but you might want quarterly or semiannual audits if there are components considered critical to the operation of the product or can have severely adverse impacts on such things as safety or cost.

Audits can be costly and time-consuming so the periodicity becomes a result of risk/benefit analysis. But it's amazing how, even with a perfectly good system/process, artifacts can get lost or omitted, interim files, change proposals or requests, test reports, etc. And some of those could be critical to recreating the product.

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.