As the IT industry evolves, it introduces new disciplines to meet new needs. As these disciplines mature, the methods which they implement expand. Audit testing is one of the methods the testing discipline can use to examine a testing process and produce usable feedback with less resource expenditure than a more exhaustive testing effort may require.
The most common example of an audit test is the financial audit. In it, you examine the financial records, some individual transactions, and the process used to obtain and record them. Similarly, when we audit the testing process, we look at results of a test cycle, the process by which the results were obtained, and the tools and components a test has used to obtain these results.
Most commonly an audit is executed by an external resource to verify validity and adherence to standards. An external auditor is usually seen as a more credible source because the only interest they should have is a thorough and accurate assessment. An internal audit makes use of resources already at hand within a company. The potential benefits include knowledge of the tools and methods in use and a more complete understanding of the goals and direction of the project. An internal audit may not be viewed with the same amount of credit an external audit would carry due to potential for conflicting interests such as company reputation and the political situation in the company.
Audit testing does not exhaustively test a product to uncover every potential issue and defect and so does not incur the cost in time and personnel that such a test would suggest. Instead, audit testing aims to examine a testing process already in place for coverage and accuracy of the process.
An audit provides several benefits to a project. Common reasons for initiating an audit include:
Consider also the potential impact of an insufficient quality assurance process. Even if the product is improved after release, the company may receive a negative impact to their reputation from their target audience. A product that had a strong potential for return on investment may face complete rejection from the audience due to initial experience, especially if it has a competing product or service on the market.
Audit testing is most commonly implemented towards the end of, or just after a testing cycle. Audit testing can, and in many cases should, be implemented during any or all phases of a cycle: before, during, and after.
Prior to the start of testing there are no results to examine, and as such many companies would consider audit testing as non-applicable and wasteful of resources. In this stage the elements to be examined focus on the tools that are intended for use and the processes adhered to. When an audit is to be conducted prior to the start of a test cycle, the following process is likely:
Considerations for pre-cycle audit testing include:
Arguably the most impactful time to run an audit is during the actual test cycle. It is here that the auditor has results they can confirm by asking the testers to show how they came to them. This allows the auditor to evaluate the tools and the process, as they are utilized, for the most comprehensive feedback potential. When an audit is to be conducted while a test-cycle is active, the following process is likely:
Considerations for during-cycle audit testing include:
The time when the need of an audit is most noticeable is often after the completion of a test cycle. It is here that a mismatch between expectations and delivery is most visible and the utility of an audit is most easily justified. When an audit is to be conducted post-test cycle, the following process is likely:
Considerations for after-cycle auditing include:
While an audit of each separate phase has the potential for positive impact on a project, a combination of two or even all three phases can provide the most complete coverage and the greatest potential for success. The resources consumed in a combination of phases may not be feasible to every project, however, and when planning a project the goal of maximizing return and minimizing required resource should not be dismissed. An audit that takes place over more than one phase does not need to repeat every step in the process for each stage unless a major change has taken place. A table listing the previously mentioned steps, what phases they take place in, and if they need to be repeated without a major change can be seen below. Stages the steps apply to are marked with an X. Need for repeated steps when an audit takes place over several stages are marked Y for yes or N for no.
Step | Pre | During | Post | Repeated? |
Project Familiarization | X | X | X | N |
Process/Tools | X | X | X | N |
Communication/Management Plan | X | X | X | N |
Interview | X | X | X | Y |
Sample | X | X | Y | |
Actual Communication/Management | X | N/A | ||
Defect Evaluation/Correction | X | X | Y | |
Report | X | X | X | Y |
Simulation | X | N/A | ||
Remaining Defects | X | N/A | ||
Undiscovered Defects | X | N/A |
Considerations for combination of phase auditing include:
Once an audit has transpired, the auditing entity needs to communicate its findings in a meaningful manner to the appropriate people. This is often done as a series of written statements declaring intent, entity responsible for initiating the audit, reference to material covered, and result of the audit. When appropriate, a disclaimer is included depending on the circumstances of the audit. The findings of an audit are not intended as a definitive analysis of the subject being audited. It is intended to sample the subject matter, and to present the trends found therein, either through a statistical presentation, or as a more informal report. For instance, if an audit were performed on test cycle A, the report may include a statement such as: “We find test cycle A, in accord with current testing standards, likely to acceptably find all essential bugs and the majority of minor defects prior to the release of this project in the given time frame required by management”. Other potential reports may convey:
Positive· Can provide extra credibility to the product.
· Improvement of process and tools. · Costs fewer resources than a full and exhaustive test of the product. · Can save resources in the long term by helping prevent wasteful or incomplete efforts. · Can help preserve company image by reducing likelihood of failed product release. · Builds confidence of management in product delivery. · Peace of mind a product conforms to standards and requirements. · Provides an evaluation method for a new testing team |
Negative· Can increase time/resource expenditure.
· Can convey a sense of distrust to your testing team and lower morale. · Poorly performed audits can cause unfounded sense of security or false positives. · Having external sources reviewing your material can be uncomfortable. · Positive impact of audit may not be readily apparent.
|
Audit testing is a progeny of the expanding IT industry, necessitated by the expansion of its toolbox and scope. It is not intended to completely replace a full test cycle, instead aiming to supplement and confirm the delivery of the testing process. The impact of audit testing is dependent on when it is implemented, and on a thorough follow-up. For maximum return, an external auditor should be used with access to the tools, processes, results, personnel, documentation, standards, and expectations of the project. The results of an audit deal in likelihood and statistics and do not convey 100% coverage of the product.