Email this page to a friend   

Email to a friend

Configuration Audit

A configuration management process that confirms the integrity of a systems product prior to delivery. There are two types of configuration audits:

  • Functional audit. The objective of the functional audit is to provide an independent evaluation of a software product, verifying that its configuration items' actual functionality and performance is consistent with the relevant requirement specification. This audit is held prior to software delivery to verify that all requirements specified in the Software Requirements Specification have been met.
  • Physical audit. The objective of the physical audit is to provide an independent evaluation of a software product's configuration items to confirm that all components in the as-built version map to their specifications. Specifically, this audit is held to verify that the software and its documentation are internally consistent.

Who Conducts Configuration Audits?

Configuration audits may be conducted by the software quality assurance, the configuration management or the verification and validation functions.

Why Audit the Configuration?

Configuration audits are conducted at the end of each life cycle phase. They verify that:

  • All required configuration items have been produced
  • All configuration items produced comply with the specified requirements
  • Technical documentation completely and accurately describes the configuration items
  • The Configuration Item Register accurately describes designated baselines
  • All approved change requests have been resolved
  • At the completion of development, the software or systems product is ready for delivery.

What Can Happen If You Don't Audit the Configuration

Scenario 1 - Missing Features

A multi million dollar system is shipped to a customer with three important features missing.
The customer's business is disrupted.
The missing features were clearly specified in the Contract Software Requirements Specification.
The customer successfully sues the developer for damages.

Solution: Set up an independent group within the project to determine that the software product complies with its specifications as it is being developed and on delivery. A thorough functional configuration audit would have kept this company out of court.

Scenario 2 - An Unmaintainable System

A steel company installs a complex control system in their rolling mill. Seven years later the computer hardware platform ceases to be supported by its supplier. The company initiates a project to refactor the software for a new hardware platform. After searching the archives the project team realises that they cannot guarantee that the source code on file exactly matches the executables running on the operational system. Further, the requirements specifications and design descriptions have been lost.

They decide to redesign the system from scratch. What should have been a three man month project is transformed into a five-man year monolith.

Solution: Prior to commissioning the system this company should have conducted a physical configuration audit to confirm that:

  • All documentation was present and accurately described the system to be commissioned
  • All source code was maintained in a secure repository and reflected the executables in the deployed baseline.

Failure to perform these simple checks routinely costs companies millions of dollars.



Member Comments


20 member ratings

✭ ✭ ✭ ✭ ✩

RE Definition: Configuration Audit

Test CPS

By I Gordon » Thu 02-May-2024, 18:07, My rating: ✭ ✭ ✭ ✭ ✭

Merci de partager votre expertise, vos idées sont vraiment précieuses. Je me mets au défi d'atteindre des scores Test CPS à deux chiffres !

25 Comments  • Page 1 of 25 •         1   2   3   4   5  …25 » Next

- Rate this definition.
- Did it help?
- Suggest improvements.
- Request more information.
- Exchange ideas with our member community.

Email to a friend