How to audit cmmi3 SQA

QA audit includes two major parts: process audit and product audit. process audit can include: 1) Audit of project planning activities; 2) Audit of peer audit activities; 3) review of SCM activities 4) Review of test activities 5) Audit product audits of project tracking and monitoring activities, mainly document audits ~ What to do and what to pay attention to depends on what aspects your company focuses on through QA management, or what requirements there are in the quality system. For example, please refer to the following example: ----------------- 1. QA process Audit Activity 1.1 audit of project planning activities whether the project plan is based on the estimated project size and workload; communicate with the project team members to understand their division of responsibilities, have you estimated your work, have you referenced historical data of similar projects in the past, and have the project manager estimated the same as their estimates? Have you understood the main technologies and tools used by the project, whether the project team members have application capabilities, training requirements, and training plans can meet these requirements; whether the Project Plan considers the time and workload of project management, whether the review time and the revised time after the review are taken into account. 1.2 check whether the peer review activities are carried out in accordance with the plan and specifications, whether the Peer Review chairman and members are identified in advance (ensure that the peer review on demand and design is attended by testers in the early stage to ensure the availability of the document
 

 
Testing); Notify the reviewer by email whether to send the product and peer review checklists in advance, and request the reviewer to report the problem list before the meeting; communicate with the peer reviewer to see if each reviewer has submitted a defect feedback form. Otherwise, the reviewer may suggest to postpone the meeting. participate in the peer review and check whether the recorder is identified at the meeting, check whether the problem is identified, whether the Chairman effectively controls the meeting, and finally gives the review conclusion; whether to submit the Peer Review summary report and defect record tracking form for the identified defects after the meeting; check whether any problems found during peer review are resolved. 1.3 Review of SCM activities whether the configuration management and changes of configuration items comply with the configuration management process and corresponding processes, that is, whether the draft configuration items are checked into the working database as soon as possible, after being controlled, whether to put it into the controlled database or whether it has been controlled, baseline content
 

 
Whether to be included in the baseline database on time. 1.4 review the test activities to verify whether the entrance criteria for each test phase are met and whether the submitted test analysis reports are reviewed in the same row, communicate with testers to check whether the test plan and test cases are fully executed and passed,
 

 
Check the defect Manager
 

Measure the test taker's knowledge about the quantity, distribution, severity, and Occurrence Trend of the test defects. 1.5 check whether the audit and verification activities for project tracking and monitoring activities are carried out as planned, that is, communicate with the project manager and project team members to check whether their current activities are carried out according to the planned time; whether the product has been submitted to the configuration database; whether the project team regularly holds regular meetings as planned; whether the project team has submitted the personal workload measurement table as planned, summarized the data, and reviewed the measurement data; analyze the collected data for deviations and trends, and inform the Project Manager of the deviations. We recommend that you take appropriate measures and follow up and resolve them. Audit work products; Project Plan project plan is a guide for project activities, a standard for project managers to track projects, and a basis for QA to monitor project activities. Audits the following content of a project plan: whether all work products to be submitted are defined; whether peer reviews or reviews are arranged during the planned product submission time; and whether milestones are set; communicate with the project manager to understand the resource requirements and technical difficulties of the project, check the risk list to check whether the project plan has fully estimated the risks, and whether the corresponding preventive measures have been provided; whether the Key Path threshold value is set properly, whether a large threshold value is set for a difficult or risky Key Path, and whether the estimation of the project is based on historical data; whether the reference to the coordination plan between groups is correct and whether the estimation of the dependency between groups is sufficient. Whether the number of defects recorded in the peer review document audit peer review summary report is equal to that recorded in the reviewed defects summary report, and whether the defects identified at the meeting are fully recorded, check whether the defects in pending status are approved by the Project Manager;
 

 
Review defects and
 

 
Check whether the table audit product has completely improved the defects. Requirement tracking: Check the list of requirements of the business requirements and the assigned software in the requirement tracking matrix. Audit whether the requirement specification fully covers each item of the business requirements. Whether the audit design fully covers
 

 
Each requirement; whether the audit requirement is covered by the system test cases; whether the audit design is covered by the integrated test cases. SCM audits whether or not the baseline control and controlled management Sci of the SCM plan is complete
 

 
Check whether the structure of the project work library, controlled library, and baseline library is consistent with that of the SCM plan, and whether the SCM submits configuration status reports on a regular basis; check the recipients listed in the change status tracking table
 

Whether the SCI affected by the change has been changed to maintain consistency and traceability, whether the change is closed, and audit the configuration item audit report of SCM. 2 QA product audit activities QA participates in product technical evaluation
 

 
Review, and checklist the plans, documents,CodeAudit: during the audit process, the discovered non-conformities should be confirmed with the project manager and the non-conformities should be recorded in the non-conformities report. For example
 

 
The work done in QA audits test plans and test reports is: whether to arrange all required testing activities and whether the quality characteristics to be tested can meet the quality requirements of the software, whether the required requirements are planned
 

 
Test by nature, maintainability or security, audit test analysis report, whether the defect data in the test analysis report is consistent with that in the defect tool, and whether the test analysis report is confirmed by the Project Manager.
 

 
Whether the output meets the quality requirements specified in the project plan.
 

================== From Baidu ==============