Page 266 -
P. 266
CHAPTER 9 SOFTWARE CONFIGURATION MANAGEMENT 237
9.6 CONFIGURATION AUDIT
Identification, version control, and change control help the software developer to
maintain order in what would otherwise be a chaotic and fluid situation. However,
even the most successful control mechanisms track a change only until an ECO is
generated. How can we ensure that the change has been properly implemented? The
answer is twofold: (1) formal technical reviews and (2) the software configuration
audit.
The formal technical review (presented in detail in Chapter 8) focuses on the tech-
nical correctness of the configuration object that has been modified. The reviewers
assess the SCI to determine consistency with other SCIs, omissions, or potential side
effects. A formal technical review should be conducted for all but the most trivial
changes.
A software configuration audit complements the formal technical review by assess-
? What are the ing a configuration object for characteristics that are generally not considered dur-
primary
questions that we ing review. The audit asks and answers the following questions:
ask during a
configuration 1. Has the change specified in the ECO been made? Have any additional modifi-
audit? cations been incorporated?
2. Has a formal technical review been conducted to assess technical correct-
ness?
3. Has the software process been followed and have software engineering stan-
dards been properly applied?
4. Has the change been "highlighted" in the SCI? Have the change date and
change author been specified? Do the attributes of the configuration object
reflect the change?
5. Have SCM procedures for noting the change, recording it, and reporting it
been followed?
6. Have all related SCIs been properly updated?
In some cases, the audit questions are asked as part of a formal technical review.
However, when SCM is a formal activity, the SCM audit is conducted separately by
the quality assurance group.
9.7 STATUS REPORTING
Configuration status reporting (sometimes called status accounting) is an SCM task that
answers the following questions: (1) What happened? (2) Who did it? (3) When did it
happen? (4) What else will be affected?
The flow of information for configuration status reporting (CSR) is illustrated in
Figure 9.5. Each time an SCI is assigned new or updated identification, a CSR entry
is made. Each time a change is approved by the CCA (i.e., an ECO is issued), a CSR
entry is made. Each time a configuration audit is conducted, the results are reported
