Task: Perform Configuration Audit
Defines how to perform a Configuration Audit.
Disciplines: Configuration and Change Management
Purpose
To verify that the configuration items are accurate, complete and are according to established policies.This includes to ensure that established quality assurance procedures have been followed throughout the project lifecycle and there is a consistency in documenting the configuration items. 
Relationships
RolesPrimary Performer: Additional Performers:
InputsMandatory:
    Optional:
    • None
    Outputs
      Steps
      Perform Physical Configuration Audit

      A Physical Configuration Audit (PCA) identifies the components of a product to be deployed from the Project Repository.  Steps are:

      • Identify the baseline to be deployed (typically just a name and/or number, but may also be a full list of all files and their versions).
      • Confirm that all required work products, are present in the baseline.  List missing work products in the Configuration Audit Findings

      Other Levels of Physical Configuration Audit

      Some organizations use a physical configuration audit to confirm consistency of design and/or user documentation with the code.  It is recommended that this consistency checking be performed as part of the review activity throughout the delivery process.  At this late stage, audits should be restricted to auditing that required deliverables are present, and not reviewing content.

      Perform Functional Configuration Audit

      A Functional Configuration Audit (FCA) confirms that a baseline meets the requirements targeted for the baseline.  Steps for performing this audit are:

      • Prepare a report which lists each requirement targeted for the baseline, its corresponding test procedure, and test result (pass/fail) for the baseline.  
      • Confirm that each requirement has one or more tests, and that all tests of the requirement have passed.  List any requirements without test procedures, and requirements with incomplete or failed tests, in the Configuration Audit Findings. 
      • Generate a list of Configuration Reviews(CRs) targeted for this baseline.  Confirm that each Configuration Review has been closed.  List any CRs which are not closed in the Configuration Audit Findings.
      Report Findings

      If there are any discrepancies, then these are captured in the Audit Findings.In addition, the following steps should be taken:

      • Identify corrective actions.This may require interviewing various members of the project team to identify the source of the discrepancy and appropriate corrections:
        • For missing work products, the appropriate action is typically to place the work product under configuration control, or to create a Configuration Review(CR) or task to create the missing work product.
        • For untested or failed requirements, the requirement may be targeted to a later baseline, or negotiated for removal from the set of requirements.
        • For un-closed CRs, the CR may simply need to be closed, or it may need further testing, or deferred to a later baseline.
      • For each corrective action, assign responsibility and determine a completion date.