IT Audit: Prevention Is Better Than Cure. Development Processes Audit

IT Audit: Prevention Is Better Than Cure. Development Processes Audit

Umbrella IT

If you choose to develop the product, it shall be developed well and efficient.

In continuation of the article series, we are going to tell you about the project development audit. This means checking the processes used by the team when creating this or that IT product, which have a direct impact on the quality of the final product. And the quality, in its turn, influences upon your brand awareness, profit growth, production increase, etc.

The higher is the product quality, the more chances you have to develop your business successfully. Why not to take care of setting the high standards from the very beginning?

This is why the development processes audit is required: we check the way the team works, find the bottlenecks and eliminate them, determine the potential opportunities and turn them into strengths.


What is the right way to organize the workflow and which tools and methods shall be applied - this can be a topic for a long and extended discussion. But anyway, every team will do it on its own, and there is nothing wrong with it (creative and innovative approach is and will remain in demand). We just want to emphasize that in case of regular problems in the work of a team or with a team, do not wait for the things to even out by themselves. The more effective measure will be to have the project management and workflow processes audited and to adjust them or optimize if required.

The first indications to warn of the team performance audit required:

  • nature of communication between the team and the client is shifting toward negative;
  • repeated lack of understanding and/or misunderstanding both inside of the team and between the team and the client;
  • processes are not transparent and clear for the client;
  • no systematic approach is applied to handling  non-routine situations;
  • information received by the client is not always unified, and the data are contradictory, etc.


The following procedure shall be followed in order to find the stumbling block and to eliminate it:

  • to study carefully all internal processes: who is in charge for communication with the client, how are the tasks distributed, how is the tasks performance monitored, who is responsible for coordinating the team members actions, etc.;
  • to check how the processes are applied in practice, this means we practically live the team’s life - take part in their meetings, watch them working with the development tools, etc.;
  • to define bottlenecks within the processes: what requires most time, which tasks engage the most number of people, which processes are poorly monitored, which blocking issues appear regularly and brake the development process, etc.;
  • based on the bottlenecks detected, to assess whether the roles are distributed reasonably and efficiently within the team;
  • to define and suggest changes for the processes that are critical for the team and the client now, and recommendations for the processes that may be optimized in the future with the aim to improve the team performance


The scope of this type of the audit includes three significant areas:

  • project planning;
  • project management;
  • project development.

Let’s consider every area for more details.


What benefits do you get?

After the project-planning-related processes have been audited, the bottlenecks defined and the recommendations for required changes and improvements fulfilled:

  • the process becomes controllable, the deadlines are met, the budget does not need to be endlessly extended;
  • consequently, the costs reduce that are related to failures to meet deadlines;
  • the processes grow transparent for the client: enhanced opportunities to plan product and budget development;
  • launches are successfully completed/ deadlines are met, the team does not have to work overtime/at nights to finish in time, every stage of the project is completed on timely basis.

What do we check?

  • High-Level Planning
  • whether the road map is used, whether it is updated and realistic;
  • what is the level of detail applied in the road map (2 lines or detailed specification);
  • what is the way to record the progress, and whether it is transparent to the client.
  • Budget Management
  • whether the budget spent is traced and in what way;
  • what budget share is exceeded and for what reasons;
  • whether the costs correspond to the expectations, if not - why.
  • Risks
  • what is the way to detect risks and when;
  • whether they are discussed with the product owner;
  • which risks are included by the team initially;
  • whether the team exercises the retrospective review of the projects and checking the risks to find out, which risks arose and what could have been done to prevent it.
  • Resources Planning
  • what is the approach to resources distribution;
  • who is in charge for distribution and monitoring;
  • whether planning corresponds to the actual flow; whether the resources planning is adjusted in the course of the project implementation.


What benefits do you get?

Like any other project, the developers' workflow needs good organization and management. The following can be achieved as a result of auditing and optimization of the IT project management:

  • the product owner understands the transparent process dynamics, and may plan further activities;
  • information losses are minimized;
  • the team performance increases due to a more clear understanding of tasks and allocation of responsibilities, this results in regular compliance with deadlines and budget limits.

According to the results of the developers survey by Stack Overflow (it covered 56 033 developers from 173 countries), the top positions are those related to the project management.


What do we check?

  • Current Documents
  • the documents are checked for availability and relevance, structure and completeness.
  • Tickets (tasks for developers)
  • where they are kept and in what way the tasks are set;
  • whether they are identically interpreted by the developer, PM and the client; whether the status of each task is clear at the definite moment;
  • if the tasks are not fulfilled (“on hold” status) - whether the reason is clear, why the task is postponed or blocked, or in the process for so a long time;
  • whether the task is complemented with the history;
  • whether the persons in charge of the task are clearly defined.
  • Communication
  • approach to communication both inside of the team and with the product owner;
  • to what extent is each team member aware of the current project status;
  • whether the project is discussed by the team;
  • whether the status is transparent for the manager;
  • what decision-taking procedure is used;
  • whether there is any channel for fast and easy communication;
  • what is the way to record agreements with the client: whether the team activities are transparent for the client;
  • in what way the client provides the feedback, who is the contact person to be informed of the client’s changes and what is the way to communicate them;
  • in case of several product owners: in what way they achieve the agreements, who synchronizes them, what communication channels are used;
  • how frequent is the communication with the client, whether there is one point of contact or everyone contacts the client separately.


What benefits do you get?

Benefits obtained as a result of checking all processes, tools, and methods used directly for the product development, are obvious:

  • the product has less bugs;
  • the application functions more stable;
  • more frequent releases are made.

What do we check?

  • Development Environment
  • whether the special environment is used: development (used by the developer in the course of coding) and staging (used for app preliminary testing), and separately, production (where the functioning application is started).
  • Processes Used
  • Continuous Integration: as process of code transfer into the main repository after testing;
  • Continuous Delivery: as continuous process of delivering the updates of the functioning product without any damages to the existing features after checking by testers;
  • Continuous Deployment: as a continuous process of automatic deploying new features and changes in your app (without any experts involved).

For example:

The deploy takes, on average, 15 minutes, and in a week it amounts to 2.5 hours (twice a day).

And setting up the auto-deploy takes on average 3-6 hours depending on the complexity of the app, while after that the process runs automatically. The time spared can be used for other tasks.

  • Coding Collaborative Tool (service where the source code and its versions are saved, that allows working with versions and keeping the source code up to date at any stage of development)
  • whether the tool is used or not, and in what way is it used to minimize the bugs;
  • whether the code is up to date.
  • Code Review
  • whether the review is performed in the course of development.
  • Testing: Manual Testing and Autotests (scripts simulating the user’s actions in the app with the aim to detect eventual bugs)
  • whether they are performed successfully; if not, looking for the reasons, etc.


As the team performance auditor is ready with the job, you will have at hands the audit report listing the bottlenecks and weak points detected in the project planning, management, and team workflow. In addition, you will receive recommendations and suggested changes. And that’s all for one purpose only: to demonstrate your improvement opportunities both for the process itself and for the finished product.

It’s up to you to decide what is intended for the recommendations and proposals in the future. We would recommend not to lay the strategic issues on the shelf and assign resources and budget to them. The main idea is: do not salt away the experience gained but make it work for you.

If you do get interested in the way your IT product is developed, or have any questions left  - please, be reminded, that Umbrella IT is always contactable.