To audit means to go through the process of examining and verifying a company's financial records and supporting documents. While a business might go through an audit for any number of reasons, such as wanting to attract investors, get a loan, or sell the business, for many business people the word "audit" is welded to the words "income tax". An income tax audit is an inspection and verification of a company's records and supporting documents conducted by a CRA (Canada Revenue Agency) auditor. The CRA doesn't just conduct income tax audits, however; they perform audits of any CRA accounts, including auditing GST returns and claims for rebates. According to the CRA's Guide For Canadian Small Businesses, an audit usually takes one to two weeks, and involves "an examination of your ledgers, journals, bank accounts, sales invoices, purchase vouchers, and expense accounts." They go on to point out that the audit process may involve touring your business premises, and seeking information and assistance from your employees. As the CRA performs a certain number of audits each year to monitor compliance, it's wise to be certain that your business records are well-kept, complete, and always "audit-ready".
We can also say that the word audit has two meanings. The first is the security audit, whereby a consulting firm comes in and validates a company’s security profile. This is similar to how accounting firms review a company's books. The second term is infosec specific, and means an "auditing" subsystem that monitors actions within the system. For example, it may keep a record of everyone who logs onto a system. Such a record is known as an audit trail.
A 20 Step Procedure for Auditing a Function Point Count
1.Was the task of counting function points included in the overall project plan? All activities the project team engages in should be an item in the project plan. Ensure that adequate amount of time has been dedicated to achieve to complete the task. 2.Is the person performing the function point count trained in Function Point Counting? Are they certified?
To often function point individuals not trained in function point counting complete counts. Formal classroom training may not be necessary, but the individual conducting the count should be familiar with IFPUG 4.1 counting rules.
It is even better if the person completing the count has passed the IFPUG Certification exam. Passing he exam does not guarantee accurate counts, but it does guarantee a minimal level of competency. 3.Were IFPUG 4.1 Counting Practices Manual followed?
4.Did the function point counter use current project documentation to count function points? If not how old was the documentation? 5.Did the project team participate in the function point count? The project team should be the most knowledgeable individuals regarding the functionality being delivered to the user. They are the best source of information regarding the project. Frequently the project team is left in the dark when a function point count is completed. The function point counter gathers some documentation and sits in a room for a few days and out comes a function point number. This will cause the project team to question the accuracy of the number. 6.Was internally developed function point counting guidelines followed? 7.Was the application counted from the user's point of view? 8.Was the system counted from a logical and not a physical point of view? 9.Does the established boundary for the FP count match the boundary of other metrics (time reporting, defect tracking)? If not, why? 10.If the function point count was for an enhancement was boundary the same as the boundary for the application? If not, why? 11.Has the boundary changed? If so, why?
12.Was any tool used for function point counting or was the count done manually? If the count was done manual a review of the arithmetic needs to be done. 13.Do the individual Function Point...