Software Engineering for Auditors

Course Objectives

To give auditors a basic understanding of the Software Development Life Cycle (SDLC) and core software engineering principles.  To provide a methodology for auditors to utilize when evaluating software development projects.


To gain maximum benefit from this course, we would advise the participants should be familiar with the ISO 9001 standard, ISO 19001 auditing practices and have moderate experience in conducting quality management system assessments.

Who Should Attend?

Qualified auditors who would like to expand their understanding of software engineering to help them better perform assessments in software development environments.

Key Session Topics

The Software Development Life Cycle (SDLC)

An overview showing how all the Software Engineering sub-disciplines are touched on when creating a product that includes software components, regardless of the specific SDLC framework in use:

  • Traditional (Waterfall and Hybrid-Waterfall)
  •  Agile
  • Scrum

Software Engineering Sub-Disciplines
An overview of the various sub-disciplines to give a basic understanding of their purpose and place in software development:

  • Requirements Engineering (What do we want to create?)
  • Software Design (How will we create it?)
  • Software Construction (Writing the code!)  aka Development
  • Software Testing (Identifying defects in the software so they can be fixed!)
  • Software Maintenance (The ability to modify software to keep up with changing needs, priorities, and changes to technology)
  • Software Configuration Management (Keeping track of what we’ve created!)
  • Software Build and Integration (Putting all the pieces together and making an application that runs)
  • Software Quality Management (Making sure what was created meets the requirements and satisfies the customer!) aka Verification and Validation
  • Software Production Environments (A place for the software to run!)
  • Software Engineering Management (What a Project Manager does)

Externally Provided Software
Not all software is developed in-house.  We provide an understanding of common external sources of software and how they should be evaluated as part of an audit:

  • Outsourcing (farming out development to an external organization)
  • Free and Open-Source Software (FOSS) (using canned libraries and code fragments from the internet)
  • Commercial Off-the-Shelf Software (COTS ) (using software that has been purchased)

Basics for Auditing a Software Organization
Tying it all together with ISO 9001…what to look for!  A stepwise approach using case studies and workshops to evaluate the effective implementation of any variation of the Software Development Life Cycle against the software-oriented requirements of ISO 9001:2015

  • 8.3 Design and development of products and services
    • 8.3.1 General
    • 8.3.2 Design and development planning
    • 8.3.3 Design and development Inputs
    • 8.3.4 Design and development controls
    • 8.3.5 Design and development outputs
    • 8.3.6 Design and development changes


Glossary of software engineering terms

ISO 9001:2015 audit checklist for software projects

Mapping of key ISO 9001 requirements to Agile development artifacts

Mapping of key ISO 9001 requirements to Scrum development artifacts

Certificate of Attendance