AUDIT MATURITY MODEL | FEATURES | BENEFITS

 AUDIT MATURITY MODEL (AMM)

The audit Maturity Model (AMM) framework will provide organizations with an assessment of the maturity of audit and review processes/capabilities in the perspective of auditing capability, along with recommendations for achieving higher levels of maturity. This will ensure assessment of not only the basic hygiene factors but also of engagement maturity and business excellence. At the bottom level, audit/review activities are informal, chaotic, and adhoc. Reviews and audits are carried out mainly on a reactive basis to understand and correct burning project issues. Hence the success of the reviews and audits depends on the skill of the people conducting the reviews & audits. There is no Software Quality Assurance (SQA) group defined to assess the audit process. This level can be called Level 1 initial. There is no formal auditing team to meet the basic objective.

For any world-class organization, quality compliance to its standard s-oftware process [1] is considered a basic hygiene factor. ISO [2] and CMMI [3] are official certification/assessment for this which each business unit must ensure. In today’s business scenario, the focus of the Quality Assurance (QA) function needs to be elevated from traditional compliance-related aspects to more value-added services to justify its presence to meet business objectives. Audit function, instead of ensuring mere compliance needs to be much more matured to prevent delivery outage and to achieve business excellence which are the call of the day for survival and to prove oneself best in class in the industry.

CHARACTERISTICS OF THE AUDIT MATURITY MODEL (AMM)

This audit model automatically helps to ensure process compliance. Organizations assessed at CMMI level 2 or certified in ISO, AMM helps to ensure compliance to the organization standard software process, thereby confirming basic hygiene.

 • At a lower maturity level, basic risks are identified and mitigation actions are planned so that the higher maturity level can focus on more vital aspects and identify more business-critical risks.

 • Delivery management, product quality, and process adherence risks are proactively identified till maturity level 4 which helps in enhancing execution maturity. • Maturity Level 5 reinforces client expectations by identifying and mitigating business risks in the area of Finance, Customer Relations, Employee, Infrastructure, and Security. 

BENEFIT

• A Maturity Level rating assessment of quality assurance function in the perspective of auditing capability will be available

 • Helps to comply with basic hygiene factor-like ISO and CMMI once audit maturity level 2 is achieved

 • Findings that describe the strengths and weaknesses of the organization relative to the AMM

 • Consensus regarding the organization's key quality management area.

 • An appraisal database in the quality assurance area that the organization can continue to use to monitor quality assurance process improvement progress and to support future appraisals 

 • A proactive risk identification and mitigation for all projects of organization in the area of delivery management, process, product, and business area

 • Engagement to execution level maturity of an organization 

 • Align the vendors/suppliers, the organization, and its customers as part of a single to reap maximum efficiencies and thus achieve business excellence

CHALLENGES 

Followings are identified challenges to implementing the Audit Maturity Model (AMM) framework:

 • The commitment from higher management (required for conducting level 5 audits) will be a key challenge as they need to understand the maturity assessment value addition based on their business objective.

 • Identifying each aspect of the audit checklist for each level would be crucial as this is cost-effective in terms of technology, resource, and training. 

 • The level of manual expertise at the internal or external organization level would be crucial. 

 • Identified findings or risks logging will be a true challenge. Coordination and further risk mitigation, in all levels, need to be synchronized to meet the business objective.

CONCLUSION

 The Audit Maturity Model (AMM) and its implementation is a new concept in the area of quality assurance to unveil maturity assessment at different levels. Here a lower maturity level forms the basis of the next higher maturity level and hence it is not possible to achieve maturity of a higher level if a lower level is skipped. Hence audit maturity can be achieved stage wise from level 2 upwards. This model strengthens the organization's standard process compliance at level 2 with all basic hygiene of process compliance and data quality. Level 3 focuses on process maturity and quality of deliverables by unearthing the risk of product quality. At the next level, the delivery outage has been prevented by proactive risk identification of delivery management area and finally, at the top level, business risks in the area of finance, customer relations, employee, infrastructure, and security. Based on the impact of business risks, varying levels of rigor are also implemented to check aspects in the bottom three levels. Hence, it is a synchronized pre-emptive method of enrichment from a conventional to a more business-focused state. Proper mitigation of these risks can ensure the success of the project and ensures customer satisfaction. The benefits identified for this framework far outweigh the challenges identified.