Auditing a Software Vendor 

Auditing your software vendors is a smart strategy for assuring the success of your projects. When contracting with a vendor, you want to be confident that they align with your business goals and can meet your business requirements. Performing an audit enables you to proactively assess the capabilities and professionalism of a potential vendor so you can be assured of a smooth partnership. 

Ask the Right Questions 

An important step in auditing a software vendor is understanding how they work.  

Does the vendor have a “QA department,” and what does that mean? Depending on the company, they may use the term “compliance” for a QA department, or they may use “QA” for a team of software testers. Understanding who is performing quality assurance tasks (and which tasks) helps you understand how testing will be performed on your software. 

How will the software be provided to your company? Understanding the way that the software will be delivered is important to understanding the level of control that you will have. Will your company decide when installation takes place, or how long will it take for implementation? 

Do they have SOPs? Does the company use SOPs for testing, code review, periodic review, change control, system validation, good documentation practice, system security, account management, issue tracking, SDLC, etc.? If they don’t have traditional SOPs, can the vendor prove a repeatable process that the team has been trained to follow? Or are there guidance documents that the team follows when constructing the software? 

Other Considerations: Ask how the company trains employees, but don’t make it the primary focus of the audit as training methods can vary greatly across companies. Look to see if the company has any third-party certifications for the work that they do, which can help ensure quality.  

Ask for Examples 

Ultimately, you want to see what kind of documentation and test results you will get from the vendor.  

Ask to see documentation from a similar project: This might include project plans, user stories, electronically recorded test videos, automated test documentation, traceability matrix, system test result report, and release notes. Is everything readable and complete? Do they follow their process? 

Verify the types of testing they perform: This might include positive testing, negative testing, boundary testing, interface testing, data verification testing, and performance testing. The scope of testing performed by the vendor will tell you about the software's robustness.  

Successfully partnering with a software vendor relies on a strong understanding of how they work and what they can deliver. Auditing potential software vendors will ensure that, when the time comes to put your trust in a development partner, you will get the results that you and your business need.