How can conducting an application audit mitigate our risk?
You should typically run the application audit on a dedicated machine forcing the development team to handover all required source code items (dll’s, certificates, …). Even though the purpose of running an application audit is to gain insight into the quality of the application, it turns out that in most cases compilation is an issue in terms of missing components, hardcoding etc. Which is in itself is a bigger risk when teams / ownership changes.
Why should I link payment milestones to software quality improvements?
How should I open a discussion on Quality Assurance with my management?
Make sure to use an application auditing platform providing meaningful dashboards to management. Dashboards which are easy to interpret for IT illiterate resources. When doing so you have a sound basis for enabling discussions on the value of IT assurance, which are typically neglected as focus is on creating a product and gaining marketshare.
How should I open a discussion on Quality Assurance with my developers?
Most developers have limited ideas on the quality of their code. Quality is typically related to the number of defects, however application quality is much broader and needs to be looked at from different angles: transferability, changeability, robustness, performance and security.
Which quality assurance process should I follow in parallel to the growth of my company?
A typical quality assurance process follows a 4 step process, whereby continuous improvement is key. An average exercise requires between 5 and 10 man days of work. This cycle is repeated typically 2 à 3 times a year, however most companies limit it to 1 time a year due to time / budget constraints.
What is the added value of Quality Assurance for investors, if at all?
Quality assurance is important throughout the entire investment lifecycle. During the dealflow (investment) phase focus lies on value assessment and risk mitigation, whereby during the growth / scaling phase focus should be on continuous improvement / control and value augmentation. During divestment (exit) quality assurance is of importance to support the value assessment (vendor due diligence).
We would like to assess the technical maturity of our software applications. Where do we start?
Several niche tools are available to assess best practices applied in coding, depending on the technology used. However some application quality tooling exists covering multiple technology platforms. Most of them focus only at the code level, and not on the database, nor application level.
We have developed our own business application together with a small, local IT boutique. Is there any risk in doing so?
Be aware that custom developed code might be a risk in itself in case your local IT boutique would cease to exist. Mitigate risk by assuring the future of your business critical software applications. As a software user, you trust your supplier to provide support and maintenance for your applications. However, this dependence can represent a significant risk, particularly where business-critical applications are concerned. A trusted escrow agency can help you to eliminate these risks. Make sure to select an escrow agency who does perform the necessary validations / checks. The source code for your licensed software, the expertise to implement it and the rights to your software belong to your software supplier or developer. This creates a potentially disastrous situation if the software fails and your software supplier is unable to carry on supporting and maintaining the product due to a merger, acquisition, legal dispute or insolvency.
An escrow agreement is a simple contract between a software supplier, end user and independent third party escrow company designed to mitigate this risk and protect all parties involved.
With escrow you can be sure that you can access the source code of your key software applications should you ever need to do so. This means that you will be able to use that source code to continue to maintain the software either in-house or by engaging with another supplier, whether that be for further bespoke software development or to fix any issues.
Setting up an escrow agreement is easy and done in three simple steps:
We are in need for a consistent approach & tooling to assess the maturity of the company from an IT perspective. How do we approach this?
From a People / Process / Technology point of view, multiple maturity models can be applied (Cobit, CMMi, ... ). When looking at the functional maturity of your product, a roadmap review or industry benchmarking can be executed together with a SWOT analysis and / or function point analysis. At the technical maturity of your product an application audit can be performed.
How can I make sure that my ICT is managed well and potential risks are properly mitigated even though our company size does not allow for a full-time dedicated ICT resource?
Know that nowadays IT management service offerings (CIO-As-A-Service) exist whereby your team is complemented with the appropriate skills (team) in line with your needs and budget constraints.