审计功能点估算(上)—收集和评估证据
发表于:2008-01-24来源:作者:点击数:
标签:审计功能
Introduction 简介 The very term auditor and audit makes many of us feel uncomfortable. Many industries have independent inspectors and auditors. As function points become more widely used and become a more important part of decision making,
Introduction
简介
The very term auditor and audit makes many of us feel uncomfortable. Many industries have independent inspectors and auditors. As function points become more widely used and become a more important part of decision making, those using the function point counts will want them independently reviewed and audited. Auditing is the process by which a competent, independent person a
clearcase/" target="_blank" >ccumulates and evaluates evidence about quantifiable information related to a specific entity for the purpose of determining and reporting on the degree of correspondence between the quantifiable information and established criteria.
一说起审计师和审计,我们中的许多人都会感到不安。如今,许多行业都有独立的监察员和审计师。随着功能点算法应用日渐广泛,并成为决策支持的重要组成部分时,那些使用功能点
估算的结果需要被独立复审和审计。审计是一个由权威、独立的专业人士,收集和评估特定实体的大量信息证据,并根据这些大量信息和已建立的标准之间的吻合程度进行决策和汇报的过程。
Like other industries that have prescribed guidelines (such as accounting), independent auditors can provide valuable feedback on the actual function point count and the overall function point counting process. An function point auditor should be independent, but an auditor can be still be inside your company, perhaps part of your metrics team, or they can be an independent third party.
和其他有既定指导方针的行业(如会计业)一样,独立的审计师可以对实际功能点估算和整个功能点估算过程提供很有价值的反馈。原则上审计师应该是独立的,但仍可来自企业内部,可以是你的
度量团队中的一部分,也可以来自是独立的第三方团队。
To do an audit of any kind, there must be information in a verifiable form and some standard (hopefully IFPUG 4.0) by which the auditor can evaluate the information. The auditor may go to the business premises to examine records and obtain information about the reliability of the function point counts. On the other hand, there may be adequate information that can be sent to the function point auditor that can be reviewed off site.
任何一项审计都必须有可证实的信息和一些标准(最好是IFPUG 4.0)做为评估的依据。审计师可能会做一些商业假设来审核记录,并获取功能点估算的
可靠性信息,另一方面,审计师也需要足够多的信息,以便离开评估点现场后仍可以复审。
Accumulating and Evaluating Evidence
收集和评估证据
Reviewing a function point count to insure IFPUG 4.0 counting guidelines were followed would be considered a compliance audit. The purpose of a compliance audit is to determine whether the function point counts follow specific procedures and guidelines set down by the IFPUG Counting Practices Committee. The results of a compliance audit are generally reported to someone within the organizational unit being audited rather than to a broad spectrum of users.
审核功能点估算过程以确保其遵守了IFPUG 4.0 估算指导方针被称之为
兼容性审计。兼容审计的目的是审核功能点估算是否遵守IFPUG估算实践委员会制定的每个程序和操作规程。其结果通常被汇报给被审计的组织单位里的某个人,而不是大多数用户。
Evidence is defined as any information used by the auditor to determine whether the function point count being audited is in compliance with IFPUG guidelines. Evidence can take many different forms, the function point count, system documentation, conversations with developers and users, and interviews with individuals that conducted the original count. The auditor gathers evidence to draw conclusions.
证据即审计师用于决定被审计的功能点估算是否遵守IFPUG指南的所有信息。证据有很多种表现形式,如功能点数据,系统文档,和
开发人员、用户的交谈信息,和执行最初估算的人的面谈信息等。审计师收集证据并由此分析出结论。
Of course the function point count itself can be used as evidence, but using the function point count alone would be severely inadequate. It is impossible to determine the accuracy of a function point count without evaluating additional evidence.
当然,功能点数据本身也可以做为证据,但只使用功能点数据是远远不够的。想单纯使用功能点数据而不评估其他证据就得到正确的功能点估算是不确实际的。
If an auditor was given the task of auditing a company with 500,000 function points it would be impossible to review every count. The auditor may select only 20 or 30 applications to actually audit. The actual sample size will very from auditor to auditor and audit to audit. The decision of how many items to test must be made by the auditor for each audit procedure. There are several factors that determine the appropriate sample size in audits. The two most important ones are the auditors' expectations of the number of errors and the effectiveness of the clients internal function point counting procedures. The suggested procedures at the end of this document can help in determining both of these criteria.
比如,如果一个审计师接到一个有500000个功能点的公司的审计任务,那他就不可能逐一审计每个功能点。这时候,审计师会只选择20到30个应用去做实际审计。实际审计样本的大小因人而异,且每次审计都会有所不同。其数量必须由每个审计师针对每次审计决定。样本大小选取的合理性取决定于几个因素,其中最重要的两个因素是审计师对错误数量的预期和客户内部功能点估算程序的有效性。本文最后建议的20步曲可以有效帮助你决定这两个因素。
Additionally, the evidence must be pertain or be relevant to the audit. The auditor must be skilled at finding areas to test or review further. For example, the auditor may determine during conversations that their was some confusion about external inputs and external interface files. In this case, the auditor would review the actual system documentation and the function point count to insure that the all the external input and external interface file were treated correctly. Another example, would be that the function point counter had never counted a GUI application. The auditor would review a series of screens and determine if the original counter had correctly counted such items as radio buttons, check boxes, and so on.
另外,证据必须依附于审计或和审计相关。审计师必须擅长发现那些要进行验证或进一步复审的区域。比如,审计师在交谈中发现外部输入和外部接口文件有混淆,在这种情况下,审计师应复审实际系统文档和功能点估算,以确认所有的外部输入和外部边界文件都正确处理。另一个例子,可能功能点估算人员从没做过GUI应用估算,这时,审计师应复查一系列的页面屏幕,以保证如radio boxes,check boxes等这些项都估算正确。
The evidence must be considered believable or worthy of trust. If evidence is considered highly trusty worthy, it is a great help in assisting the auditor with a function point audit. On the other hand, if the evidence is in question such as incomplete documentation (or old documentation) then the auditor would have to scrutinize these areas of the count more closely. Additionally, the auditor should make note in the final report of any evidence they requested and the client was not able to provide.
证据必须是可信的或令人信服的。如果证据被认为高度可信,将大大有利于审计师的功能点。另一方面,如果证据是可疑的,比如不充分的文档记载或旧的文档,则审计师将不得不深入仔细地审核这些地方。另外,审计师应在最终报告中说明有哪些证据是他们要求,而客户不能提供的。
All evidence should be evaluated based upon valuation, completeness, classification, rating, mechanical accuracy, and analytical analysis.
所有证据都应该在评价(valuation)、完整性(completeness)、分类(classification)、分级(rating)、机械准确性(mechanical accuracy)和类比分析(analytical analysis)的基础上被评估。
Valuation: The objective deals with whether items included in the function point count should of been included. Perhaps the original function point count included additional transactions or files that should not of been included.
评价(Valuation):目的是确定功能点估算中包含的检查项是否该包含。有可能最初的功能点估算包含了多余的事务或不应包含的文件。
Completeness: The objective deals with including all transactions and files in the final function point count. It is important that the application team review the final function point count to insure all transactions and files have been included. The valuation and completeness objectives emphasize opposite audit concerns. Valuation deals with potential overstatement and completeness with unrecorded transactions and files.
完整性(Completeness):目的是将所有事务和文件包含进最终的功能点估算。应用小组复审最终的功能点估算以确保包含了所有的事务和文件,这点非常重要。评价和完整性分别强调审计的两个相反的关注点。评价处理那些可能出现的多余事务或文件,而完整性则处理不被包含的事务和文件。
Classification: Classification involves determining whether all transactions and files have been correctly classified. It is important to make sure the external input and external interface file have been classified correctly for example.
分类(classification):分类决定所有的事务和文件是否被正确分类。比如说确保所有的外部输入和外部接口文件都已经被正确分类就非常重要。
Rating: This objective deals with determining if the transactions and files were appropriately ranked as low, average or high. To complete this objective a detail examination of the data elements and files referenced.
分级(rating):分级决定所有的事务和文件是否被正确的划分为低、中、高三个等级。为达到这一目标,详尽的数据元素和文件的检查是值得借鉴的手段。
Mechanical Accuracy: Testing the mechanical accuracy involves rechecking a sample of the computations and transfers of information from one document to the next. Rechecking of computations consists of testing the original function point counters arithmetical accuracy. This is most important if an automated tool was not used while counting function points.
机械准确率(echanical Accuracy):检测机械准确率包括审核样本的计算结果是否正确及信息各文档中的传递是否正确。复查计算结果包含最初功能点数学计算正确性的验证,如果在计算功能点的时候没使用自动计算工具,这个验证就必不可少。
Analytical Analysis: This procedure is another way that a function point count can be validated. For example, the ratio of external inputs, external output, external inquiry, internal logical file, and external interface file can be compared with other applications meeting similar business needs. Also, the general system characteristics can be reviewed and compared to similar applications. Analytical procedures should be performed early in the audit so to help the auditor determine areas that need to be more thoroughly investigated.
类比性分析(analytical Analysis):这个步骤是另一种验证功能点估算的方法。举个例子,外部输入、外部输出、外部查询、部逻辑文件,和外部借口文件的比率是可以和其他相近商业目的的应用进行类比。同样,通用的系统功能的复审也可以和相似的应用进行比较。该步骤应在审计的早期进行,以便审计师可以决定哪些关键区域需要更透彻的审查。
Before an audit or validation of a function point count can take place a procedure should be in place to evaluate a the count(s). A procedure, at a minimum, should cover all the areas mentioned above. The procedure does not have to be a rigid document that is followed, but a guideline to conduct the audit. At the end of this article is a 20 step procedure that should assist anyone with developing their own guidelines or with auditing a function point count.
在审计或功能点估算验证进行之前,都应该有一套程序支持。这套程序最低限度应该涵盖以上提到的四个领域。它不必是一个人人必须遵守的严格文档,但它是审计师执行审计的指导方针。在本文最后提供的“功能点估算审计20步曲”可以帮助审计师编写自己的指导方针,也可以协助他们执行功能点估算审计。
(待续)
原文转自:http://www.ltesting.net