Configuration Management Audit...

There are two meanings for the project management process of configuration management.

1. It can be used for the process of identifying, tracking, and managing of all the physical assets of a project. The items that you track under configuration management are called “configuration items” in the Capability Maturity Model (CMMI). 
2. It can also refer to the process of identifying, tracking and managing of all the characteristics of the assets of a project. These characteristics can also be referred to as product “metadata.” This is closer to the definition of configuration management in the Project Management Body of Knowledge (PMBOK®) from the Project Management Institute.

The following model describes the five major aspects of configuration management.

Planning. You need to plan ahead to create the processes, procedures, tools, files, and databases for managing the project assets or the metadata. You also may need to gain an agreement on exactly what assets are important, how you will define them, how they will be categorized, classified, numbered, reported, etc. The results of this up-front planning are documented in a Configuration Management Plan.

Part of your planning process should be to assign configuration tracking numbers to each type of configuration item.

Tracking. It’s important to understand the baseline for all configuration items. In other words, for each configuration item, you need to understand what you have at the beginning of the project. In many cases, you may have nothing to start with. In other cases, like physical assets, you may have some assets to begin with. The purpose of your tracking processes is to ensure that you can track all changes to a configuration item throughout the project.

You need processes and systems designed to identify when assets are assigned to your project, where they go, what becomes of them, who is responsible for them and how they’re disposed of. Since a project has a beginning and end, ultimately all the assets need to go somewhere. This could be in a final deliverable, into the operations/support area, scrapped, etc. You should be able to dissect each major deliverable of the project and show where all the pieces and parts came from, and where they reside after the project ends.

Managing. Managing assets means ensuring that they’re secure, protected, and used for the right purposes. For example, it doesn’t do any good to track purchased assets that your project doesn’t need in the first place. Also, your tracking system may show expensive components sitting in an unsecured storage room, but is that really the proper place for them? Managing assets has to do with acquiring what you need and only what you need. You also have to make sure you have the right assets at the right place at the right time.

Reporting. You need to be able to report on the project assets, usually in terms of what you have and where they are, as well as financial reporting that can show cost, budget, depreciation, etc.

Auditing. Auditing involves validating that the actual configuration elements (whatever they are) at any given time are the same as what you expect. Many projects get in trouble when they start to lose track of physical assets (for instance, material, supplies, code or other configuration items) or if the physical characteristics (metadata) of your deliverables is different that what you expect.

The auditing process is used to validate that the configuration elements match up with your expectations. These expectations are based on the original baseline, plus any change requests that you have processed up to the current time.

Source: http://blogs.techrepublic.com.com/tech-manager/?p=370&tag=content;leftCol

Configuration Management

Software Configuration Management is a set of activities designed to control change by identifying the work products that are likely to change establishing the relationship among them, defining mechanisms for managing different versions of these work products, controlling changes imposed, and auditing and reporting on the changes made (Roger Pressman).

It consists of the following 4 activities:

1. Configuration Identification
2. Configuration Control
3. Configuration Status Accounting
4. Configuration Audits

Configuration Identification: Project teams (and also the SEPG, OT, OID, QAG teams) are required to identify the work products (in their respective teams) that need to be put under configuration control. Data required / used in a project can be placed under two categories: configurable and non-configurable items. Configurable items are those work products, which are likely to undergo changes and will have multiple versions at any given time during the project execution. Project plans, CM Plans, code, etc. are configurable items. On the contrary, data like emails, client chat scripts, audit reports, etc. do not change. They need not be version controlled. Such items are put under Data Management Plan.

Configuration Control: is the systematic evaluation, coordination, approval / disapproval and dissemination of proposed changes and implementation of all approved changes in the configuration of any item after formal establishment of its configuration baseline.

Change requests to process / products have to be routed through configuration control board (CCB) for approval before they can be used. Product change requests are analyzed for impact by the CCB. The mandated changes are implemented in the respective artifacts and then baselined. The CM issues a communication to the team on the baselined artifacts.

As the project advances, multiple versions of the baselined configurable items will exist. Configuration control is essential to keep the latest approved set (by CCB) of the work products floating. For code, it ensures that all developers work on the same baselined version.

Configuration Status Accounting: the recording and reporting of the configuration information is called configuration status accounting. This activity includes:

1. List of identified configurable items. (nos, and names)
2. Changes / Deviations / Waivers to configuration.
3. Implement status of approved changes. (configuration control status)
4. Version, baseline status

Configuration Audit: are necessary to verify that the integrity of work products is being maintained. Checks would be done on: baselining, configuration item identification, configuration control status, etc.