Chapter 6—Configuration Verification and Audits – Practice Standard for Project Configuration Management

Chapter 6

Configuration Verification and Audits

The purpose of configuration verification and audit (CVA) is to ensure the composition of a project’s CIs and CI changes are registered, assessed, approved, tracked, and correctly implemented.

The verification and audit process may encompass the following:

  • Integrity of CI information;
  • Accuracy and reproducibility of CI History;
  • Traceability of the project’s CIs across the project management process as well as between CIs; and
  • Documentation is completed that defines the project.

PCM verification and audit establishes that the functional and performance requirements of a project and its deliverables have been achieved by the design and project implementation. PCM verification and audit is performed on initial, interim and final deliverable versions including whenever a CI is baselined or released. This chapter includes the following major sections:

6.1 Verification
6.2 Audit
6.3 Verification and Audit Activities

6.1 Verification

PCM verification ensures that PCM’s goals are achieved through a systematic comparison of requirements with the initial, interim and final results of testing, analysis, demonstration or inspections.

6.2 Audit

PCM audit is the independent process of ensuring the project’s CIs were built according to their defined documentation. An audit is not intended to replace reviews, tests, or inspections of the project’s deliverables.

PCM auditing increases the visibility of a project, compares the actual process with the documented process, and uncovers any process deficiencies. The PCM audit provides an additional tool to help a project manager determine how well a project is going, to identify and reassess risks, and to solve problems.

PCM verification is usually accomplished through formal CM audits, which are usually conducted at least once for each release, such as: Functional Configuration Audit (FCA), and Physical Configuration Audit (PCA).

Additional PCM audits may include:

  • Assessing spare part quantities and configuration;
  • Determining the currently installed equipment components and configuration; and
  • Audit and change control results.

6.3 Verification and Audit Activities

PCM verification and audit activities consist of planning, execution, report creation and communications.

6.3.1 Planning Verification and Audits

It is essential for the PCM verification and audit to be planned at each project’s critical points, where major configuration risks are most likely to occur. Some organizations have an enterprise CM plan that establishes CM policies, processes, and procedures to be used by all projects. Any existing enterprise CM plan may be adapted to a project’s needs and the appropriate PCM verifications and audits scheduled.

6.3.2 Executing Verification and Audits

It is essential for a project manager to establish the necessary time, structure, and resources to do the PCM verification and audit activities as planned in the project’s CM plan or project management plan. Through CM, a project manager needs to ensure all recommendations and nonconformity issues are addressed and appropriately scheduled for correction.

6.3.3 Reporting

The following identifies PCM reports that a project manager may expect from the verification and audit process:

  • Reports indicating the PCM audit results and recommendation to proceed or not to proceed to the next activity or task; and
  • Release notes indicating the contents of the baseline or release, known deficiencies, list of components and component versions, workarounds to provide temporary fixes, and what has changed since the last release note (including the identification of repairs), etc.

6.3.4 Communicating Results of Verification and Audits

A project manager has the responsibility to communicate the PCM verification and audit results to the appropriate stakeholders as established in the project’s communications plan or CM plan.