Testers want to be responsible and professional. However, they often come under pressure to comply with rules, standards, and processes that aren't always helpful. It's the price of keeping your auditors happy. But do you really know what auditors want? Are they all simply rule-obsessed, pedantic “little dictators”? James Christie shows why good auditors worry about risk—not rules. They want to explain the important risks to the people who lose sleep over them. James explains auditors' and regulators' attitudes toward risk and evidence. He shows that auditors' standards and governance models do have useful advice—knowledge that can help you choose the right testing approach for your project. James shows how to enlist smart auditors as valuable allies—and how to challenge the poor ones. Understanding auditors' needs will help you do better testing, at less cost. Wouldn't senior management and your stakeholders be interested in that?
James Christie
James Christie is a testing consultant with thirty-one years of IT experience. Before moving into testing, James spent six years as an IT auditor, so he has experience on both sides of the fence. With experience in information security management, project management, business analysis, and development, he is particularly interested in links between testing, auditing, governance, and compliance. James spent fourteen years working for a large UK insurance company, then nine years with IBM working with large clients in the UK and Finland. A member of the Information Systems Audit and Control Association, James has been self-employed for the past eight years.
As a test manager, James Christie experienced two divergent views of a single project. The official version claimed that planning and documentation were excellent, with problems discovered during test execution being managed effectively. In fact, the project had no useful plans, so testers improvised test execution. Creating standardized documentation took priority over preparing for the specific problems testers would actually face during testing. The required documentation standards didn't assist testing; they actually hindered by distracting from relevant, detailed preparation. It was a triumph of process over purpose. James shows that this is a problem that testing shares with other complex disciplines. Devotion to processes and standards inhibits creativity and innovation. They provide a comfort blanket and a smokescreen of “professionalism” where following the ritual becomes more important than accomplishing the goals. Unless we address this issue, organizations will question whether testers really add value. Testers must respond by challenging unhelpful processes and the culture that encourages them. Purpose must come before process!