Tech Audit: Who Needs It And How To Do It Properly

IT software audits are almost always connected to some acute problem for which the customer comes to us in search of a solution. Standardizing the process and implementing special checklists allows us to identify the client’s obvious and hidden pains from the first steps of the audit, find the right approach, and, as a result, satisfy our customers. 

This article will tell you how to realize that you need a Tech audit and how to start with it. In the end, we will share a checklist that will allow you to avoid missing important points.

Reasons for conducting a technology audit

Technical audit of application code quality includes analysis of the existing code base and development of recommendations for its improvement. Software tech audit is conducted:

• When a contractor changes, the new contractor should understand the application’s state. For this purpose, different types of audits, including code quality audits, are necessary.
• To analyze the quality of the application when a third-party contractor implements it. Software code audit will allow you to be convinced of the quality of the implemented solutions.
• If there are questions about the work of the current project team, such as many bugs, delayed deadlines, “eternal” refactoring, and so on. Software code audit will help to understand what problems there are in the application and prioritize their correction. If necessary, you can analyze the causes of bugs, but our experience suggests that it is better to separate code audit and investigation of bug causes. 
• To evaluate the application’s readiness for scaling. Auditing is often performed when you want to assess whether or not an application is ready for scaling and other ambitious development plans.
• When the team’s work is satisfactory, but you want to get an outside expert’s opinion about the code quality. Suppose you have a young team of 2-4 specialists still gaining technical experience. They have been developing the application for a certain period but want someone to audit it and tell them whether the chosen technical solutions are optimal, what risks there are, and how they can be avoided.
• To self-assess code quality to identify key points of project growth and specific steps for realizing them. Suppose you have an internal project with a small team or just one developer. Other specialists are busy with their own projects and cannot audit yours. In this case, a set of audit artifacts (checklist, regulations) will help your team look at the code with a fresh eye. 

A technical code audit does not perform an in-depth code security audit or examine processes to ensure quality, speed, reliability, and more. It does not search for bugs and determine their criticality but only highlights problem areas and risks in the project code. Therefore, depending on the customer’s goals, a technical code audit can be supplemented with the audit of processes, project quality, and software security.

Where to start a technical code audit for your software

Here are 3 steps to prepare for a tech audit of your application.

Tech code audit: describe the project context

First, describe the project context. This includes: 

• Business purpose of the project
• Key functions
• Systems to be integrated
• The composition of the team
• Description of the development process

The project manager and team members can describe the context. Here is how your description can look like:

• Business goal. Provide realtors with a convenient way to work on the object through a mobile interface with CRM-system functions.
• Key functions. Viewing a list of properties to go around, taking a property to work on, specifying property information with photo attachment, etc.
• System for integration. Custom CRM.
• Team members. 2 Flutter developers, QA specialist, analyst, designer, and project manager.
• Description of the development process. Development is iterative. Developers can develop 1 to 3 major features simultaneously. As a rule, 1-2 major features are included in the release. 

Done? Great, move on.

Tech code audit: define the goal of the software code audit

Second, the purpose of the software code audit must be defined. It is necessary to talk to the stakeholders, gather their expectations for the code audit, and identify and formulate the main goal. If the need for the application code audit is misunderstood, time and money will be wasted.

Tech code audit: formulate the questions that drive the goal

Let’s say there is a problem on the project – long time-to-market. We formulate a goal – to increase the delivery of business features by 3 times in one sprint. Then, we analyze the problem and put forward hypotheses about possible causes. We formulate the reasons in the form of questions to be answered by the tech audit.

Questions that you can ask:

• Does the current architecture of the application allow parallel development by two or more teams?
• How much does the architectural approach to designing features allow for easy extension? 
• Is the labor cost of infrastructure tasks minimized when creating a new feature?

These tools will help answer the questions above:

• Dependency plugin. It allows you to build a visual representation of dependencies between modules. Based on these, you can understand the cohesiveness of the modules. It will be difficult for several teams to work if it is high. They will depend on each other’s results.
• Library version dependencies plugins. The tool shows root dependencies and paths to them, as well as the relevance of library versions. It explains what is needed in the project and what is not and allows you to identify problems related to updating library versions.
• Plugins for working with tables. They allow you to visualize tables in the database, determine how correctly the database is designed, and identify its redundancy.
• Tools to analyze performance, memory consumption, charge, network data transfer, etc. They help in analyzing the specific problems encountered while using the app.

These are 3 fundamental steps to take before conducting a tech audit for your software.

Checklist for technical code audit of your application

We at SoloWay Tech have developed a checklist for technical code audits. Below is a small piece. This information will help you reduce the app code audit time and avoid missing important points.

Architecture:

• Are the chosen architecture and/or architectural solutions suitable for the project? How faithfully are they implemented?
• Is a Clean Architecture approach being used?
• Is there a division into modules if necessary?
• Does the application have a logical package structure?

Layout:

• If this is a relatively new application, is the UI built on Compose or SwiftUI?
• Does the project have a flexible structure for working with styles of UI components?
• Is resource handling properly organized in the layout?
• Is there localization support?
• Are UI components reused between screens?

Engineering culture:

• Are the code style and other code writing rules fixed for the project? Are team members adhering to them?
• Is a static code analyzer used regularly? Is it built into CI/CD?

Relational database (DB):

• Are there migrations in place?
• Do tests validate database migrations?
• Are indexes and transactions utilized?

As part of the audit, we also evaluate how code is written, determine how CI/CD is configured, and how code review is conducted. We evaluate these points not within the framework of process auditing but during the technical code audit because they directly affect the code quality.