A systematic process is used for both assessments and audits.  Both are applied as a management tool as oppose to a technical-review tool.  Outcome of both is a report. They both often use similar methods and techniques to perform their appraisal.

Note:  This article focuses on

some of the similarities and distinguishing factors between

the terms assessment and audit when expressed in the software industry.

Auditor/assessor style (e.g., impartial, collaborative) is dependent on the appraisal-customer (internal vs external) and, the appraisal's purpose and potential impact/risks.

Audit/assessment duration and type of interaction (group vs 1-on-1) depends on purpose, scope and type of appraisal.

Note:  The differences shown above are typical -- self-triggered assessments/audits may be

any combination of that shown or special cases such as that for dry-run audits.

  1. [2008/11/11] [Ebook] Exploiting Software How to Break Code *3 by Bug Killer (3511)
  2. [2010/10/29] Software Quality Assrance Traceability Audit *1 by VTB (1717)
  3. [2010/08/23] Security Focus : Newsletter Archive by testmanager (1762)
  4. [2010/07/30] [Ebook] Practical Unix & Internet Security, 3rd Edition *1 by kuppa (4460)
  5. [2010/07/18] What is a Security stress testing? *1 by MeoMeoThi (2135)