What is the first step an IS auditor should take when reviewing the software quality management process?

The initial step for an IS auditor when reviewing the software quality management process is to request all the standards adopted by the organization. This action is crucial because understanding the standards in place provides the auditor with a foundation for evaluating the effectiveness of the software quality management process. Standards outline the expected practices and criteria for software quality, allowing the auditor to assess whether the organization is following industry standards or internal benchmarks.

By obtaining the relevant standards, the auditor can better contextualize how the software quality management process is designed and implemented. This information is vital for subsequent steps, such as verifying compliance, identifying controls, and reviewing quality metrics, as these activities all hinge on the baseline provided by the established standards. Without knowing what standards are adopted, it would be challenging to conduct a comprehensive review of the quality management process or to determine its efficacy.