person Author: Process Fellows
A Configuration Management Audit is a formal process used to verify that configuration items (CIs) and their associated documentation are complete, correct, and compliant with defined requirements and procedures. It ensures that the configuration management system is functioning properly and that the product or system is accurately represented.
Configuration management audits typically fall into two distinct categories, each addressing a specific aspect of the configuration process:

• Functional Configuration Audit (FCA): Verifies that the system meets its functional requirements. Example: Use the release plan as an input to check if all required requirements are actually implemented and verified.
• Physical Configuration Audit (PCA): Verifies that the physical product aligns with its design documentation. For example, consider a software release delivered as a ZIP file. The audit should confirm that all required components are included within the archive and that the accompanying documentation accurately reflects the contents of the release — such as software version, configuration, and intended functionality.

Depending on the specific criteria addressed with such audits, they are typically performed:

• per release candidate (as known as baseline audits): to check for release readiness, i.e. all required configuration items are part of the baseline, consistency within the baseline, etc.
• on a regular basis, e.g. to check if configuration item list is up-to-date, configuration items are properly managed (correct storage location, adherence to naming conventions, correct usage of tools, etc.)