It was supposed to be a 5 pages long document. I finished it last weekend, and it is 15 pages long. I just couldn't make it any shorter without omitting critical sections.

Here it is: Practical Guide to Auditing the Software Development Process

The purpose of this document is to summarize the process for auditing software development (SD) practices. Although business and academic sources extensively cover both auditing and SD processes, there is surprisingly little information about audit applied to SD. This document briefly describes the SD audit process based on publicly available information as well as personal experience in SD auditing and in IT project management.

The document provides a brief overview of the phases of SD auditing:

1. Initiating the audit
2. Analyzing the organization, focusing on the role of SD in the organization
3. Evaluating the SD process, with emphasis on the 360 degrees assessment including clients/users, the team, management, and direct observations by the auditor, as well as the sources of information such as documentation, surveys, and interviews
4. Evaluating tools and technologies
5. Testing evaluation results
6. Reporting audit results, which includes how to convey a high-impact recommendation based on the comparison of realistic alternatives
7. Following up, describing how to make sure that recommended changes are implemented after the auditor leaves the client's premises

As you can see, it is quite comprehensive. I expect this document to be a perpetual work in progress, and your comments are welcome, of course.