Auditing Services Explained.

What does it mean to be audited?

FP Complete provides an inspection service called “Audit” for blockchain-related engineering projects. This audit involves looking at samples of the engineering work, as provided to us by a client, and comparing them to sound engineering practices based on years of industry experience.

An audit certification means that time and effort has been spent examining such information, and that it appears to satisfy an acceptable percentage of our published engineering standards. No audit involves examining 100% of the work; audits are based on sampling. No audit implies an attempt to find hidden or suppressed information; audits are based on information voluntarily provided to us, staff permitted to communicate with us, and/or resources to which we have been granted access.

An audit certification does not imply that the project is free of defects, financially sound, a good investment, or suitable for any particular purpose. Also, it does not imply that any financial audit or other kind of audit (business practices, environmental responsibility, etc.) was performed or passed. It simply says that the samples taken from the information provided, as evaluated and occasionally using subjective opinion, achieved a passing score on the FP Complete engineering audit criteria. No warranty or guaranty is made or implied.

The projects we audit are typically still undergoing active change. No one should use any FP Complete audit result past the expiration date shown, and even then, bear in mind that an audit is inherently looking at the past, rather than the project’s latest status or newest bit of code.

Every project we audit is part of a larger system. Important limitations, problems, omissions, or defects may characterize the larger system outside the audited project, and are not accounted for in the audit results. In some cases, the same or similar name may apply to the work FP Complete audited and to some larger or different work, and FP Complete is not responsible for any confusion that may result.

As industry practices and technology improve, audit criteria are expected to increase or change. Therefore a given level of audit certification at one time is therefore not equivalent to that same level of audit certification at another time. To understand the criteria that were used in a given audit, and for information on any special exceptions noted, be sure to examine the actual audit report, available from the FP Complete website and/or in a digitally signed publication from FP Complete.

As of this writing, the marks and certifications available from FP Complete include engineering underway, audit underway, bronze, silver, and gold. Here is an approximate summary of the criteria for each. We welcome community feedback on how to improve these criteria now and in the future.

Engineering Underway

FP Complete has been engaged by the client to assess and contribute to the project’s quality. This does not imply that improvements have yet been implemented. (We are considering not issuing this stamp until certain basic engineering practices have been set up.) This mark does not imply any audit, nor conversely does any audit mark imply this mark since FP Complete may audit projects to which it does not contribute.

Audit Underway

FP Complete has been engaged by the client to audit the project. Since an audit result has not been published, this mark does not imply that any particular quality level has been achieved, nor that any problems identified so far have been published, nor that an audit is sure to pass. It merely means that either an audit certification will be delivered if so merited, or the client will be informed of areas for improvement.

Levels of Audit

  Bronze Audit

A limited inspection has taken place, and the project meets a sufficient percentage of basic engineering criteria including source code management, project management, continuous integration systems, quality assurance practices, and technical documentation. Spot checks are made to seek evidence whether practices are being followed as described. Each examined area is found to be mostly compliant with best practices, and the nature of any noted exceptions is summarized in the published report.

 

 
  Silver Audit

In addition to the Bronze criteria, a much larger volume of documentation, code, and test cases are examined, and are confirmed to be compliant with most of the published best practices criteria, with a limited (and noted) amount of deviation. Dependencies on imported packages and tools are also examined. Basic DevOps practices beyond continuous integration are examined. Each examined area is found to be mostly compliant with best practices, and the nature of any noted exceptions is summarized in the published report. On the audit mark, zero to three stars indicate the degree to which best practices have been complied with throughout all inspected areas.

 
  Gold Audit

In addition to the Silver criteria, a much larger amount of source code is spot-checked manually by a software engineer. Detailed coding practices are examined. More detailed DevOps practices are examined. Issue management and bug management are examined. Procedures for integrating and testing bug fixes are examined. Each examined area is found to be mostly compliant with best practices, and the nature of any noted exceptions is summarized in the published report. On the audit mark, three to five stars indicate the degree to which best practices have been complied with throughout all inspected areas. (Fewer than three stars prevent a Gold certification.)

 

 

 

FP Complete Cryptocurrency Audit Seal.png

Contact me about my audit requirements