Benefits of Professional Code-Quality Audits

Posted on 11/20/2013 by Dr. Nils Göde

Let’s be honest. Who could possibly better judge the quality of our code than ourselves? We wrote this code. We are the experts. We might need some tools to do our assessment, but there is a growing number of freely available tools that help us to identify quality deficits in our product. So why should we invest in a professional code quality audit done by an independent organization? Let me give you a few reasons why I think a professional audit is a worthwhile investment.

Comparability. In many cases it is much more helpful to known that something is better than or worse than something else. Usually, you want to start quality improvement by addressing the most pressing issues first. Hence, you need to be able to rank the quality deficits in your system. Tools are often limited to a particular type of quality deficit and are not able to compare them. For example, tool A tells you that the redundancy in your system is way too high while tool B tells you that your code does not have sufficient comments. But no tool can tell you which problem is more severe in your particular setting. The benefit of a professional audit is that it compares and ranks different types of quality deficits.

Benchmarking. Beyond the comparability of different types of quality deficits, a professional audit also allows you to compare your product to other similar products which have been audited before. The results tell you in which aspects your system does particularly well or particularly bad compared to the »standard«.

More than numbers. Tools give you numbers: 32% of your code is covered by clones. Within a limited range, tools can also provide a basic assessment if you feed them the right context information: more than 20% clone coverage is bad—your system is at risk. However, you will never be able to provide all context information to the tool and, consequently, any more detailed assessment requires a human expert: Is the code maintained by hand or generated? Does the code contain similar branches managed by a version control system? Are parts of the code no longer maintained? Are there architectural reasons for the clones? All too often, manual analysis adds important information and leads to a much more valuable assessment than pure numbers.

Objectivity. Self-assessment is always subjective by nature. An outside perspective gives you an objective assessment of your product’s quality. Again, being able to put the results into a larger context and compare them to the results of other systems leads to more a detailed and objective assessment. In addition, a professional audit is based on a comprehensive list of known quality deficits. A subjective assessment is often limited to quality problems that the available tools are able to identify.

Manual Reviews. Any tool-based measurement can never capture all the factors that are relevant when you have to read, understand, and change code. And, after all, making that as easy as possible is one of the primary reasons for having high-quality code. In addition to automatic analyses, a professional audit includes manual reviews of selected files by two experts. These manual reviews help to identify quality deficits not captured by tools. These include the choice of identifiers, the quality of comments, architectural problems, and many more. The reviews give you a detailed and realistic assessment of the code’s quality beyond what tools can check.

These are some of the benefits of a professional code quality audit compared to a tool-driven self-assessment. If you want to know the true state of your product’s quality, there is no way around a professional quality audit.