What is the first step an IS auditor should take when reviewing the software quality management process?

The first step an IS auditor should take when reviewing the software quality management process involves understanding the foundational guidelines that govern the organization's quality practices. Requesting all standards adopted by the organization provides a comprehensive view of the framework and methodologies in place for software quality management. This knowledge is essential, as it enables the auditor to assess whether the organization follows established best practices and industry standards, thereby laying the groundwork for a more focused and effective review of compliance and control measures.

Upon obtaining these standards, the auditor can then move on to evaluate compliance, report on existing controls, and review metrics for quality evaluation. However, without first understanding the standards, the auditor would lack the necessary context to make informed assessments regarding the quality process, compliance efficacy, and overall performance of the software management system.