A Methodological Approach to Auditing Software Engineering Practices in the Energy Sector

Authors

DOI:

https://doi.org/10.31861/sisiot2025.1.01003

Keywords:

software audit, energy sector, software engineering, functional safety, cybersecurity

Abstract

The growing complexity of software systems in the energy sector, particularly those involved in the management of distributed and renewable energy resources, requires the introduction of structured and domain-specific auditing methodologies. Ensuring the reliability, safety, and security of software products in this context is critical due to the increasing dependence of industrial and energy infrastructures on automated and software-driven solutions. This paper proposes a comprehensive methodological approach to auditing software engineering practices tailored to the needs of the energy sector. The developed methodology is based on an integrated audit model that defines Process, Product, and Safety and Security layers to enable a holistic and systematic evaluation. Furthermore, it incorporates a structured audit process aligned with quality management principles, covering all essential stages from planning to follow-up. A key feature of the approach is the mathematical formalization of audit activities, which includes models for estimating effort, measuring audit coverage, analysing nonconformities, and evaluating process maturity. These models enhance the objectivity and analytical rigor of audits, enabling organizations to quantify and compare results across projects and audit cycles. The proposed methodology was developed based on a thorough analysis of international standards, including ISO/IEC 12207, ISO/IEC 25010, IEC 61508, IEC 62443, and ISO 9001, and aims to bridge the gap between general software engineering requirements and domain-specific needs related to functional safety, cybersecurity, and operational reliability. The results of this research contribute to the advancement of audit methods in the field of software engineering and provide a scientifically substantiated and practically oriented tool for improving the quality, security, and compliance of software systems used in the energy sector.

Downloads

Download data is not yet available.

Author Biographies

  • Ihor Liutak, Ivano-Frankivsk National Technical University of Oil and Gas

    Doctor of Technical Sciences, Professor at the Department of Software Engineering, Ivano-Frankivsk National Technical University of Oil and Gas. Specializes in component-based software engineering, auditing software processes in the energy sector, and data visualization. Research interests include approaches to software audits, development. Author of more than 100 scientific papers.

  • Zinoviy Liutak, Ivano-Frankivsk National Technical University of Oil and Gas

    PhD in Technical Sciences, Professor at the Department of Information and Measurement Technologies, Ivano-Frankivsk National Technical University of Oil and Gas. Specializes in standardization, verification and validation of software engineering processes, non-destructive systems of quality assurance, and software quality management. Author of more than 100 scientific papers.

References

B. Zhu, A. Joseph, and S. Sastry, “A taxonomy of cyber attacks on SCADA systems,” in Proc. Int. Conf. Internet Things, Cyber, Physical and Social Computing, Dalian, China, 2011, pp. 380–388.

ISO 9001:2015. Quality management systems - Requirements. Geneva, Switzerland: International Organization for Standardization, 2015.

International Organization for Standardization and International Electrotechnical Commission, ISO/IEC 12207: Systems and software engineering – Software life cycle processes. Geneva, Switzerland: ISO/IEC, 2008.

A. Avizienis, J.-C. Laprie, B. Randell, and C. Landwehr, “Basic concepts and taxonomy of dependable and secure computing,” IEEE Trans. Dependable Secure Comput., vol. 1, no. 1, pp. 11–33, Jan.–Mar. 2004.

C. N. Amoo, B. Eckman, and J. R. New, “A multicriteria framework for assessing energy audit software for low-income households in the United States,” Energy Efficiency, vol. 18, no. 1, p. 12, 2025.

R. Abbas, et al., “Adopting Secure Software Development Practices to Improve Financial Transactions in the Banking Sector,” unpublished.

R. K. Jena, “Factors influencing blockchain adoption in accounting and auditing in the face of Industry 4.0: a multi-criteria decision-making approach,” J. Accounting & Organizational Change, 2025.

M. A. Tucker, The Impacts of Software Development Methodologies on New Model Success Rates in the US Automotive Industry, Ph.D. dissertation, Walden Univ., USA, 2025.

A. Diyab, et al., “Engineered Prompts in ChatGPT for Educational Assessment in Software Engineering and Computer Science,” Education Sciences, vol. 15, no. 2, p. 156, 2025.

V. V. Ganapathy and S. Sampath, “Regulatory and Security Compliance for Software In Cloud Ecosystems–a Systematic Literature Review,” unpublished.

A. Sholihin and M. Salman, “OSCAT: A Comprehensive Tool for Automated CIS Benchmark Auditing,” Asian J. Eng., Social and Health, vol. 4, no. 2, pp. 443–452, 2025.

V. Terragni, et al., “The Future of AI-Driven Software Engineering,” ACM Trans. Softw. Eng. Methodol., 2025.

International Organization for Standardization/International Electrotechnical Commission, ISO/IEC 12207:2017 Systems and software engineering — Software life cycle processes. Geneva, Switzerland: ISO/IEC, 2017.

International Organization for Standardization/International Electrotechnical Commission, ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes. Geneva, Switzerland: ISO/IEC, 2015.

IEEE Standards Association, IEEE Std 730-2014 - IEEE Standard for Software Quality Assurance Plans. New York, NY, USA: IEEE, 2014.

IEEE Standards Association, IEEE Std 1012-2016 - IEEE Standard for System, Software, and Hardware Verification and Validation. New York, NY, USA: IEEE, 2016.

International Organization for Standardization/International Electrotechnical Commission, ISO/IEC 25010:2011 Systems and software engineering — Systems and software Quality Requirements and Evaluation (SQuaRE) — System and software quality models. Geneva, Switzerland: ISO/IEC, 2011.

International Electrotechnical Commission, IEC 61508:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems. Geneva, Switzerland: IEC, 2010.

International Electrotechnical Commission, IEC 62443 (multiple parts): Security for industrial automation and control systems. Geneva, Switzerland: IEC, 2013–2021.

International Organization for Standardization/International Electrotechnical Commission, ISO/IEC 33001–33099:2015 Information technology — Process assessment. Geneva, Switzerland: ISO/IEC, 2015.

CMMI Institute, CMMI for Development, Version 2.0. Pittsburgh, PA, USA: CMMI Institute, 2018. [Online]. Available: https://cmmiinstitute.com/cmmi

I. Liutak, SoftAssure: A Web-based Tool for Software Audit Management, 2025. [Online]. Available: https://github.com/iliutak/softassure

Downloads


Abstract views: 17

Published

2025-06-30

Issue

Vol. 3 No. 1 (2025)

Section

Articles

License

Copyright (c) 2025 Security of Infocommunication Systems and Internet of Things

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
I. Liutak and Z. Liutak, “A Methodological Approach to Auditing Software Engineering Practices in the Energy Sector”, SISIOT, vol. 3, no. 1, p. 01003, Jun. 2025, doi: 10.31861/sisiot2025.1.01003.

Similar Articles

1-10 of 47

You may also start an advanced similarity search for this article.