When should you carry out a code audit?

Auditing the code and UX of your app, website or any digital product might be crucial for your business. Strategically speaking, there are key stages in the development and life cycle of any digital product when auditing the code (and more widely) is more of a priority. This article identifies those key stages and tells you what you should be expecting from an audit by way of outcomes. Furthermore, you can discover why a code audit should offer significantly more than a simple code review of the product.

10 situations which demand a holistic code and UX audit

There are plenty of reasons why it’s worth conducting a detailed code and UX audit. Each case is slightly different (including yours, probably), but we can certainly highlight the most popular ones:

1. When buying a new app or investing in one

You have acquired or are about to acquire a company as an investor and need to conduct due diligence, or you have merged with a business and the assets include an app or other type of digital product.

You need to know what exactly you have technology - and product-wise. The results of a comprehensive code audit will give you a better understanding of what the status of the product is. Furthermore, if you are planning the acquisition, the code audit will help you to answer one, very important question:

How much will you have to invest in the application, after adding it to your company’s portfolio?

And, more to the point, it will help you answer the question of how you can maximize the product’s potential.

Similarly, if you are in the opposite position – looking for investors, selling a business, or a part-business that includes digital products – a broad audit enables you to present the product honestly and with much less chance of comeback or issues in the future. Not to mention the obvious issue of legal liability.

Also for each of the above-mentioned cases, a broader audit that includes UX and design issues is essential. The code itself is important (of course!) but you need the fuller picture, complete with users’ needs, that tells you just how this asset is likely to perform on the market and how it will influence your business aims.

Regardless of the scenario, a code audit will help you to do a reality check.

2. As part of your risk management strategy

Risk management is a key element of any business strategy. Certainly, at the time of writing this article (in the middle of a global pandemic) businesses everywhere are facing and managing unprecedented and unforeseen risks. An in-depth product audit can help to uncover potential flaws that can influence not only the application itself, but also the business and its foundations. It simply makes it easier to find and neutralise threats of various kinds.

Incorporating a holistic code and UX audit as part of your package of risk management measures can enable you to maintain, or improve, your product’s market position.

3. Launching a new product to market

This is an obvious moment when you want to be absolutely sure that your product is fit for purpose. Before you put in the hands of your target users, make sure it’s the best it can be. And once again, the code is important (critical!) but so is the design, the look, the feel, the experience. The UX determines how users feel about the product, whether they trust it. Your UX is either creating fans of your new app, website or platform, or it’s doing the opposite.

Another case scenario is when you have outsourced the creation of a digital product and you want to check the quality of the application. Did the outsourcing company do a good job and is the product good enough to fulfill user expectations?

4. Security check

This is a concern for any digital product owner, though if your app gathers, tracks or stores sensitive data (for example, users’ personal information that could be used for fraudulent purposes) a security check for potential vulnerabilities is a must. If you think that your application does not gather any sensitive data, think twice: what about email addresses, passwords or mobile app permissions and the ways they can be used against users?

This check could be part of the pre-launch audit for a new or revamped product, as mentioned above. Or perhaps there’s a new virus or other malware that poses a fresh risk to the product. Or, you simply carry out security audits on a fixed cycle to ensure your products can never fall behind best practice.

5. Users are experiencing problems

This might be a result of insufficient auditing in the past or perhaps users are utilizing the software in unanticipated ways and exposing issues that were not a problem for the intended usage. Whatever, if your users are experiencing the following, it’s time to audit:

  • The product is crashing.
  • The product is slow (e.g. according to Google, 5 seconds should be the maximum time for a web page to load using 3G connection).
  • Users are reporting bugs.
  • Patches and updates are causing more problems than they’re solving.
  • The design isn’t responsive, especially on mobile devices.

6. You’re scaling the product

An app that works perfectly on a small scale is not guaranteed to perform when 1000s of users are trying to access it at the same time. As part of your scaling strategy, ensuring your product is ready for a larger or new market requires an audit. And again, you might find the code and other technical aspects are up to scratch, but what’s the user’s experience when they have to wait five seconds more for the website to load, or the mobile version is too heavy for the mobile bandwidth in a remote area of the country?

Another, similar case is when you need to take an early (or unfinished for some reason) MVP and improve the product before it hits the market.

7. To avoid technical debt

As with any development work, making changes or upgrades to an app or other product, such as adding new functionalities or otherwise modernizing it, risks adding to the technical debt if the process is anything less than rigorous. One way to check that rigor is to carry out a holistic code and UX audit, to be sure that whatever you’re adding does not cause complications to the rest of the product.

Depending on the situation, it’s worth checking if the framework used to build the app is still fit for purpose and won’t be problematic in the near future.

8. To get more value from an existing asset

It may be that you simply want to optimize your current digital products. After all, if there’s a way to enhance their functioning, improve the UX, and therefore boost your user levels and business reputation… That’s arguably a priority activity at any time. A code audit is a focused and organized approach to identifying potential improvements or new development directions that have business value.

9. The product is old

Sometimes it’s that simple. However your digital product is functioning, if it’s been unchanged for, say, two years there’s probably plenty of room for improvement. Otherwise it can generate problems that are typical of old software: security issues, technical debt, etc.

10. When changing software development service provider

When changing software development service provider - Last but not least, sometimes in order to move on with the product and business, you have to change your current software development company for another. It’s recommended you run an extended code audit at this stage, to understand exactly what the application looks like “under the hood”, before switching to the new partner.

Not all code audits are useful

As you can probably tell, there are code audits and … code audits. You can simply run a standard code review of an app to spot the pain points and various potential vulnerabilities. This will give you a very general overview of the status quo of the product, but it will be far from useful or insightful. In fact, such a restricted code audit has almost no business value, at all. Why is that?

Digital products like web and mobile applications are rarely only about the code. They work in various environments, are used by distinct personas and are made of diverse elements: code, UX, UI, designs, etc.

Bugs in the code are annoying but an unnecessarily lengthy or complex user journey is just as much of a turn-off. Broadening the scope of the audit to cover wider usability and design issues is going to give you a much deeper insight into how you can improve and future-proof your digital product.

Besides, when you carry out an audit, you are looking for ways to make your product better, to improve its performance. It only makes sense to do so on every level, and not just the technical. Ignore the design and UX aspects and you risk ending up with slick, tight code that very efficiently does a poor job that nobody wants.

To sum up, a holistic code audit service covering a wider range of functionality should give you:

  • A fuller picture of your product, including the code but also covering the architecture, database and storage, access issues, scalability, and maintenance forecast.
  • An assessment of readiness to meet identified needs. Any product is intended to solve a problem or challenge that users have. The question is, does it? And if so, how well? Furthermore, as the product owner, you have a set of business needs that the product is intended to solve. A professionally conducted code audit should report on all these fundamental issues.
  • A security update. How hackable is it? How vulnerable? This is more than just a coding issue, the fallout from a hacking incident will affect your wider brand and reputation.
  • An obsolescence report. Put simply, how up to date are the technology and tools used in your product? Does it meet the latest industry standards and best practices?

All of the above are potential indicators of future technical debt, the cost of putting right tomorrow the problems caused or ignored yesterday. The product’s UX is a big part of this - an obsolete, poorly designed or executed user experience will actively deter people from using your product… and reworking the design aspects can be just as expensive as fixing coding problems.

Code audit outcomes – what to expect

Any code audit should result in a list of issues to be fixed. However, if you’re serious about reviewing your digital product and opt for a more holistic code and UX audit, you should expect much more:

  • Firstly, the audit report should make recommendations for each issue, laying out what the options for ‘a fix’ are and, where relevant, the costs and benefits of those options.
  • Secondly, the issues and recommendations should be prioritized based on their importance to your users, and your business. As you can imagine, whoever carries out the audit, it’s vital that they fully understand your wider business context and environment.
  • Thirdly, you should expect more than just a written document. Whether it’s a formal presentation of the results, or a one-to-one phone or video conversation with the auditor (or audit team representative), you need the opportunity to discuss the audit results so as to fully understand not only what they’re saying, but also why.

The code and UX audit – a timely tool for product and business development

They say, timing is everything. And from the above scenarios, it could be argued that anytime is a good time for a code audit: whether it’s a new app, an out-of-date app, a scaled-up ecommerce platform, or simply due to a security review. However, the exact nature of the audit, its scope, and to what degree it reviews the user experience and other design aspects of the product is the question. To answer that question, you need to understand why you are carrying out the audit. And it’s almost impossible to know that without the business context: exactly what problems or issues is the product intended to solve and how is it intended to contribute to achieving your business goals?

A code audit (and UX review) can help fix a product, improve its performance, gain new users, and boost your brand and reputation… in other words, a code audit is never only about the code; it’s always about your business.