No more audit risk: How a reinsurer has made its test management audit-proof

When a platform supports the core analytical processes of an international reinsurer, software testing is much more than just a formality. It is both a regulatory obligation and an operational necessity. BaFin’s VAIT sets out clear requirements regarding traceability, documentation and the integration of quality assurance into IT operations. The objective was therefore to develop a comprehensive, auditable testing strategy for the insurance analytics platform and integrate it into the agile development organisation.

Heterogeneous knowledge and a lack of a common framework

The teams involved each brought their own experiences and ideas about good software testing to the project. While this knowledge is valuable, without a common framework, inconsistencies can arise in processes, coverage and communication.

The first step was therefore to consolidate this dispersed knowledge through structured coordination, conceptual workshops and close collaboration with stakeholders from multiple departments. This resulted in a comprehensive testing strategy that clearly defines the phases of testing, responsibilities and processes throughout the entire development process. It meets both regulatory requirements and agile working practices.

Rather than being stored as a document on a drive, the strategy was implemented in Microsoft Azure DevOps (Azure Test Plans) as a dynamic test management system.

From Strategy to Practice

A test strategy only realises its value when it is applied by the teams. This is why coaching was a central component of the project, as it empowered the reinsurer’s teams to develop test cases independently and cover new requirements themselves.

Meanwhile, manual and automated test cases were established across all relevant testing phases, including component, integration, system and regression testing. Test execution was coordinated via sprints and the results were systematically documented in Azure DevOps. Additionally, a structured defect management system and automated reporting for the team and management were implemented.

This provides transparency regarding the test status at all levels, from developer to governance function.

Audit-ready from the first sprint onwards

The central outcome of this project is more organisational than technical in nature. Each team member brings their own experiences, best practices and fresh perspectives developed over the years. This is precisely why it is worthwhile to exchange ideas in a structured manner. The goal is not to talk differences away, but to create a stable, common foundation from diversity.

A framework for structured exchange, established as early as the first sprint, makes all the difference.

• Without such a framework, gaps arise in areas such as the process, coverage and traceability with regard to oversight and governance.

• Where such a framework exists, individual knowledge can be put to effective use.

This is particularly true in a regulated environment, where structured dialogue is not a soft measure. It forms the basis for any test strategy that not only stands up on paper, but also in an audit.

Are you working in the regulated insurance sector and in need of a test management system that can withstand an audit?

Let’s talk. We look forward to discussing this with you.