As I’ve mentioned before, I’ve been going through Louder Than Ten‘s Project Management apprenticeship since the spring. As the program has been progressing forward, we’ve been integrating many of the things I’ve learned into Zao processes (with, of course, some tweaks to make them a perfect Zao fit). One of our early takeaways from LTT was the use of a formal Communication Plan, and it turns out, this small thing has totally leveled up our projects and client relationships.
So, you’re a developer. You’ve thought about offering code audits, but maybe you haven’t had a clear idea of what your code audit should provide, why clients go seeking one, or how to price the service.
In January, we covered the questions clients need to ask their developer before getting a code audit, and offered some guidance on how to vet their vendor. This time around, we’re going to cover the developer side of things: why clients seek code audits, what questions you need to be asking before you get started, and how code audits lay a good foundation for a future relationship with your clients.
Why Clients Look For Code Audits
Yes, of course, there’s a ton of information available on the internet, including all the information that a client could need regarding the basics of site performance and functionality. Most clients, however, either don’t have the time to do this research, or don’t have the technical expertise to make sense of it all.
Code audits benefit clients by empowering them to make informed choices about the future of their technology.
When clients are coming to you asking about code audits and an assessment of their technology, they’re looking for your extensive knowledge that empowers you to look at their code, quickly parse the information, and dictate which things are worth building on.
Basic Code Audit Questions
There are a few standard questions every developer should ask before diving right into someone’s code.
What type of project are we auditing?
Knowing what kind of project your client is looking to have assessed is vital to understanding how much time it will take you–and whether or not you’re a good fit for the project. Is it a website audit or a full-scale plugin? An eCommerce site or an app? Knowing what you’re looking at upfront helps you figure out if you have the right expertise to do your client justice…and what kind of scope you’ll set out for your clients.
Are we auditing code that has been custom written by a previous developer or is this a distributed plugin that we’re assessing?
Knowing the origins of the code can help you set your expectations. Custom code created by another developer may take longer to dissect, especially if something is buggy. Is the developer someone you know? If so, that gives you informative context on what you’re dealing with–and provides a point of contact for figuring things out. If not, you know that it may take you longer to dig through and assess what is happening with the code at hand.
If it’s a plugin downloaded from the WordPress Plugin Repository, you know that checking on when it was last updated, as well as going to the plugin page to look over developer updates and reviews, will be a part of your process.
The Most Crucial Thing Developers Need to Understand
The key to delivering a valuable code audit is understanding your client’s underlying goals. If you’re lucky, your client understands their own business goals, and has mapped out the future of their business, too. That information is an enormous assist in guiding you through this process.
The scope of a code audit can vary wildly depending on a client’s objectives.
Here are just a few reasons our clients have sought out code audits:
They want to get rid of a tool, but need a good reason.
Sometimes, a client doesn’t like a tool, but they don’t have the technical knowledge to evaluate whether or not it’s a necessity. They need someone to assess if this tool is truly their best option–or even something they need at all.
There’s a plugin that is freely available, but they want to make sure it’s contributing to a solid technical foundation for their business.
Our websites are our online real estate. A shop owner wouldn’t want to open up their store in a crumbling building, and business owners don’t want to open up their shop on a lousy website. They’re coming to you to find out whether these distributed plugins are their best choices and will set them up for future success.
Their site is custom built, but it’s slow, and they suspect the custom build may be the culprit.
This is fantastic information, because it tells you, the developer, that they’re looking for a performance based evaluation. Now, you know you need to find out more information about their business before getting started. Maybe their business has outgrown their site; the code they had built was once working, but now, it can’t scale. This gives you an opportunity to evaluate performance in a specific, measured way, and give recommendations accordingly.
Their business has changed, but their technology hasn’t.
For example, some plugins do well if they’re on a site that has no users logged in. However, if that same site has switched to a subscription model, it won’t have caching layers that allow the plugins to run as smoothly. Your client may not know this difference. All they know is that they made the switch when they needed to shift their business model. They didn’t recognize the impact it would have on their technology.
Understanding the history of your client’s business (and the trajectory of where they intend to go) provides context regarding what needs to be assessed and what kind of upgrades would serve them best.
There are two plugins that do the same thing, but which one is best for their site?
Once again, this comparison that may be available out there on the internet, but they want your expert insight. If you’ve assessed your client’s business goals and trajectory, you can make a recommendation based on their specific business model. That’s a boon for both you and them! It means that you have something to offer that they can’t get anywhere else.
What About Pricing?
One of the toughest quandaries of them all! Code audit pricing can differ wildly depending on the client. We’ve quoted simple code audits at anywhere from $2,500-$5,000, and have quoted much more complex audits of entire platforms/systems for $50,000+.
Why the disparity?
Three crucial factors come into play:
As we’ve said before, we offer a comprehensive deliverable, filled with detailed information. We take a pragmatic approach, and provide a transparent, realistic look at associated costs with the recommendations we make.
Your clients will need to know what they can expect from you. Is it a document or a confirmation email? Is it a walkthrough on a call? The details of the deliverable determine how much time it will take to create and what value you’re providing.
The scope of the audit
If you’re already a working developer, I don’t have to tell you how scope impacts cost. When pricing services, you need to know what kind of assessment is needed and how much time it will take.
The amount of experience you have
Although we’d all like to dive in and make a bazillion dollars at the start, less experience usually dictates a lower rate. Do the research on what other developers in the same experience bracket are charging. Evaluate what your time is worth (and don’t fall prey to Imposter Syndrome!). Realistically assess how your experience (or lack thereof) informs your expertise and turnaround.
Code Audits: Good for Your Clients and You
Code audits benefit clients by empowering them to make informed choices about the future of their technology. A successful code audit gives your client the opportunity to accurately assess the current state of their tools. It allows your clients the chance to evaluate recommendations, knowing that they were made with their business goals in mind.
It doesn’t just benefit them, though. It also benefits you.
Code audits give you an opportunity to develop new working relationships, and lay groundwork for a long-lasting partnership. The code audit is something you can build on with your client. Whether that leads to performing the recommendations you make or for future development overhauls, the options are endless! This is a low-commitment way to spark a relationship…if you do it right.
Code audits are one of the main things Zao offers to our clients. Many of our clients are strategically looking at how they can expand their businesses, and a crucial aspect of that is making sure their technology is not hindering their growth.
There’s a lot of muddled information about what a code audit should look like, and many clients start their search for a code audit without any idea of what to expect, what questions to ask, or what they should be looking for when vetting developers to do the job.
Are you looking for a code audit? Here’s what you need to know and ask before you sign that check:
Code Audit Questions Clients Need to Ask
— What is the final deliverable I can expect from this audit?
Depending on your developer, the final deliverable can range from a simple confirmation that everything is working as it should to an in-depth delivery document that details what is working, what isn’t, and appropriate recommendations for improvement.
Nowadays, we all research what we’re spending our money on before we pay up. Whether that research is looking at Yelp reviews of local restaurants or comparing the best and the worst Amazon reviews on new products, we want to make sure we’re getting the best bang for our buck. So often, though, clients don’t ask what they can expect to receive when it comes to code audits.
Maybe you just want a developer to look things over and confirm if everything is solid. That’s great! If you find a developer that will simply send over an email with a ?? and “Everything’s cool,” then they’re a good choice for you!
If you’re looking for a more intensive analysis of your current code, you’ll want to find a developer who provides that. Since there’s no industry standard on what deliverable comes with a code audit, you’ll need to investigate to find the developer that is providing what you want.
Here at Zao, our code audits come with an exhaustive document that assesses our clients’ current technology with a specific eye on their needs and challenges, and includes recommendations that pragmatically account for budget, time, and priority.
We also provide a timeline that, should the client choose to work with us on implementing those recommendations, gives a realistic perspective on how long it will take for those technical goals to be accomplished. Lastly, we detail in each recommendation how and why this change adds value to our clients’ businesses.
— What kind of code do you audit?
Investigating the details of what to expect from your code audit is vital because some developers only offer specialized code audits. Some developers exclusively audit plugins, themes, or apps, whereas others are focused on auditing detailed eCommerce integrations or your entire site.
If you know you’re looking for a specific kind of code audit, finding a developer who specializes and focuses on that kind of development is key. If you’re looking for a full site audit, but the developer you’ve contracted with focuses specifically on auditing Genesis themes, you may not get the most effective and comprehensive audit that you need.
— Can you provide more details on code audits you’ve done? Do you have a sample I can look at?
When you find out more about the scope of a developer’s experience and take a look at a code audit sample, you’ll get a better understanding what the end deliverable will be–even beyond the initial response. You’ll get a better idea of how your developer tackles code audits and communicates the end result.
This information is crucial, as it helps you understand what to expect of your developer, and can help you find a developer who communicates in a way that works best for you.
— What kinds of clients have you worked with in the past?
Most developers have worked with companies that span a broad range of industries, and can tackle projects in unfamiliar industries like a champ. However, knowing if their experience includes working with companies in your particular niche helps you know whether or not you’ll need to explain specific industry nuances to them.
Your technology needs to meet your business’ needs, and those can vary slightly from industry to industry. Knowing your developer’s history with your industry can help you determine what kind of crucial information you need to communicate–or whether your developer is already in a position to take on those challenges without extra explanation.
In an initial introduction, everyone is on their best behavior.
Job interviews are like dating. As Chris Rock says, “When you meet somebody for the first time, you’re not meeting them, you’re meeting their representative.” You need to know what red flags to look for when seeking out a developer–and how to look past the friendly representative to make sure it’s going to be a good fit.
— A dev who doesn’t ask questions
If you’re talking with a developer about a code audit (and potentially more work beyond that) and they don’t ask detailed questions about what you’re looking for, what your current technology is, what kind of pain-points you’ve experienced, and more, you have a problem.
You want a developer who is invested in your company’s success, in solving your technical problems, and bringing value to your business. A developer who doesn’t ask questions isn’t going to know what you need, nor have the full understanding required to adequately assess what is going on with your site.
That’s one of the reasons that we ask detailed questions and make sure we know exactly where our clients are coming from. We want to make sure that we have specific notes on what to look for and what they’re trying to accomplish with their technology. Even if our clients don’t have the technical savvy to articulate what they need done, by knowing their goals, their struggles, and their technical history, we can help by capitalizing on our technical knowledge to come up with creative solutions.
— A dev who can’t tell you in concrete, clear terms what you’re going to get
There’s a reason asking about the deliverable is so important. Code audits, without planning, can beget intangible results. Unlike design, there’s no Photoshop mockup, or unlike copywriting, there’s no first draft. If a developer isn’t willing to say, “Here is the end result you can expect from me,” it’s a huge red flag.
Your developer needs to be able to set your expectations accordingly. You need to know what you are paying for at the end of this–and a developer who cannot tell you what you are getting for your money is not one you should hire.
We know vetting developers who, as far as you may be concerned, basically work magic on the internet, can be stressful. It doesn’t have to be, though. Now that you’re armed with these questions and red flags to look out for, you can assess which developer is going to be able to provide the code audit you need.
Have any other questions about code audits that we haven’t covered? Drop ‘em in the comments; we’re here to help!