Nice idea in theory but it can (and will) be gamed. For instance, the CIO will have an auditor sign off on a master checklist of yes/no items which the engineers will then be forced to self-certify any changes against. Any failures after that are "provably" due to engineering not being accurate in their assessment of checklist compliance.
What items might we see on such a list? Oh, I don't know... 100% test coverage, perhaps?
In the UK this is called Governance. Fancy word for what is, effectively, liability avoidance.
What items might we see on such a list? Oh, I don't know... 100% test coverage, perhaps?
In the UK this is called Governance. Fancy word for what is, effectively, liability avoidance.