software quality assurance
frequently asked questions
|1. What real-life experience have you had with Software Quality Assurance and/or Software Quality Control?||I developed a software quality methodology for Texas Instruments Software, which included Software Quality Assurance and Software Quality Control, with a particular focus on software projects using CASE tools. I conducted quality training, quality planning, process assessment/improvement and other consultancy assignments using this methodology.|
|2. What in your opinion, are the most important changes that occurred in the role of Software Quality Assurance during the last 5 to 10 years? How would you define the main mandate of SQA today?||Growing awareness
and importance of public domain models such as SEI SW CMM, BOOTSTRAP and
Changing nature of software development, especially model-based development (CASE) and component-based development (CBD). Growing need to connect software of different ages and sources. Software projects not pure software development, but including maintenance, package selection and implementation, and other software activities. (Perhaps software projects never were pure development, but such topics as project management, quality management and configuration management used to be taught as if they were.)
Faced with these changes, SQA needs to be both reductionist (giving close attention to the quality of components from various sources) and holistic (giving broad attention to the emergent properties of the whole assembled system, in terms of its overall fit to business requirements).
As I see it, the mandate of SQA is to make defects in software products and processes visible to management. SQA fits into a context of software quality management where this visibility leads to corrective and preventative action (not itself part of SQA), and to general software process improvement.
|3. What are the most likely quality consequences of choosing an inappropriate life cycle model for a software project?||The most likely consequence is that the project will not deliver anything at all. Not because the lifecycle couldnít be made to work technically, but because it will fail to contain the political tensions between stakeholders.|
|4. What in your opinion is the role of SQA personnel with respect to inspections or testing?||Formally, the
role is to make the inspection process or testing process visible, both
to the participants (so they can see what they are achieving, how effective
they are being) and to management (so that they can assess progress and
In practice, SQA personnel often need to act as facilitators or coaches. They are often regarded (wrongly) as the owners or custodians of the inspection or testing process, or even as the owners/custodians of the whole software process. Part of the training and mentoring for SQA personnel should address the difficult dilemma of how to be adequately engaged in the software process without being landed with the responsibility for it.
|5. What Quality Assurance and Quality Control activities are done differently for COTS / GOTS project than for a traditional custom development project?||The activities themselves are broadly the same, but with different stakeholders, and different detailed procedures for verification and validation. Often the challenge for SQA is to pin down the ownership of the requirements, which may be represented by a complex debate between marketing departments, technical eggheads, user groups, customer focus groups and other interested parties.|
|6. Someone complains that during system testing the application often crashes. What likely process problem does that indicate?||Systematic failure
to carry out proper unit testing.
OR inconsistency between the development/unit test environment and the system test environment.
AND ALSO management failure to respond promptly to the situation with corrective and preventative action.
|7. In your experience, who are the most important allies of SQA within an organization?||SQA is a form
of risk awareness, and is therefore potentially allied to any senior management
with a risk management focus.
Within some companies/industries (e.g. insurance), software risks are seen as having mainly financial consequences, and so the main ally might be the financial director.
Within other companies/industries (e.g. retail), software risks are seen as having mainly customer service implications, and so the main allies may be in marketing roles.
In one client, we had useful conversations with the Company Secretariat, because of the due diligence implications of some software risks. These conversations were triggered by Y2K issues, but ranged much more widely.
In practice, SQA often fails to make these alliances, because it gets bogged down in obscure software technicalities and trivialities, which it is incapable of communicating effectively even to software engineers, let alone anybody else.
|8. You were given a chance to implement either walkthroughs or inspections. Based on your personal experience which one would you choose? Please share your reasons.||It would depend
on the culture and prior history of the organization, as well as the nature
and source of the demand for software quality, but I have usually found
it easier to get started with walkthroughs.
In some cases, there is already a formal (but lapsed) procedure mandating either walkthroughs or inspections. In such cases, the first task is to unpick the reasons why the previous attempts have failed. Typically, past inspections have inspected the wrong things at the wrong times, using the wrong criteria at the wrong level of detail.
|9. What in your opinion are the most significant fundamental differences between SEI SW-CMM and ISO 9000-3?||The main difference is what the two models tell you. ISO 9000-3 gives you a yes/no answer, whereas SEI SW-CMM gives you a more complex assessment. This implies different ways of using the models for SQA and process improvement.|
|10. What exposure have you had to auditing? Internal? External? Certification related?||I have been trained as a lead assessor for ISO 9000 and also as an examiner for the European Quality Award. I have conducted internal audits and informal external assessments but not formal external audits. I have advised organizations on steps towards certification.|
|11. What advice would you give to someone who asked you where to start to introduce to their company a metrics and quality reporting program?||Use the GQM approach to derive relevant metrics from personal and corporate goals. Select a small number of key metrics that will be directly relevant to project managers and/or software engineers. Put the metrics into the hands of the workers, as a tool for personal performance improvement.|
|12. A company recruits its first and only SQA "specialist". The person is new to the area. The company is relatively young, operates in a competitive commercial domain and has no previous SQA presence. The SQA specialist feels he needs to show some results during the next 6 to 9 months. What advice will you give him?||Start with a
risk assessment, to identify the significant software risks and their business
implications. Identify managers directly affected by these implications,
who may be recruited as allies.
Select a small number of issues to address in the initial phase. Try to include some quick wins, as well as some improvements that could be achieved within 3-6 months.
Donít try to do everything at once. At this stage, use whichever model you prefer (ISO 9000-3 or TickIT or SW-CMM or SPICE) merely as a framework, so that you know how what youíre doing fits into a larger picture.
Copyright © 1999 Richard Veryard