Introducing Software Quality Assurance

Individuals and organizations across the globe rely heavily on information technology. With an increase in the number of people using software in their daily lives and business transactions, there is a corresponding increase in the need for delivering quality software products. This chapter introduces the concept of Software Quality Assurance (SQA). It discusses the need for quality software and explains how to ensure the production of quality products. In addition, it explains the meaning of quality assurance and quality control and the difference between these two activities.

Objectives
In this chapter, you will learn to:  Explain quality assurance  Identify the software quality assurance activities  Differentiate between quality assurance and quality control  Identify the role of metrics in software quality assurance

Chapter 1

Fundamentals of Software Quality Assurance (SQA)

In an increasingly competitive world, what distinguishes one product from another is quality. To compete in the global market, software needs to be a quality product. Quality can be defined as the degree of excellence of a product. The degree of excellence is ambiguous. Therefore, quality can be interpreted as meeting customer requirements. These requirements can be both, explicit and implicit. The explicit requirements are the factors related to the external properties of the product, such as the features and usability of the software. However, implicit requirements are the factors related to the internal properties of the product, such as maintainability and the look and feel of the software. Implicit requirements are difficult to measure but are important to ensure customer satisfaction. To ensure quality in the software development process, you need to implement software quality assurance activities in each phase of the Software Development Life Cycle (SDLC). For implementing quality assurance, you need to have a well-defined quality system. A quality system typically comprises a set of guidelines that describe the organizational structure, responsibilities, procedures, processes, standards, and formats for implementing quality assurance. A quality system is used to achieve quality objectives. The quality objectives of an organization focus on the following aspects: Development of products must conform to the specified requirements. Appropriate processes must be followed in the development process.

Introducing SQA
SQA is a planned and systematic approach for monitoring and improving the software development process. SQA processes evaluate the adherence of a software product to software product standards. These processes also define the procedures used for software development. The procedures consist of SQA activities designed to prevent defects in software. Standards and procedures define the methods for developing quality software, and the role of SQA processes is to ensure the existence and adequacy of these methods.

NIIT

Introducing Software Quality Assurance 1.3

Project SQA Plan

The objective of SQA is to ensure that the software products adhere to the defined standards and follow the processes established for the specific project. To ensure that the quality assurance objectives are met, a project SQA plan is created. An SQA plan details the quality objectives for each project. It is a part of the comprehensive project plan and specifies the QA procedures that the development team needs to implement during each phase of the SDLC. In addition, the SQA plan assigns responsibilities to the development and testing teams for implementing the SQA activities. This plan addresses the following issues: Standards and conventions to be followed by the development team Formats for document deliverables Checklists for evaluating standards compliance and product completeness Deviation from policies and procedures and the rational for deviation Specific software products to be monitored by SQA procedures Methodologies and tools to be used for each product Quality assurance milestones based on project milestones and product deliverables Roles and responsibilities in the SQA processes

SQA Activities
The SQA plan lists the quality assurance activities that need to be followed to develop quality software. SQA activities can be broken down into the following tasks: Application of technical methods: This helps the development team to achieve high quality design specifications and develop high quality software design. Conducting Formal Technical Reviews (FTRs): After the specifications and the design are complete, you need to assess the prototype and product design for quality. You can accomplish this through FTRs. These are structured review meetings in which a team technically assesses the product. Enforcement of standards: This task is a combination of two subtasks: z Process monitoring: This is an SQA activity that ensures that the development team follows the documented steps to complete a process. This is done by comparing the actual steps performed with those listed in the documented procedures. This activity is typically called verification. Verification helps determine whether or not interim deliverables meet their specifications. z Product evaluation: This task evaluates compliance of the final software product to the established standards. This activity is typically called validation. Validation is the process that evaluates a software application at the end of software development to ensure its compliance with the specified requirements.
1.4 Introducing Software Quality Assurance NIIT

To develop a high quality product, you need to perform both verification and validation. SQA processes ensure verification and validation activities by monitoring, reviews, inspections, and walkthroughs. The role of quality personnel in reviews, inspections, and walkthroughs is to observe, participate, and verify that the development team conducts and documents these activities correctly. Control of change: For large software projects, any uncontrolled change rapidly leads to disorder. Change control combines manual methods with automated tools to provide a mechanism for the control of change. This process ensures software quality by formalizing requests for change, evaluating the nature of the change, and controlling the impact of the change. To track the changes made to a software product, you need to maintain versions of all the related items, such as documents and artifacts related to the design phase. These items are known as configuration items and the process of maintaining all versions of these configuration items is known as Configuration Management (CM). This process involves controlling the changes made to any configuration item right from the design phase till the product is released. Measurement: When a product is developed, it must be measured to assess its quality. The quality of a software product can be measured by using software metrics. SQA audits: These are conducted to inspect a process or a product in detail by comparing the process or product with established procedures and standards. Audits review the management, technical, and quality assurance processes being followed during software development. Audits also enable you to check if all documented procedures are followed for software development. Record keeping and reporting: This provides procedures for collecting and circulating SQA information to the senior management. You need to document the results of reviews, audits, change control, testing, and other SQA activities for future reference.

SQA Activities in Various Phases of the SDLC

In addition to the general SQA activities, you need to conduct phase-specific SQA activities during the various phases of the SDLC. The SDLC consists of the following phases: 1. Software conception and initiation 2. Analysis 3. Design 4. Construction 5. Testing

NIIT

Introducing Software Quality Assurance 1.5

SQA Activities in the Software Conception and Initiation Phase SQA activities in the software conception and initiation phase involve reviewing the software project plan. This ensures that the processes, procedures, and standards identified in the plan are specific and clear. The observations of SQA activities in this phase can be recorded in the Software Project Plan Review checklist. The following table shows a sample Software Project Plan review checklist.
Software Project Plan Review Checklist S. No. 1 2 3 4 5 6 7 8 Area of Concern Is the scope of the software unambiguously defined? Is the terminology clear? Are there sufficient resources available? Are all the risks in each category identified? Are all the risks mitigated? Are tasks properly defined and in sequence? Are the pre-established budgets and deadlines realistic? Is the schedule realistic? Software Project Plan Review Checklist (Yes/No)

SQA Activities in the Software Analysis Phase SQA activities in the software analysis phase involve reviewing the Requirements Document created as part of the software requirement phase. This helps to ensure that the software requirements are complete, testable, and correctly expressed as functional, performance, and interface requirements. The observations of SQA activities in this phase can be recorded in the Software Requirements review checklist.

1.6 Introducing Software Quality Assurance

NIIT

The following table shows a sample Software Requirements review checklist.

Software Requirements Review Checklist S. No. 1 Area of Concern Is the analysis of the information domain complete and accurate? Does the data model correctly reflect data objects, their attributes, and relationships? Are all the requirements traceable? Is there a prototype available for the user? Are the requirements consistent with the schedule, the resources, and the budget? Software Requirements Review Checklist (Yes/No)

3 4 5

SQA Activities in the Software Design Phase SQA activities in the software design phase involve assuring the following factors: The design adheres to the approved design standards defined in the management plan created in the project initiation phase. All software requirements are mapped to the software components. All action items are resolved according to the review finding of the high-level design review documentation. The approved design is placed under configuration management. The development team follows approved design standards. The allocated modules are included in the detailed design. The results of design inspections are included in the design. All action items are resolved according to the review findings of the detailed design review documentation.

NIIT

Introducing Software Quality Assurance 1.7

The observations of the design reviews can be recorded in the High-Level Design review checklist and the Detailed Design review checklist. The following table shows a sample High-Level Design review checklist.
High-Level Design Review Checklist S. No. 1 Area of Concern Does the software architecture reflect the software requirements? Are al the modules functionally independent? Are the interfaces defined for modules and external system elements? Is the data structure consistent with the information domain? Is the data structure consistent with the software requirements? High-Level Design Review Checklist (Yes/No)

2 3

4 5

The following table shows a sample Detailed Design review checklist.

Detailed Design Review Checklist S.No. 1 2 3 4 5 6 Area of Concern Does the algorithm accomplish the desired functions? Is the logic of the algorithm correct? Does the interface map to the architectural design? Are the error-handling methods specified? Are the local data structures properly defined? Are structured programming constructs used throughout the code? Detailed Design Review Checklist (Yes/No)

1.8 Introducing Software Quality Assurance

NIIT

SQA Activities in the Software Construction Phase SQA activities in the software construction phase involve assuring the following factors: Audit of the results of coding and design activities including the schedule in the software development plan Audit of configuration management activities and the software development library Audit of deliverable items Audit of nonconformance reporting and corrective action system FTR of code The observations of code review can be recorded in the Code Review checklist. The following table shows a sample Code Review checklist.
Code Review Checklist S. No. 1 2 3 4 5 Area of Concern Is the design correctly translated into code? Are there any incorrect spellings or typing errors? Is the language being used appropriate? Is there compliance with the coding standards? Are necessary comments to be added in the code as per standards? Are there any incorrect or ambiguous comments? Are the data types and data declarations correct? Are the physical constraints appropriate? Code Review Checklist (Yes/No)

6 7 8

SQA Activities in the Software Testing Phase SQA activities in the software testing phase involve monitoring the testing process for conformance to standards. This means ensuring that the software testing process is in accordance with plans and procedures. Test documentation is reviewed for completeness and adherence to standards. SQA activities in this phase also involve reviewing the test

NIIT

Introducing Software Quality Assurance 1.9

plan. The observations from a test plan review are recorded in the Test Plan Review checklist. The following table shows a sample Test Plan Review checklist.
Test Plan Review Checklist S.No. 1 Area of Concern Are the risks of testing phase identified at the beginning of the software project considered and analyzed? Are the scope and assumptions of testing explicitly mentioned? Are the major test phases correctly identified and in sequence? Are major functions demonstrated correctly? Are the types of tests to be performed identified and mentioned? Is the test plan consistent with the project plan? Is the test schedule explicitly defined? Are resources and tools for testing available? Is the Test Entry/Exit Criteria explicitly defined? Is the Test completion criteria explicitly mentioned ? Are the types of defects along with their severity defined? Test Plan Review Checklist (Yes/No)

2 3 4 5

6 7 8 9 10 11

Quality Assurance and Quality Control

Quality activities can be segmented into two categories: Preventive activities Detective activities Quality Assurance (QA) is a planned and systematic set of activities that involve monitoring and improving the software development process. These activities are performed to ensure that development process is adequate to meet the specified
1.10 Introducing Software Quality Assurance NIIT

requirements. QA is oriented to the prevention of defects rather than their detection and is used to implement the defined quality policy of an organization through the process of development and continuous improvement. QA provides adequate confidence that products and services will be developed using quality processes to conform to specified requirements and meet user needs. Some QA activities are: Quality audit: Helps examine and review quality activities, such as walkthroughs and inspections, to determine the compliance of the quality activities with the quality specifications Process definition: Helps define a process to achieve the desired quality Tools selection: Helps select the appropriate tool to achieve the desired quality targets Training: Helps impart the desired skills to the development team to achieve the desired quality targets Peer review: Helps ensure that peer developers review the code Requirements tracking: Helps track changes in requirements or design Quality metrics collection: Helps quantify the quality and accuracy of software Quality Control (QC) is the process by which the quality of a product is compared with specific standards, and action is taken if the quality does not match the applicable standards. QC is oriented to the detection of defects rather than their prevention. Some QC activities include: Inspection: Refers to a structured review of the deliverables of each phase of the SDLC by using checklists. It helps identify potential threats. Testing: Refers to the process of determining defects. It helps ensure the presence of all desirable features and detect undesirable features in an application. Checkpoint review: Refers to the process of checking a series of questions developed to probe potential problem areas of the system. In other words, QA is process-oriented, while QC is product-oriented. This is because QA focuses on the prevention of defects by continuously monitoring and improving the software development process. QC, on the other hand, focuses on the detection of defects in the products created by following the software development process. QA makes sure that you are doing the right things, the right way. QC makes sure that the results of what you have done are what you expected.

NIIT

Introducing Software Quality Assurance 1.11

Role of Metrics in SQA

QA is a planned and systematic set of activities that involves monitoring and improving the software development process. Metrics are important in QA because they help measure and evaluate various aspects of the software development process. These measurements help organizations improve their processes. Metrics are crucial for the development process and project management because they enable you to measure the quality of each factor in a project. Measuring the quality of various factors helps determine if the project will meet time and quality requirements. In addition, over a period of time, metrics help track your progress. You can use metrics to compare various projects of different sizes. After calculating metrics, you need to communicate them to the management and to every person involved in the process. Then, you need to organize several meetings to analyze metrics. Based on the analysis, areas of improvement are identified and suggestions are invited to improve the processes. Based on the suggestions, corrective action is decided and implemented. After implementing the changes, you need to again implement the processes to verify whether or not they solved the problem. The QA and development team decides upon the metrics to be created and tracked in the beginning of a software project. There are four main steps of creating a metric: 1. Defining the goal of the metric: It is important to define a goal because it helps design the metric. The goal should be clear, measurable, and explicit. For example, the goal can be to measure the number of defects reported by the client. 2. Identifying the requirements of the metric: The requirements include human resource, data collection techniques, and methodologies used to process the data. For example, the requirements of a metric that measures the number of defects reported by clients include the availability of quality assurance professionals and past data to specify severity criteria. 3. Identifying the organizational baseline value for the metric: A baseline value is an average value that an organization identifies based on prior experience. A metric is designed to achieve the baseline value. For example, an organization decides that there should not be more than 20 severe defects in the acceptance-testing phase. However, a client detects 42 defects during the phase. In this example, 20 is the baseline value. To measure the worth of a project, compare the baseline value with the actual value. If the actual value is greater than the baseline value, the management needs to discuss ways to reduce the number of defects for similar projects in the future. However, if the number of defects is less than 20, the management can identify the factors that helped maintain the number of defects below the baseline value.

1.12 Introducing Software Quality Assurance

NIIT

4.

Review the metric for its usability: Finally, process experts can test and provide feedback on the metric. The feedback can help enhance the quality of products and the effectiveness of the processes.

NIIT

Introducing Software Quality Assurance 1.13

Activity: Identifying SQA Activities in SDLC Phases

Problem Statement
The quality assurance team at Neways Solutions needs to review the design for WestSide online banking project. To facilitate this project, the team needs to check the high level design document and detailed design document against their respective checklists. Create the high level design and detailed design review checklists specific to WestSide Bank and help the quality assurance team evaluate the design.

Solution
The following table lists the high-level design review checklist for the WestSide online banking project.
High-Level Design Review Checklist S. No. 1 Area of Concern Are all the requirements identified in the software requirements phase covered in the design phase? Are there separate modules for different types of users? Are the interface requirements for each module explicitly specified? Are the modules functionally independent? Is the technology to be used explicitly mentioned? Is the security factor considered as part of the design? Is the application designed using the existing centralized database? Is the facility for news ticker on the Home page provided in the application? High-Level Design Review Checklist (Yes/No)

2 3

4 5 6 7

1.14 Introducing Software Quality Assurance

NIIT

The following table shows the detailed design review checklist for the WestSide online banking project.
Detailed Design Review Checklist S.No. 1 Area of Concern Does the detailed design cover all the aspects identified as part of the high- level design ? Is the interface consistent with the architectural design? When a user logs on to the website using a user name and password, does the interface that appears depend on the users role? Is this condition specified as part of the algorithm ? Is the condition for blocking user account after five unsuccessful login attempts provided? Are all the interfaces user friendly? Are all the variable, functions, and class names meaningful and convey their use? Is the first letter of the variable names specified in small letters and does it specify the data type of the variables? Are the table names in the database meaningful? Detailed Design Review Checklist (Yes/No)

2 3

5 6

NIIT

Introducing Software Quality Assurance 1.15

Practice Questions
1. Which of the following is a quality control activity? a. Quality audit b. Tools selection c. Training d. Inspection Which of the following is a quality assurance activity? a. Testing b. Tools selection c. Inspection d. Walkthrough Which of the following SQA activities involves assessing and reviewing the prototype and product design for quality? a. Application of technical methods b. Conducting FTRs c. Enforcement of standards d. Control of change Which of the following SQA activities ensures that the development team follows the documented steps to complete a process? a. Application of technical methods b. Conducting FTRs c. Enforcement of standards d. Control of change Identify if requirements tracking is a quality assurance or quality control activity. Provide justification to support your answer.

2.

3.

4.

5.

1.16 Introducing Software Quality Assurance

NIIT

Practice Exercise
Exercise 1
Global Software Solutions Inc. is a software development company that provides financial analysis software packages to large and medium-sized financial companies. The company charges an upfront license fee for these packages and recurring fees for mandatory service and support contracts. The company has a software development team of approximately 100 members. During the development process, several team members may work on a software module. The lack of coordination among the team members results in more than one team member simultaneously working on the same module. This leads to multiple versions of the modules being created. This mismanagement causes numerous faults that are detected at the time of testing, resulting in costly reworks. Identify the cause of the companys problem and suggest an appropriate solution.

NIIT

Introducing Software Quality Assurance 1.17

Summary
In this chapter, you learned that: A product is called a quality product if it meets its specified requirements. The quality of the process used to develop a system also affects the quality of the software product. The quality policy specifies the overall intentions and direction of an organization with respect to quality. Quality management is that aspect of the overall management function that establishes and implements the quality policy. A set of guidelines that describe the organizational structure, responsibilities, procedures, processes, and resources for implementing quality management is called a quality system. To ensure that the set of guidelines specified in the quality system are being followed, you need to implement software quality assurance activities in each phase of the system development life cycle. SQA is a planned and systematic approach to monitor and improve the software development process. The project SQA plan specifies the assurance procedures that the development team needs to apply during each phase of the SDLC. SQA activities can be broken down into the following tasks: z Application of technical methods z Conducting FTRs z Enforcement of standards z Control of change z Measurement z SQA audits z Record keeping and reporting Quality methods can be segmented into two categories, preventive and detective. Quality Assurance is oriented toward preventing defects in development products, while Quality Control is oriented toward detecting defects in development products. Some QA activities are: z Quality audit z Process definition z Tools selection z Training

1.18 Introducing Software Quality Assurance

NIIT

Peer review z Requirements tracking z Quality metrics collection Some QC activities are: z Inspection z Testing z Checkpoint review Metrics are crucial for the development process and project management because they can measure the quality of each factor in a project.
z

NIIT

Introducing Software Quality Assurance 1.19

1.20 Introducing Software Quality Assurance

NIIT