CSQA CSQA Certified Software Quality Analyst Questions and Answers

The steps below describe a sample defect tracking process. Depending on the size of the project or project team, this process may be substantially more complex.

1. Execute test and log any discrepancies.

The tester executes the test and compares the actual results to the documented expected results. If a discrepancy exists, the discrepancy is logged as a “defect” with a status of “open.” Supplementary documentation, such as screen prints or program traces, is attached if available.

2. Determine if discrepancy is a defect.

The Test Manager or tester reviews the defect log with an appropriate member of the development team to determine if the discrepancy is truly a defect, and is repeatable. If it is not adefect, or repeatable, the log should be closed with an explanatory comment.

3. Assign defect to developer.

If a defect exists it is assigned to a developer for correction. This may be handled automatically by the tool, or may be determined as a result of the discussion in step 2.

4. Defect resolution process.

When the developer has acknowledged the defect is valid, the resolution process begins.

Quality is a multifaceted concept driven by customer requirements. The level of quality can vary significantly from project to project and between organizations. In IT, the attributes of quality are examined in order to understand the components of quality, and as a basis for measuring quality. Some of the commonly accepted quality attributes for an information system are described in the following figure.

Management needs to develop quantitative, measurable "standards" for each of these quality criteria for their development projects. For example, management must decide the degree of maintenance effort that is acceptable, the amount of time that it should take for a user to learn how to use the system, etc.

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-11 at 2.39.38 PM.png

From a management perspective, processes are needed to:

Explain to workers how to perform work tasks

Transfer knowledge from more experienced to less experienced workers

Assure predictability of work activities so that approximately the same deliverables will be produced with the same resources each time the process is followed

Establish a basic set of work tasks that can be continuously improved

Provide a means for involving workers in improving quality, productivity, and customer satisfaction by having workers define and improve their own work processes

Free management from their activities associated with "expediting work products" to spend more time on activities such as planning, and customer and vendor interaction

From a worker perspective, work processes are important to:

Increase the probability that the deliverables produced will be the desired deliverables

Put workers in charge of their own destiny because they know the standards by which their work products will be evaluated

Enable workers to devote their creativity to improving the business instead of having to develop work processes to build products

Enable workers to better plan their workday because of the predictability resulting from work processes

Force field analysis is a visual team tool used to determine and understand the forces that drive and restrain a change. Driving forces promote the change from the existing state to the desired goal. Opposing forces prevent or fight the change. Understanding the positive and negative barriers helps teams reach consensus faster. Following are sample processes that could benefit by a force field analysis:

Implementing a quality function

Implementing quality management in IT

Developing education and training programs

Establishing a measurement program/process

Selecting a new technique or tool

Implementing anything new

Establishing meaningful meetings

Empowering the work force

The steps below show how a team uses force field analysis:

1. Establish a desired situation or goal statement.

2. Brainstorm and list all possible driving forces.

3. Brainstorm and list all possible restraining forces.

4. Determine the relative importance of reaching consensus on each force.

5. Draw a force field diagram that consists of two columns, driving forces on one side and restraining forces on the other.

6. Select the most significant forces that need to be acted upon using the nominal group technique to prioritize and reduce the number, if there are too many.

7. Proceed to a plan of action on the forces selected in the previous step

Quality Council

A Quality Council is composed of the organization’s top executive and his or her direct reports. It may also be referred to as an Executive Council. The Quality Council acts as the steering group to develop the organization’s mission, vision, goals, values, and quality policy. These serve as critical input to process mapping, planning, measurement, etc. Some large companies opt for more than one level of Quality Council. When multiple levels exist, each organization’s mission and vision tie into that specified by the top council.

Management Committees

Management committees (also called Process Management Committees) are composed of middle managers and/or key staff personnel, and are responsible for deploying quality management practices throughout the organization. One or more committees may be needed depending on the organization’s size and functional diversity. Committees should represent all the skills and functions needed to work on the specific processes or activities.

Teams and Work Groups

Teams are formed under any number of names depending on their purpose. Common names and functions are:

Process Development Teams develop processes, standards, etc.

Process Improvement Teams improve existing processes, standards, etc.

Work Groups perform specific tasks such as JAD, inspection, or testing.

The process teams are composed of a representative group of process owners. Members of work groups will vary depending on the purpose, but suppliers and customers are likely to participateas team members or as reviewers. It may also be desirable for a QA analyst to participate on the team.

Process teams use standard approaches (such as flowcharts, checklists, Pareto analysis) to define, study, and improve processes, standards, procedures, and quality control methods. They may pilot new or revised processes help deploy them to the rest of the organization, and provide process training. They may also serve as process consultants to process owners and others using the process. Approaches and tools used by the team depend on its purpose.

Environmental controls are the means by which management uses to manage the organization. They include such things as organizational policies, the organizational structure in place to perform work, the method of hiring, training, supervising and evaluating personnel, and the processes provided personnel to perform their day-to-day work activities, such as a system development methodology for building software systems.

Auditors state that without strong environmental controls the transaction processing controls may not be effective. For example, if passwords needed to access computer systems are not adequately protected the password system will not work. Individuals will either protect or not protect their password based on environmental controls such as the attention management pays to password protection, the monitoring of the use of passwords that exist, and management’s actions regarding individual workers failure to protect passwords.

Environmental controls are the means by which management uses to manage the organization.

Examples of environmental controls are the review and approval of a new system, limiting access to computer resources and transaction processing controls.

Review and Approval of a New System

This control should be exercised to ensure management properly reviews and approves new IT systems and conversion plans. This review team examines requests for action, arrives at decisions, resolves conflicts, and monitors the development and implementation of system projects. It also oversees user performance to determine whether objectives and benefits agreed to at the beginning of a system development project are realized.

The team should establish guidelines for developing and implementing system projects and define appropriate documentation for management summaries. They should review procedures at important decision points in the development and implementation process.

Limiting Access to Computer Resources

Management controls involve limiting access to computer resources. It is necessary to segregate the functions of systems analysts, programmers, and computer operators. Systems analysts and programmers should not have physical access to the operating programs, and the computer files. Use of production files should be restricted to computer operating personnel. Such a restriction safeguards assets by making the manipulation of files and programs difficult. For example, assume a bank’s programmer has programmed the demand deposit application for the bank. With his knowledge of the program, access to the files in the computer room on which information about the demand depositors is contained may allow him to manipulate the account balances of the bank’s depositors (including his own balance if he is a depositor).

Transaction Processing Controls

The object of a system of internal control in a business application is to minimize business risks. Risks are the probability that some unfavorable event may occur during processing. Controls are the totality of means used to minimize those business risks.

There are two systems in every business application. The first is the system that processes business transactions, and the second is the system that controls the processing of business transactions. From the perspective of the system designer, these two are designed and implemented as one system. For example, edits that determine the validity of input are included in the part of the system in which transactions are entered. However those edits are part of the system that controls the processing of business transactions.

Because these two systems are designed as a single system, most software quality analysts do not conceptualize the two systems. Adding to the difficulty is that the system documentation is not divided into the system that processes transactions and the system that controls the processing of transactions.

Common Causes of Variation

All processes contain some inherent variation, or common causes of variation. The amount of variation in a process is quantified with summary statistics (the mean and standard deviation).

A process is defined as stable when its mean and standard deviation remain constant over time. Processes containing only common causes of variation are considered stable. As a stable process is predictable, future process values can be predicted within the control limits with a certain amount of belief. A stable process is said to be in a state of statistical control.

One researcher1 provides the following thoughts on common causes of variation:

"Process inputs and conditions that regularly contribute to the variability of process outputs.”

“Common causes contribute to output variability because they themselves vary.”

Special Causes of Variation

Special causes of variation are not present in a process. They occur because of special or unique circumstances. In the IT example of abnormal terminations in a computer operation, special causes might include operator strikes, citywide power outages, or earthquakes.

If special causes of variation exist, the process may be unpredictable, and therefore unstable. A state of statistical control is established when all special causes of variation have been eliminated (the operator strike ends, citywide power returns or business returns to normal operations after an earthquake).

Brian Joiner summarized special causes of variation as follows:

"Process inputs and conditions that sporadically contribute to the variability of process outputs.”

“Special causes contribute to output variability because they themselves vary.”

Consider questions such as:

How big is the risk?

What exactly is being exposed to the risk?

Can this be considered an acceptable risk?

What alternatives are there?

Will alternatives invoke additional risks?

As it is impossible to be completely certain of the impact or likelihood of many events, these events are estimated using a combination of historical data, knowledge of the event, and experience and judgment. Tools such as simulation, decision trees, or calculating a monetary value are used. Risk can be calculated by structured (associated with data) and unstructured (focus on judgment and experience) methods. Regardless of the method used, two elements must always be considered:

The probability of such an event occurring

The resulting impact if the event occurs

Verification ensures that the system (software, hardware, documentation, and personnel) complies with an organization’s standards and processes, relying on review of non-executable methods. Validation physically ensures that the system operates according to plan by executing the system functions through a series of tests that can be observed and evaluated. Verification answers the question, “Did we build the right system?” while validation addresses, “Did we build the system right?”

Keep in mind that verification and validation techniques can be applied to every element of the computerized system. You’ll find these techniques in publications dealing with the design and implementation of user manuals and training courses, as well as in industry publications.

1

Lack of involvement by management

Management's unwillingness to accept full responsibility for all defects

Failure to determine the cost associated with defects (i.e., poor quality)

Failure to initiate a program to "manage defects"

Lack of emphasis on processes and measurement

Failure to enforce standards

Failure to reward people for following processes

Lack of knowledge about quality

Lack of a quality vocabulary, which makes it difficult to communicate quality problems and objectives

Lack of knowledge of the principles of quality (i.e., what is necessary to make it happen)

No categorization scheme for defects (i.e., naming of defects by type)

No information on the occurrence of defects by type, by frequency, and by location

Unknown defect expectation rates for new products

Defect-prone processes unknown or unidentified

Defect-prone products unknown or unidentified

An economical means for identifying defects unknown

Proven quality solutions are unknown and unused

Auditors state that without strong environmental controls the transaction processing controls may not be effective. For example, if passwords needed to access computer systems are not adequately protected the password system will not work. Individuals will either protect or not protect their password based on environmental controls such as the attention management pays to password protection, the monitoring of the use of passwords that exist, and management’s actions regarding individual workers failure to protect passwords.

The object of a system of internal control in a business application is to minimize business risks. Risks are the probability that some unfavorable event may occur during processing. Controls are the totality of means used to minimize those business risks.

There are two systems in every business application. The first is the system that processes business transactions, and the second is the system that controls the processing of business transactions. From the perspective of the system designer, these two are designed and implemented as one system. For example, edits that determine the validity of input are included in the part of the system in which transactions are entered. However, those edits are part of the system that controls the processing of business transactions.

Because these two systems are designed as a single system, most software quality analysts do not conceptualize the two systems. Adding to the difficulty is that the system documentation is notdivided into the system that processes transactions and the system that controls the processing of transactions.

A mission statement explains why a company, organization, or activity exists, and what it is designed to accomplish. It clearly and concisely describes the work that is done, providing direction and a sense of purpose. The mission should focus on products and services and be customer-oriented. During implementation, the mission is constrained by the vision and values. Examples of mission statements include:

From Arco Transportation Company Information Services: "The mission of information services is to provide the appropriate computing network, products, and services and support of the strategies, goals, and objectives of the company."

From the Ford Motor Company (listed in their Ford Q-101 Quality Systems Standard, January 1986): “Ford Motor Company is a worldwide leader in automotive and automotive-related products and services as well as in newer industries such as aerospace, communications, and financial services. Our mission is to improve continually our products and services to meet our customers’ needs, allowing us to prosper as a business and to provide a reasonable return for our stockholders, the owners of our business.”

Vision

Leaders provide a vision, which is a clear definition of the result to be achieved. Organizations without a vision flounder. The vision establishes where the organization desires to move from its current state. It gives everyone a direction to work towards. Senior management should establish the vision, ensuring how it contributes to the business is clear. A vision is simple and concise, and it should be understood and supported by all.

Examples of visions include:

From the Quality Assurance Institute: “Our vision is to produce competent and successful quality assurance analysts.”

From the Eastman Kodak Company: "We see ourselves now and in the future as a company with a strong customer franchise, known for reliability, trust, and integrity in all relationships. Our business will be based on technologies that have evolved over our long history, and which will give us unique advantages over our competition. These technologies will span our core businesses, and will also go beyond boundaries we can see today.”

From the Ford Motor Company: "A worldwide leader in automotive and automotive related products and services as well as in newer industries such as aerospace, communications, and financial services."

President Kennedy had a vision of putting a man on the moon before 1970.

QA analysts should have a vision of improving quality, productivity, and customer satisfaction.

Please check the explanation for detailed answer.

Plan (P): Devise a plan - Define the objective, expressing it numerically, if possible. Clearly describe the goals and policies needed to attain the objective at this stage. Determine the procedures and conditions for the means and methods that will be used to achieve the objective.

Do (D): Execute the plan - Create the conditions and perform the necessary teaching and training to ensure everyone understands the objectives and the plan. Teach workers the procedures and skills they need to fulfill the plan and thoroughly understand the job. Then perform the work according to these procedures.

Check (C): Check the results – As often as possible, check to determine whether work is progressing according to the plan and whether the expected results are obtained. Check for performance of the procedures, changes in conditions, or abnormalities that may appear.

Act (A): Take the necessary action - If the check reveals that the work is not being performed according to plan, or if results are not what were anticipated, devise measures for appropriate action. Look for the cause of the abnormality to prevent its recurrence. Sometimes workers may need to be retrained and procedures revised. The next plan should reflect these changes and define them in more detail.

Using defects to improve processes is not done by many organizations today, but it offers one of the greatest areas of payback. NASA emphasizes the point that any defect represents a weakness in the process. Seemingly unimportant defects are, from a process perspective, no different from critical defects. It is only the developer’s good luck that prevents a defect from causing a major failure. Even minor defects, therefore, represent an opportunity to learn how to improve the process and prevent potentially major failures. While the defect itself may not be a big deal, the fact that there was a defect is a big deal.

Based on the research team findings, this activity should include the following:

Go back to the process that originated the defect to understand what caused the defect

Go back to the verification and validation process, which should have caught the defect earlier

Not only can valuable insight be gained as to how to strengthen the review process, these steps make everyone involved in these activities take them more seriously. This human factor dimension alone, according to some of the people the research team interviewed, can have a very large impact on the effectiveness of the review process.

A process can be measured by either of the following:

Attributes of the process, such as overall development time, type of methodology used, or the average level of experience of the development staff.

Accumulating product measures into a metric so that meaningful information about the process can be provided. For example, function points per person-month or LOC per person-month can measure productivity (which is product per resources), the number of failures per month can indicate the effectiveness of computer operations, and the number of help desk calls per LOC can indicate the effectiveness of a system design methodology.

There is no standardized list of software process metrics currently available. However, in addition to the ones listed above, some others to consider include:

Number of deliverables completed on time

Estimated costs vs. actual costs

Budgeted costs vs. actual costs

Time spent fixing errors

Wait time

Number of contract modifications

Number of proposals submitted vs. proposals won

Percentage of time spent performing value-added tasks