Software Certifications CSQA CSQA Certified Software Quality Analyst Exam Practice Test

The two types of models that exist, staged and continuous, are discussed below.

Staged models

Staged models are composed of a number of distinct levels of maturity. Each level of maturity is further decomposed into a number of processes that are fixed to that level of maturity. The processes themselves are staged and serve as foundations for the next process. Likewise, each level of maturity is the foundation for the next maturity level.

The Software Engineering Institute’s Capability Maturity Model Integration (CMMI) is an example of a staged model, although it now has a continuous representation. See page 140 for more information.

Continuous models

In the continuous model, processes are individually improved along a capability scale independent of each other. For example, the project planning process could be at a much higher capability level than the quality assurance process.

ISO/IEC 15504 (SPICE) is an example of a continuous assessment model as is the continuous representation of The Software Engineering Institute’s Capability Maturity Model Integration (CMMI) a continuous process reference model.

While watching the demonstration, let part of your mind be a casual overseer of the entire process. Attempt to get a feel for what is happening and how that might impact your business. You want to end up being able to assess whether you feel good about the software. If you have concerns, attempt to articulate them to the demonstrator as well as possible to determine how the demonstrator responds and addresses those concerns.

To map processes, executive management (Quality Council) must have identified the organization's mission, long and short-term goals, organizational structure, and deliverables. If formal strategic planning is not regularly performed, identifying an organization's mission and goals is difficult.

Processes should be mapped to mission and goals, to functional units (people), and to deliverables in separate matrices. The following generic process can be used for each mapping:

1. Create a matrix.

2. List processes across the top of the matrix.

3. On the left side of the matrix, list the goals, functional units or roles or deliverables.

4. Identify the linkages between the rows and columns, as follows:

A process may support multiple goals. Put an X in the intersection to acknowledge a linkage only if the stability or quality of the process could influence meeting goals. If all processes contribute to all goals, decompose the mission and goals further. The resulting Manage-by-Process matrix is a process map.

Processes have primary owners, suppliers and customers. Identify a linkage in this matrix by using “O”, “S” or “C” in the intersection to distinguish between the roles.

Deliverables can be internal such as design specifications, or external such as user manuals. In this matrix indicate the usage of the deliverable by placing a “C”, “R”, “U” and/or “D” in the intersection. “C” is used when the deliverable is created, or the service is provided through the process. “R” indicates the deliverable is referenced or used as input to the process. “U” indicates the deliverable is updated or revised in the process. “D” means the deliverable is deleted, or retired, etc.

5. For mission and goal mapping, look for gaps where goals are not supported by processes. Consider removing any processes that do not support goals, as they do not add value. For functional unit mapping, look for gaps where units do not have processes. For deliverable mapping, look for gaps where deliverables do not have processes or vice versa.

6. If the mapping identified any new processes, add them to the inventory.

Independent monitoring are those monitoring activities, which are performed by individuals not employed by the organizational unit responsible for the work. Independent monitoring can be performed by:

An organizational unit established for the purpose of monitoring

For example, in health care units, an “HIPAA compliance group” might be established to monitor compliance to HIPAA requirements.

Internal auditors

An audit activity within the organization who is independent from the organization they monitor or audit, and generally independent from the management over the activity being monitored.

External auditors

Auditors engaged by the Board of Directors to evaluate the adequacy of the organization’s system of internal control and other activities governed by auditing standards.

The extensiveness of independent monitoring is normally determined by the adequacy of the organization’s system of internal controls. If those performing independent monitoring believe that the system of internal control is effective, the extent of their monitoring will decrease. On the other hand, if there’s significant weakness in the system of internal control, monitoring will be increased.

Force field analysis is a visual team tool used to determine and understand the forces that drive and restrain a change. Driving forces promote the change from the existing state to the desired goal. Opposing forces prevent or fight the change. Understanding the positive and negative barriers helps teams reach consensus faster. Following are sample processes that could benefit by a force field analysis:

Implementing a quality function

Implementing quality management in IT

Developing education and training programs

Establishing a measurement program/process

Selecting a new technique or tool

Implementing anything new

Establishing meaningful meetings

Empowering the work force

The steps below show how a team uses force field analysis:

1. Establish a desired situation or goal statement.

2. Brainstorm and list all possible driving forces.

3. Brainstorm and list all possible restraining forces.

4. Determine the relative importance of reaching consensus on each force.

5. Draw a force field diagram that consists of two columns, driving forces on one side and restraining forces on the other.

6. Select the most significant forces that need to be acted upon using the nominal group technique to prioritize and reduce the number, if there are too many.

7. Proceed to a plan of action on the forces selected in the previous step

Verification requires several types of reviews, including requirements reviews, design reviews, code walkthroughs, code inspections, and test reviews. The system user should be involved in these reviews to find defects before they are built into the system. In the case of purchased systems, user input is needed to assure that the supplier makes the appropriate tests to eliminate defects. The following table shows examples of verification. The list is not exhaustive, but it does show who performs the task and what the deliverables are. For purchased systems, the term “developers” applies to the supplier’s development staff.

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-11 at 6.18.47 PM.png

Validation is accomplished simply by executing a real-life function (if you wanted to check to see if your mechanic had fixed the starter on your car, you’d try to start the car). Examples of validation are shown in the following table. As in the table above, the list is not exhaustive.

Determining when to perform verification and validation relates to the development, acquisition, and maintenance of software. For software testing, this relationship is especially critical because:

The corrections will probably be made using the same process for developing the software. If the software was developed internally using a waterfall methodology, that methodology will probably be followed in making the corrections; on the other hand, if the software was purchased or contracted, the supplier will likely make the correction. You’ll need to prepare tests for either eventuality.

Testers can probably use the same test plans and test data prepared for testing the original software. If testers prepared effective test plans and created extensive test data, those plans and test data can probably be used in the testing effort, thereby reducing the time and cost of testing.

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-11 at 6.20.18 PM.png

There are several concerns that need to be addressed when one of the methods of implementation is contracting for software development. These review concerns are:

Control specification- The controls desired in the application should be specified in enough detail during the feasibility study so that the individual negotiating for an application can include those control specifications in the contract negotiation.

Needed installation date- The date on which the application is to go into production should be specified. Many applications lose a large portion of their benefits if the application is not installed when needed. For example, an application designed to provide special promotions for Christmas shopping would be of little value if it is not completed in time for Christmas purchasing. Specifying this date may indicate whether an application needs to be purchased, or whether it can be developed in-house.

Value of applications- The benefits to be obtained from an application should be specified. These are the benefits above and beyond what is currently being obtained from the existing method of performing the tasks. The benefits need to be quantified. For example, benefits like improved customer service are of limited aid in making business decisions on installing or purchasing new applications. The objective of having a stated dollar value.

Useful life- The expected life of the application should be stated. For example, if it is expected that the requirements and technology needed will satisfy the needs of the organization for an eight-year period, that should be stated. Where it is difficult to estimate a specific useful life, a range such as 5-10 years is often sufficient.

Confidentiality of application- Feasibility studies should state the confidentiality of the application to the organization. This importance would deal with the need to keep the processing rules confidential. For example, the application may include the formula used in creating products for production. Since the application contains those formulas, it contains the trade secrets of the organization, which must be adequately protected.

Objectives/Goals Planning

Setting the project objectives/goals is an important component of the planning cycle. Goals and objectives should be measurable and achievable. If goals are not measurable it will be difficult to determine whether or not the project is successful. If the goals are not achievable the assigned staff are in a “no win” situation. However, some management philosophies believe in using stretch goals to push people to achieve a higher level of performance. Specifically, this activity should address:

Project objectives and goals expressed in quantitative terms

Any qualifications for objectives that can impact the sequence of work, or alternative strategies can be determined

Quality and productivity goals

Assumptions/Potential Planning

This planning activity identifies those probable developments that will affect the ability to achieve the project objectives. These developments should be as specific as possible in terms of how much and when. In this activity the planners are trying to describe what will happen in the next month or years so that implementation can seize any new opportunities that may develop. Specifically, this planning activity should address:

Assumptions which if not correct will impact the success of the project

Current opportunities received from implementing the project

How future opportunities will be identified during the implementation and operation timeframe of the project.

Total quality management (TQM) is the term used by many to indicate an organization-wide effort of continuous process improvement. The Federal Quality Institute defines TQM as a strategic, integrated management system for achieving customer satisfaction, which involves all managers and employees and uses quantitative methods to continuously improve an organization's processes.

Some additional thoughts on TQM include:

The improved performance is directed toward satisfying such cross-functional goals as quality, cost, schedule, mission, need and suitability.

TQM is a process of controlled change.

Central to the TQM approach is the change in management philosophy regarding the "responsibility for quality." Formerly it rested with a separate group of individuals in a department/directorate/division often designated as quality assurance. Under TQM, the responsibility rests with every employee, beginning with top management. Skill Category2 provides additional insight into the change in management philosophy, new behaviors for management and leadership.

TQM is accomplished using a team organization; both management and the employees are members of "quality teams" (also called process improvement or process action teams), that focus on continuous process improvement. Suggestions to improve the quality of a particular process should come from the employees and the managers who work in the process, as they know it best.

Communication must be encouraged to allow employees and management to work together to reach the mutual goal of continuous process improvement.

Brainstorming

Brainstorming is a technique used to quickly generate a quantity of creative or original ideas on or about a process, problem, product, or service. Brainstorming can be used to:

Develop a vision

Review inputs, outputs, and flows of existing processes

Create a list of products or services

Eliminate wasteful and redundant work activities

Reengineer a process, product, or service

Design a new or improved process

Establish standards, guidelines, or measures

Identify the internal and external customers served

Improve the work environment

Gather data for use with other tools

Affinity Diagram

The affinity diagram is an orderly extension of a structured brainstorming session. Teams use this tool to help create order out of chaos, by categorizing large numbers of ideas. Rather than having teams react logically to a group of ideas, this technique helps to identify more creative solutions or to structure ideas for a cause-and-effect diagram.

Nominal Group Technique

The nominal group technique is a structured, facilitated technique where all team members participate by individually ranking ideas, issues, concerns, and solutions, and then achieve consensus by combining the individual rankings.

Cause-and-Effect Diagram

Teams use cause-and-effect diagrams to visualize, clarify, link, identify, and classify possible causes of problems in processes, products, and services. They are also referred to as "fishbone diagrams," “why-why diagrams,” or "Ishikawa diagrams" (after Kaoru Ishikawa, a quality expert from Japan).

Actual experience with measurement suggests that recurring costs of 2 - 3% of direct project costs are adequate for data collection and analysis and for project tracking and monitoring. This small price buys real help in meeting project goals, and in increasing project control through better budgeting, problem anticipation, risk reduction, and incremental process improvement.

Structural testing is considered white-box testing because knowledge of the internal logic of the system is used to develop test cases. Structural testing includes path testing, code coverage testing and analysis, logic testing, nested loop testing, and similar techniques. Unittesting, string or integration testing, load testing, stress testing, and performance testing are considered structural.

Functional testing addresses the overall behavior of the program by testing transaction flows, input validation, and functional completeness. Functional testing is considered black-box testing because no knowledge of the internal logic of the system is used to develop test cases. System testing, regression testing, and user acceptance testing are types of functional testing.

Structural Testing

Advantages

The logic of the software’s structure can be tested.

Parts of the software will be tested which might have been forgotten if only functional testing was performed.

Functional Testing

Advantages

Simulates actual system usage.

Makes no system structure assumptions.

Process improvement must be accomplished by emphasizing teamwork. The PIT component addresses this need. Every member of the organization should become involved in the process improvement process. Not everyone must be on a team, although as many teams as practical should be organized. The two methods below are recommended for creating the teams.

Natural Work Group

Natural work groups, such as a system development project team, characterize the way companies currently organize their employees. Using natural work groups for a PIT is the easiest, quickest, and least confusing method. Generally, these teams already exist, and the members have established working relationships. They are also usually aware of improvements that could be made to improve the effectiveness of their work group.

If natural work group teams elect to address problems that impact beyond their team, the improvement process should support the collaboration of multiple teams working on problems with a broad scope. The measurement system would be required to track and report these instances, so appropriate reward and recognition would occur for these shared team efforts.

Interdepartmental Teams

This method of organizing teams across departmental boundaries promotes interdepartmental teamwork and contributes to breaking barriers (and problems) that exist within organizations.

It is also an excellent way to address problems that affect more than one work group or department. Because these types of problems are typically more complex, it is only recommended as a method of organizing when the PITs are mature.

Measure

A measure is a single quantitative attribute of an entity. It is the basic building block for a measurement program. Examples of measures are lines of code (LOC), work effort, or number of defects. Since quantitative measures can be compared, measures should be expressed in numbers.

For example, the measure LOC refers to the “number” of lines and work effort refers to the “number” of hours, days, or months.

Metrics

A metric is a derived (calculated or composite) unit of measurement that cannot be directly observed, but is created by combining or relating two or more measures. A metric normalizes data so that comparison is possible. Since metrics are combinations of measures they can add more value in understanding or evaluating a process than plain measures. Examples of metrics are mean time to failure and actual effort compared to estimated effort.

Reduce the Number of Vendors

Requiring statistical evidence of quality control in the purchase of hardware and software will mean, in most companies, drastic reduction in the number of vendors with whom they deal. Companies will have to consider the cost of having two or more vendors for the same item. A company will be lucky to find one vendor that can supply statistical evidence of quality. A second vendor, if they cannot furnish statistical evidence of their quality, will have higher costs than the one that can furnish the evidence, or they will have to chisel on their quality, or go out of business. A person that does not know his/her costs or whether today's distribution of quality can be repeated tomorrow is not a good business partner.

Use Statistical Methods to Find Sources of Trouble

Which are user faults? Which faults belong to IT? Put responsibility where it belongs. Do not rely on judgment because it always gives the wrong answer on the question of where the fault lies. Statistical methods make use of knowledge of the subject matter where it can be effective, but supplant it where it is a hazard.

Constantly improve the system. This obligation never ceases. Most people in management do not understand that the system (their responsibility) is everything not under the governance of a user.

Institute Modern Aids to Training on the Job

Training must be totally reconstructed. Statistical methods must be used to learn when training is finished, and when further training would be beneficial. A person once hired and trained and in statistical control of his/her own work, whether it be satisfactory or not, can do no better. Further training cannot help. If their work is not satisfactory, move them to another job, and provide better training there.

A baseline study is one designed to quantitatively show the current status of an activity, program, or attitude. It both shows “how you are doing” and provides a quantitative base from which change can be measured.