Subjective CSQA

8/3/2019 Subjective CSQA

1/46

Subjective Questions

Give three examples from IT organization where Pareto analysis of 80:20

holds good.

1. Defect Analysis

2. Failures found in production

3. Cycle/Delivery Time reduction

4. Employee Satisfaction/Dissatisfaction

5. Customer Satisfaction/Dissatisfaction

6. Help Desk problems

The process for using Pareto charts is described in the following steps:

1. Define the problem clearly using any of the tools from Quality Toolbox

(e.g., Use brainstorming, affinity diagrams, or cause-and-effect diagrams)

2. Collect a sufficient sample size of data over the specified time, or use

historical data, if available

3. Sort the data in descending order by occurrence or frequency of causescharacteristics

4. Construct the Pareto Chart and draw bars to correspond to the sorted data

in descending order, where the x axis is the problem category and the y

axis is frequency

5. Determine the vital few causes on which to focus improvement efforts

6. Compare and select major causes, repeating the process until the

problems root causes are reached sufficiently to resolve the problem

2. List down some Standard Helpdesk problem.

1. Terminal kbd locked

2. Terminal 123x is hung

3. Terminal shows no cursor on the screen

4. Unable to start session


2/46

5. Unable to print from E-mail

6. Terminal 324x cant access menu

7. Model X printer not printing

8. System logs user off

9. Unable to print reports

10. Terminal 789x unable to logon

11. Transactions abending

12. System drops session

13. Unable to get out of application

14. System accepts invalid data

15. Unable to connect with host

16. Users cannot catalog

17. Cannot log on to e-mail

18. Users hung in application

19. User unable to access printer

20. System sends error xxx

21. Not able to logon to the system

22. Printer not working

23. Email server Down

24. Hung system (Machine not responding)

25. Keyboard/Mouse not working

3. You have been asked by a systems development project leader for your

help in developing a test plan. The project leader wants to know what

should be included in a test plan. He has asked you to develop a brief table

of contents for a test plan. What would you include in that table of contents

and why?

Test Plan Template, according IEEE 829 standards

1. Test Plan Identifier

2. References

3. Introduction

4. Test Items


3/46

5. Software Risk Issues

6. Features to be Tested

7. Features not to be Tested

8. Approach

9. Item Pass/Fail Criteria

10. Suspension Criteria and Resumption Requirements

11. Test Deliverables

12. Remaining Test Tasks

13. Environmental Needs

14. Staffing and Training Needs

15. Responsibilities

16. Schedule

17. Planning Risks and Contingencies

18. Approvals

19. Glossary

4. What are the steps that you would follow while doing Regression

testing?

Or

The code has been given for regression testing. Write the process to be

followed.

In simple,

1. Identify the areas that are not changed

2. Select the type of regression testing that needs to be done i.e unit

regression, regional or full regression

3. Determine if regression testing would be done with downstream

applications

4. Check the availability of budget, resource, time

5. Select the testcases

6. Use a tool to expedite regression testing (if available)

7. Execute the testcases

8. In case any defects are observed, close it asap.


4/46

Risk-based Test Case Selection for regression testing

Risk-based Test Selection approach has four main steps.

Step 1: Estimate the cost for each test case:

Cost is categorized on a one to five scale, where one is low and five is high. Two

kinds of costs will be taken into consideration:

1) The consequences of a fault as seen by the customer, for example, losing

market share because of faults,

2) The consequences of a fault as seen by the vendor, for example, high

software maintenance costs because of faults.

Step 2: Derive severity probability for each test case:

For each test case, we compute severity probability depending on the number of

defects and the severity of defects. Severity probability falls into a zero to five

scale, where zero is low and five is high.

Step 3: Calculate Risk Exposure for each test case:

Risk Exposure is the multiplication of Cost and severity probability. To enhance

or focus the results, we can also add weights to test cases that we need to give

preference to.

Step 4: Select test cases that have the highest values of Risk Exposure as

Safety Tests (Safety Tests check that serious failures do not occur).

Risk-based Test Scenario Selection

Since end-to-end scenarios involve many components of the system working

together, they are highly effective at finding regression faults. Our selection

strategy obeys two rules:

R1: Select scenarios to cover the most critical test cases.

R2: Ensure scenarios cover as many test cases as possible.

Based on a traceability matrix showing the relation between end-to-end test

scenarios and test cases, our risk-based test scenario selection approach also

has four main steps.

Step 1: Calculate Risk Exposure REs for each scenario:


5/46

Using the traceability matrix, we can simply calculate the Risk Exposure for each

scenario by summing up the Risk Exposure for all test cases that this scenario

covers.

Step 2: Select the scenario with highest REs

Step 3: Update the traceability matrix (remove selected scenarios and covered

test cases, and re-calculate REs):

When running the chosen scenario, all test cases covered by the scenario will be

executed. According to our selection rules, these test cases should not affect our

selection any more. We should focus on those test cases that have not yet been

executed. In our approach, we cross out the column for the chosen scenario, and

rows for all the test cases covered by the scenario. All of this is easily automated.

Step 4: Repeat Steps 2 and 3 as desired.

5. What are the phases involved in SDLC? What, when, where and why do

QA and Testers play a role in these phases.

First point refers to Tester role & second - QA

Initiation

. Provide input for estimating testing efforts

QA-Kickoff meeting participation; Giving Process training to the team;

Definition

Review of functional requirement document

Design test strategy

QA-Req Review; Project Plan Review; Giving Tailoring Guidance

System Design

Review of system design doc, interface agreement doc etc

QA-Design Review

Programming & Training

Test plan/specification preparation

Preparation of Test Data

Preparation of Test environment

QA-Test Plan Review; Oversee Code reviews; Ensure proper collection of review

data & other metrics


6/46

Evaluation & Acceptance

Perform various validation activities like integration testing, system testing

Test manager: oversees acceptance testing

Tracking defects

QA-Oversee integration & system testing according to the standard processes

Installation & Operation

o Ensure properly tested code is shifted to production

QA-Ensuring Formal project closure & project data is submitted to Organizations

Process Database

Role of QA other than those in SDLC(in general):

y Developing policies, procedures and standards

y Acquiring and implementing tools and methodologies

y Marketing creating awareness of quality programs and concepts

y Measuring quality

y Defining, recording, summarizing and presenting analyses

y Performing process analysis (statistical process control)

11. What are the responsibilities of the following participants in Effective

Quality Management?

IT Management

Quality Control Dept

QA Dept

It is important to understand Qlty Mgt before listing down & differentiating the

responsibilities of different roles.

Quality management:

a philosophy and a set of guiding principles that represent the foundation of a

continuously improving organization.

the application of quantitative methods and human resources to improve the

products and services supplied to an organization, all processes within an

organization, and the degree to which the current and future needs of the


7/46

customer are met.

integrates fundamental management techniques, existing improvement efforts,

and technical tools under a disciplined approach focused on continuous

improvement. It is a culture change.

IT Mgmt

IT management involved in a corporate quality management program should

undertake the following four actions in an effort to rethink and assign their quality

responsibilities:

1. Determine what new, changed, and continued quality responsibilities will be

assigned to the IT group as a result of the corporate quality program.

2. Evaluate the capability of the IT group to deploy quality initiatives within and

outside the group. Define the skills, commitment, and quality approaches

currently available to line management.

3. Determine the value added by utilizing IT QA analysts to support corporate

quality management initiatives.

4. Develop a plan to assimilate and leverage the current function into the quality

support activity needed to support both the corporate quality management

program and IT quality responsibilities.

More clearly :-

Understand the concept of quality management, which includes understanding

the degree to which the current and future needs of the customer (internal as well

as external) are met

Executive management's commitment to quality should be expressed in writing

to all employees in the form of a quality policy.

Adopt behaviors required to show commitment

Accept the need to change to participative leadership

Lead in the development of a quality management implementation plan

Lead the formation of the implementation organization

Lead the planning for process improvement teams

Provide funds for training


8/46

Provide time for training and meetings

Identify quality standards and measures

Publicize and reward results

Monitor and measure progress

Provide personnel and other resources

QC

To identify the most logical points in the process to add controls.

To determine whether the product conforms to a standard or procedure i.e.,

compliance checks

Create the Software V&V Plan

Conduct Management Review of V&V

Support Management and Technical Reviews

Interface with Organizational and Supporting Processes

Creation of V&V Report

Software Change Control/Configuration Control (if CCB is a overseen by QC

dept)

Defect Management - Usage of checklist, standards for defect identification and

removal.

Defect measurement & deposit

QA

Set up Quality Improvement Team, Measurement team and awareness Team -

Crosby

Help define and implement the scope, validity, use, and management of the

data and information that underlie the corporations corporate quality

management system

Developing the companys base of data and information used for planning and

day-to-day management.

Evaluation of how quality and data and information reliability, timeliness, and

access are assured.

Developing the companys approach to selecting quality-related competitive


9/46

comparisons and world-class benchmarks to support quality planning, evaluation,

and improvement.

Determining how data and information are analyzed to support the companys

overall quality objectives.

Improve standards by involving employees Deming and TQM

Institute modern aids to training,

Institute training program to retrain and on statistical methods

Defect Prevention

12. All processes and standards have been followed in the lifecycle of a

particular project, yet the project is consistently behind schedule, is over

budget and the customer is unhappy. State briefly what you think are

reasons behind this and who's responsible.

or

You are the QA Manager. There are well-defined standards, process,

procedures etc., in place. Your development team strictly followed and

produced the product. But the customer is dissatisfied, as the product was

delivered very late, (Schedule overrun) and over-budget. Also the customer

was not happy with the functioning. What would you do now?

Considering all these main considerations we cannot do much about the

schedule overrun and the cost incurred through that. Therefore the only way to

gain customer satisfaction back is to concentrate and solve the Customer

dissatisfaction issue. In a situation like this the best way to go about this would

to be

1. Get on your customers wavelength- By reacting positively to their concern,

getting to the same wavelength and give undivided attention to the current

issue

2. Get the facts-Ask questions, record conversations, Listen carefully, obtain

feelings and concerns

3. Establish and initiate an action program Even if the requirements are not

valid issues we still need to take consideration of the pressing issue and

provide a solution for this.


10/46

4. Can negotiate a satisfactory resolution with the customer by suggesting a

resolution and getting the agreement and implement the resolution with

customer consent.

5. If required there could be sessions (JAD Sessions) where the customer

and the development team could meet up and discuss any discrepancies.

6. Follow up with the customer to validate whether they are satisfied with the

new solution being implemented

Possible reasons could be:

y Estimation of the efforts is not proper (Over Budget) Project Manager

y Project Plan is not properly developed -Project Manager

y Project Tracking is not proper - Project Manager is responsible forschedule slippage and Effort over run

y Change Control Process need to be looked into Configuration Controller

y Processes may need to be revisited and changed QA is responsible

y Look at standards for improvement Project Manager - Deming

y Lack of emphasis on measurement

y No Defect Prevention Project Manager

y Defect Elimination is not done properly Project Manager

y Failure to determine the cost associated with defects Project Managery Failure to initiate programs to Manage defects Project Manager

y Most economical means for identifying defects unknown

y Managements unwillingness to accept full responsibility for all defects

Deming and Crosby principle

y Inability to follow V-Testing to capture defects earlier in the lifecycle

13. Your operational dept encounters production defect at the rate of3

defects per1000 lines of code. During a vendor meet you come acrossanother company XYZ that is of the same size of yours and in the same

industry. This companys production defect is 2 defects per1000 lines of

code. Can you conclude that the XYZ operation dept is better that yours.

Can you use this for benchmarking? Explain.

OR


11/46

If two organisations with same standards, one having 10 defects per1000

KLOC and the other one having 12 defects per1000 KLOC can be

compared? Yes or No? Explain.

Here, a decision cant be taken on a pure objective basis as there are many other

factors that need to be considered while comparing the two defect densities.

1. Firstly, it should be made sure that the two defect densities to be

compared are normalized on common factors.

2. Usually defect density normalization with respect to function points are

preferred over KLOC. For example, while considering language

differences, the fact that Visual Basic doesn't readily lend itself to LOC

counts makes Function Point sizing the more appropriate common base

across all three projects.

3. In some cases, the modules in which few faults are discovered during

testing may simply not have been tested properly. Those modules which

reveal large numbers of faults during testing may genuinely be very well

tested in the sense that all the faults really are 'tested out of them'. The

key missing explanatory data in this case is, of course, testing effort.

4. Another hypothesis is the popular software engineering assumption that

small modules are likely to be (proportionally) less failure prone. In other

words small modules have a lower defect density. In fact, empirical

studies summarised in [Hatton 1997] suggest the opposite effect: that

large modules have a lower fault density than small ones.

5. It is recommended that more complete models that enable to augment the

empirical observations with other explanatory factors, most notably,

testing effort and operational usage. If you do not test or use a module you

will not observe faults or failures associated with it for which operational

usage has to be considered.

6. Some of other factors that need to be considered include -

y Complexity of the project

y Language

y Process capability


12/46

y History of defects

y Defect severity

y Common causes

14. Who is responsible for keeping track of changes in the software? Who

has the authority to change? How do you ensure that change control is

properly carried out?

SCM Steps

1. Management of the SCM Process

2. Software Configuration Identification

3. Software Configuration Control4. Software Configuration Status Accounting

5. Software Configuration Auditing

6. Software Release Management and Delivery Software

Who is responsible?

y Configuration Controller is responsible for keeping track of changes.

y Changes to the code is normally controlled by the usage of configuration

tools like Visual Source Safe, Ellips, Changeman Concurrent Versioning

System (CVS)

Who authorizes changes?

y If the change is major, it should be approved by Systems Planning

steering committess/SCCB (Software Configuration Control Board).

y For a minor change, IT manager or Senior person in User department can

approve it. However, all the changes should be in written format.

How to ensure Change Control

y The nature of the proposed change should be explained in writing, and

formally approved by a responsible individual as mentioned above.


13/46

Documenting the proposed change clears up any initial

misunderstandings that may arise when only verbal requests are made. In

addition, written proposals provide a history of changes in a particular

system.

y Developers should make changes and not the operations

y Someone independent of the person who designed and made the change

should be responsible for testing the final revised program. The results

should be recorded on program change registers and sent to the IT

manager for approval. Operations should accept only properly approved

changes.

y Finally, the documentation system should be updated with all change

sheets or change registers and printouts.

y Perform Configuration Control Audit to ensure Change control.

y Usage of tool for change control for code and document

15. If a defect occurs in the software product, whom do you held

responsible for the defect & why?

y Individual should not be held responsible for defects. Defect information

should be used to improve the process. As imperfect or flawed processes

cause most defects, processes may need to be altered to prevent defects.y The main intention of defect record should be for four major purposes:

o To ensure the defect is corrected

o To report status of the application

o To gather statistics used to develop defect expectations in future

applications

o To improve the software development process

y At a minimum, the tool selected should support the recording and

communication of all significant information about a defect for better

analysis. For example, a defect log could include:

o Defect ID number

o Descriptive defect name and type

o Source of defect - test case or other source that found the defect

o Method SDLC phase of creation


14/46

o Phases SDLC phase of detection

o Component or program that had the defect

o Defect severity

o Defect priority

o Defect status (e.g. open, fixed, closed, user error, design, and so

on) - more robust tools provide a status history for the defect

o Date and time tracking for either the most recent status change, or

for each change in the status history

o Detailed description, including the steps necessary to reproduce

the defect

o Screen prints, logs, etc. that will aid the developer in resolution

process

o Stage of origination

o Persons assigned to research and correct the defect

y Finally, Identify the categories of defects, origin of defects

y Use statistical processes to determine the root causes of the problem

y Close the gap by improving the process or updating the processes,

standards, checklists etc if required.

16. Security and Privacy of customer information are very important for e-

commerce projects. Quality principles expect that management policies are

a pre-requisite for good work process. Draft a policy for e-commerce

security and privacy.

Or

Write a Security and Privacy policy for e-securities projects for your

organization.

Securityrelates to the means (process and technology) by which an entity

protects the privacy of any sort of data/information. Security measures keep

information secured, and decrease the means of tampering, destruction, or

inappropriate access.

Privacyrefers to the individuals right to keep certain information private,

unless that information will be used or disclosed with his or her permission. (more


15/46

like the rights of individuals or Consent/Authorization

Issues/Procedures/Processes )

Security is more related to the availability of the information and policy for that

should address the same with proper checks and balances taking care of that

while privacy is some thing which ensures right information to the right person.

SECURITY & PRIVACY POLICY

y XYZ Company protocols adhere to the latest standards; your information

is encrypted during your e-commerce sessions with XYZ Company.

y We do not store credit card or purchasing card information on our web

server, and do require a re-entry of the credit card number for each

purchase. This is an added level of security, and helpful in laboratories or

purchasing departments with multiple users of a central computer.

y Security audits are conducted by third parties in order to further ensure

security.

XYZ Company Online Privacy Policy

This Policy relates only to our online information collection and use practices.

In short, we do the following:

y We only collect personally identifiable information that you voluntarily and

knowingly provide us.

y We use the information that you provide us only for the purpose(s) for

which you specifically provided it or for specific additional purposes for

which we receive your prior consent.y We do not share any information you provide us with anyone outside of

XYZ Corporation, except for suppliers who assist us in maintaining and

managing the activities on our site. These suppliers are legally obligated

to maintain the confidentiality of any information we provide them,

including your information.


16/46

y We may use a technology called cookies to enhance your experience on

our site.

y We employ appropriate security measures to protect the loss, misuse and

alteration of any information you provide us.

y We provide you with choice and control over the collection and use of any

personally identifiable information that you provide us on-line, and a

means for updating, correcting or removing this information .

Cookies

Like many companies, we use a technology called cookies to enhance your

experience on our site. We use cookies to store visitors preferences, record

session information, such as items that consumers add to their shopping cart,

record past activity at a site in order to provide better service when visitors return

to our site , customize Web page content based on visitors' browser type or other

information that the visitor sends.

The cookies XYZ Company uses do not contain any personally identifiable

information and can not profile your system or collect information from your hard

drive. You are not identified by name or e-mail address, just by a unique string of

numbers that we assign the first time you come to our site.

Security

We employ appropriate security measures to protect the loss, misuse and

alteration of the information under our control. For our e-commerce activities, we

employ Secure Sockets Layer (SSL) software, which encrypts information you

input, as an additional security measure. However, as no on-line data

transmission can be guaranteed to be totally secure, we (like all web sites)

cannot warrant or guarantee 100% security of any information you transmit to us

at our web site.

Links To Other Sites


17/46

XYZ Company does not guarantee the content of other sites for which we

provide a link.

17. Is it possible to implement too much quality control in an Organisation?

Yes or No? Explain.

Implementation of too much Quality Control may have certain impediments to

start with-

1. First of all, it has to be driven top down by the management

2. Staff may not like too many QC points

3. Staff may resist/oppose this as they may feel it will hinder the faster

progress of work because of more check points

It is possible to do it wherein QA processes are set properly, and if the cost,

resources and time are not prohibitive, and if you get the involvement of the top

management, implementing too much quality control becomes easier as Philip

Crosby says, "Quality is Free".

But, the term TOO MUCH here may depend upon many factors which may be

prevailing in the organization. In cases where there are chaos all around, wherethere are too many complaints frequently from the customers, no. of QUALITY

CONTROL points may be increased. But as the CBOK says, one of the quality

management philosophy objectives is to continually improve process capability

by reducing variation and rework. With this strategy quality is built into the

products rather than tested at the end. As standards and Do procedures are

perfected, the need for extensive quality control is reduced.

Quality control procedures are considered appraisal costs. They add to the

overall cost, increase the effort required, and increase the cycle time for building

products and delivering services. Where standards and Do procedures are not

perfected, quality control is necessary in a process to catch defects before they

affect the outcome of downstream processes. Appraisal costs are part of the

Cost of Quality, which is covered in Knowledge Domain 1. The challenge is to


18/46

install the appropriate amount and types of controls to minimize cost, effort, and

cycle time; and to minimize the risk that defects will go undetected and "leak" into

other processes.

Quality must be built-in a product and not tested in.

Too much Quality Control is not required if

y Standards are developed properly

y Processes are well defined

y Quality controls are installed at the logical points in the process to

minimize the defects. Logical points are determined based on the

following

o Risk severity

o Cost, effort and cycle time impact

o Availability of appropriate resources/people

o Strength of control method (Automatic, Self-Checking, Peer review,

Third Party audit, Supervisory)

o Impact on overall culture

18. List various Cost of QualityCategories

(from Hagan 1986) COQ Categories

I. Prevention Costs

1. Requirements

o 1. Marketing research for customer/user quality needs

o 2. Customer/user quality surveys

o

3. Product quality risk analysiso 4. Prototyping for customer review

o 5. User requirements/specification reviews/inspections

2. Project

o 1. Project quality planning

o 2. Project process validation


19/46

o 3. Quality assessment of development platform and tools

o 4. Platform and tools development for quality

o 5. Developer quality training

o 6. Quality metrics data collection

o 7. Design for quality: software component reuse

o 8. Formal inspections / peer reviews

o 9. Project configuration management

o 10. Supplier capability assessment

3. Reuse library

o 1. Salaries

o 2. Expenses

o 3. Training

o 4. Platform and tools

4. Configuration management administration

o 1. Salaries

o 2. Expenses

o 3. Training

o 4. Platform and tools

5. SQA administration

o 1. SQA salaries

o 2. SQA expenses

o 3. Software process and standards definition and publication

o 4. Metrology: data maintenance, analysis, and reporting

o 5. SQA program planning

o 6. SQA performance reporting

o 7. SQA education/training

o 8. Process improvement

o 9. SQA process compliance audits

II. Appraisal Costs

1. Supplied product testing

2. Project appraisal costs

o 1. Verification and validation activities


20/46

o 2. Testing: planning, platforms, setup, test data generation, test

execution and logging, reporting, test data evaluation

o 3. Product quality audits

3. External appraisals

o 1. Process maturity evaluation

o 2. Field performance trials

o 3. Special product evaluations

III. Internal failure costs

1. Product design defect costs

o 1. Causal analysis and reporting

o 2. Design corrective actiono 3. Rework and retest due to design corrective action

o 4. Work products wasted due to design changes

2. Purchased product defect cost

o 1. Defect analysis cost

o 2. Cost of obtaining product fix

o 3. Cost of defect work-arounds

o 4. Rework

3. Implementation defect costs

y 1. Defect measurement and reporting

y 2. Defect fixing

y 3. Causal analysis and reporting

y 4. Project process corrective action

y 5. Fix inspection

y 6. Retest and integration

IV. External failure costs

1. Technical support for responding to defect complaints

2. Product returned due to defect

3. Maintenance and release due to defects

4. Defect notification costs


21/46

5. Upgrade due to defect

6. Service agreement claims (warranty expense reports)

7. Liability claims (insurance and legal reports)

8. Penalties (product contract reports)

9. Costs to maintain customer/user goodwill due to dissatisfaction (sales

reports)

10. Lost sales due to quality problems (field salesperson reports)

19. How will you improve the performance of your subcontractors

Move towards single supplier for any one item, on a long-term relationship of

loyalty and trust. To be competitive it is very important to have lower costs. We

have to minimize total cost; not only the price. Remember that defective units are

cost; delay in delivery is cost, excessive inventory is cost, etc. To minimize total

cost long-term relationship with suppliers is really important. If you as a customer

help your supplier to develop, to improve the quality, you will receive better

products so you will win and your supplier too.

Deming favors the practice of working with a single supplier, where feasible, to

reduce variability of incoming materials, and states that this practice should be

built on a long-term relationship of trust and understanding between supplier and

purchaser. In this way, suppliers can produce materials that do a better job of

fulfilling the needs of the organization. To maintain long-term contracts, suppliers

will be more likely to improve their own processes to provide better products or

services.

Effective Subcontract Management and Oversight is a team effort and is critical

for ensuring and/or improving subcontractor performance. To improve

Subcontractors' Performance

y Perform daily walkdown of subcontractor work activities

y Perform joint performance audits with Sub Contract Coordinator and

subcontractor

y Ensures compliance with subcontract requirements


22/46

y Foster implementation of benchmarked programs

(Benchmark Contractors' and Subcontractors' Performance

By comparing current performance against other contractors and the rest of the

industry in all relevant areas, we can determine areas where training is needed

and continuously improve business processes. We can also benchmark our

subcontractor's performance across different projects and against other

subcontractors and use the findings to create an effective model for predicting

and preventing claims.)

y Review subcontractor generated data

y Support Sub Contract Coordinator in conducting subcontractor

investigationsy Provides lessons learned information to subcontractor

y Interfaces with all Operational Managers to support Project initiatives

y Coach subcontractor in developing and implementing corrective actions

resulting from audits and self assessments

y Assure subcontractor submits benchmark Program results

y Identify and evaluate violations

y Prepare notices to subcontractor

y Sign / approve violation notices to subcontractorsy Transmit notices to subcontractors

y Approve subcontractor corrective actions and/or provide direction

y Monitor close-out of quality issues

y Chair progress review meetings

y Assess subcontractor performance (monthly subcontractor scorecard)

20. Do You think that KLOC is a right measure for the code which your MIS

has developed for Inventrory system.

Though LOC metric is easy to understand and widely used, there are certain

intricacies involved which can mislead with wrong interpretations especially

during the important calculations of defect density and Productivity. Now a days,

Function Point metrics are getting more popular because of their normalized


23/46

calculations, though it is initially difficult to understand. Both the metrics are

discussed in detail here:

Lines Of Code (LOC)

The LOC metric is anything but simple. The major problem comes from the

ambiguity of the operational definition, the actual counting. In the early days of

Assembler programming, in which one physical line was the same as one

instruction, LOC definition was clear. With the availability of high level languages

the one to one correspondence broke down. Differences between physical lines

and instruction statements (or logical lines of code) and differences among

languages contribute to the huge variations in counting LOCs. Even within the

same language, the methods and algorithms used by different counting tools can

cause significant differences in the final counts. Several variations that are

significant are

Count only executable lines

Count executable lines + data defns

Count executable lines + data defns + comments

Count executable lines + data defns + comments + job control language

Count lines as physical lines on an input screen

Count lines as terminated by logical delimiters

When straight LOC count data is used without normalizing, size & defect rate

comparisons across languages are often invalid. For productivity, the problems

with LOC are more severe. A Basic problem is that the amt of LOC in a program

is negatively correlated with design efficiency. Efficient design provides the

functionality with lower implementation effort and fewer LOCs. In addition to the

level of languages issue, LOC data do not reflect non-coding work such as the

creation of requirements, specifications & user manuals. Therefore, LOC do not

reflect the true productivity in this case.

Function Points

A Function can be defined as a collection of executable statements that perform


24/46

a certain task, together with declarations of the formal parameters and local

variables manipulated by those statements. Here, if defects per unit of functions

is low, then the software should have better quality even though the defects per

KLOC value could be higher when the functions were implemented by fewer

lines of code. However, measuring functions is theoretically promising but

realistically very difficult.

Here, first the Function Count (FC) has to be made using the following five

components with their respective weighting factors which in turn are decided by

certain guidelines and standards. The five components and their usual weighting

factors according to their complexities are given below (For e.g. for the External

O/P Component, if the number of data element types is 20 or more and the no. of

files types referened is 2 or more -> then complexity is HIGH. iIf the number of

data element types is 5 or fewer and the no. of files types referened is 2 or 3 ->

then complexity is LOW):

1. External I/P: Low complexity:3, Medium cmplxity:4, High cmplxity:6,

2. External O/P: Low complexity:4, Medium cmplxity:5, High cmplxity:7,

3. Logical I/P: Low complexity:7, Medium cmplxity:10, High cmplxity:15,

4. Logical O/P: Low complexity:5, Medium cmplxity:7, High cmplxity:10,

5. External Inquiry: Low complexity:3, Medium cmplxity:4, High cmplxity:6,

Then -> FC= {i=1to5[j=1to3(Wij*Xij)]}

Where Wij is the weighting factors of the five components by complexity level

(low, med, high)

Xij are the numbers of each component in the application.

The second step involves a scale from 0 to 5 to assess the impact of 14 general

system characteristics in terms of their likely effect on the application. The 14

characteristics are:

1. Data communications

2. Distributed functions


25/46

3. Performance

4. Heavily used configuration

5. Transaction rate

6. Online data entry

7. Enduser efficiency

8. Online update

9. Cmplx processing

10. Resuability

11. Installation use

12. Operational use

13. Multiple sites

14. Facilitation of change

The scores (ranging from 0 to 5) for these chrcs are then summed, based on the

following formula, to arrive at the Value Adjustment Factor (VAF)

Value Adjustment Factor (VAF) = {0.65+0.01*[i=1to14(Ci)]}

Where Ci is the score for general system characteristic i. Finally, the no. of FPs

are calculated by:

FP = FC*VAF----------------------------


26/46

2. As Requirement analysis plays a major role in the s/w development lifecycle, list out the four key attributes of requirements & explain. Give twoquality checklists for each of the attributes.

Complete.

The requirements document includes all of the necessary requirementsinformation.

For example, whether or not SRS includes (Checklist):

1. all the functions and nonfunctional requirements,2. constraints,3. external interface requirements, and4. data requirements that must be satisfied.

Consistent.

1. Internal conflicts do not exist between requirements in the document thatresult in the requirements contradicting each other.

2. The requirements also do not conflict with higher-level requirementsincluding business, user, or system-level requirements.

3. Terminology should also be used consistently within the document:y A word has the same meaning every time it is used.y Two different words are not used to mean the same thing.

Modifiable.

The requirements document is organized and written in a manner that willfacilitate making future change:

1. Nonredundant: Each requirement is stated in only one place.2. Changeable: Each requirement can be changed without excessive impact

on other requirements.

Unambiguous.

1. Each requirement statement should have only one interpretation, andeach requirement should be specified in a coherent, easy-to-understandmanner. For example, the author searches for words that end in ly (forexample, quickly, user-friendly, automatically) because adverbs by natureare almost always ambiguous.

Concise.

1. Each requirement should be stated in short, specific, action-oriented


27/46

language.

Finite.

1. The requirement should not be stated in an open-ended manner. For

example, words like all, every, and throughout should be avoided inrequirements statements.

Measurable.

1. Specific, measurable limits or values should be stated for eachrequirement as appropriate.

Feasible.

1. The requirement can be implemented using available technologies,

techniques, tools, resources, and personnel within the specified cost andschedule constraints.

Testable.

There exists a reasonably cost-effective way to determine that the softwaresatisfies the requirement.

Traceable.

1.Each requirement should be traceableback to its source (for example, user-level requirements, system-level

requirements, standard, and enhancement request).

2.It should also be specified in a mannerthat allows traceability forward into the design, implementation, and tests.

-------------------

-------------------1. Give three examples from IT organization where Pareto analysis of 80:20

holds good.

1.Defect Analysis

2.Failures found in production

3.Cycle/Delivery Time reduction

4. Employee Satisfaction/Dissatisfaction


28/46

5. Customer Satisfaction/Dissatisfaction

6.Help Desk problems

The process for using Pareto charts is described in the following steps:

1.Define the problem clearly using any of the tools from Quality

Toolbox (e.g., Use brainstorming, affinity diagrams, or cause-and-effect diagrams)1.Collect a sufficient sample size of data over the specified time, or

use historical data, if available

2.Sort the data in descending order by occurrence or frequency of

causes characteristics

3.Construct the Pareto Chart and draw bars to correspond to the

sorted data in descending order, where the x axis is the problem category and the y axis is

frequency

4.Determine the vital few causes on which to focus improvement

efforts

5.Compare and select major causes, repeating the process until the

problems root causes are reached sufficiently to resolve the problem

2. State some differences between SEI CMM and ISO 9000

ISO 9000:2000 Fundas n Vocabulary

ISO 9001:2000 Requirements

ISO 9004:2000 Gdliens for pefformance improvements

ISO 9000-3:2000

Gdliens for the application forISO 9000:2000

to ComputerSW

ISO 9001:2000 CMMI

Terminology translation

Top Mgt Higher leve/Sr mgt


29/46

QMS;Qlty Manual OSSP

Qlty PlanPrj Plan;SW Development Plan;Sys EnggPlan; Data Mgt Plan

Customer; interested party Customer;Stakeholder

Documented procedure Plan for performing the process; procedure

Recordwork product; record;evidence ofimplementation

Qlty mgt (very broad sense) Qlty Mgt (& Qntive mgt)

Similarities

ISO 8 Principles:-

Customer focus

-GP2.7, Identify & involve Relavantstakeholder-PPSP 2.6, Plan Stakeholder involvement-RD,TS-CMMI is not as strong as ISO

Leadership

-GP2.1, Establish an Organizational Policy-GP2.4, Assign Responsibility-GP2.10,Review Status with Higher Mgt-OPF

Invovlement ofPeople

-GP2.3, Provide Resources

-GP2.5,Train Ppl-GP2.7,Identify n involve RelavantStakeholder

Process Approach

-GP2.2, Plan the Process-GP3.1, Establish a efined Process-OPD,IPM

System Approach -GP3.1,Establish a defined Process

Continual Improvement-Focus of entire CMMI through cap n maturitylevels

Factual Approach to Decision Making-GP2.8, M&C the process-PMC,MA,IPM,DAR

Mutually Beneficial Supplier Relationships

-SAM-CMMI is less specific abt "collaboration"-CMMI is more concerned with "control"


30/46

Differences

Language

ISO uses 'SHALL' statements (prescriptive) CMMI doesnt

Compactness of stts in ISO e.g.,

More elaborated (e.g., "determine and provideresources" is implemented in CMMI withGP2.2 & GP2.3 in all Pas)

Details

ISO is very sparseCMMI provides practices,subpractices,typicalwork products & amplifications

Guidance

ISO hasn't provided detailed imppln guidance CMMI has Capability levels n maturity levels

Process Improvement

ISO 9004:2000 provides very igh levelguidance for prc improvement

CMMI is devoted to prc improvement-DistinguishedOrg. n Prj level prcimprovement activiteis

Institutionalization

ISO requires orgns to estblish QMS butdoesn't explicitly required instituionalization-bldg strong prc infrastructure is left to theOrgn.

CMMI very strongly emphasizesinstitutionalization through GGs n GPs. This isa major strength of the CMMI and is critical tooveall prc imprvovment success

Standard Model

Broad direction Detailed

One set of requirements to be satisfied Progressive steps (levels)

No guidelines ofr implementation Institutionalization & implementation guidance

Requires interpretation for organizations withmany programs

Accomodates organizations with manyprograms

Applicable for all kinds of organizations

ISO 9000-3 gives the Gdliens for theapplication forISO 9000:2000 to ComputerSW

Applicable only to software developmentorganizations

Static in nature Evaluationary in nature and espousescontinuous improvement of the software


31/46

development processes

Contains 8 clauses Contains 18 KPAs

Certification Audit is like an exam Final assessment is collaborative

Result of certification is pass fail criteria

Result of assessment is a quantitative score ofthe maturity of the software developmentprocess

Continuous Staged

1. Your organization is in testing a new version of sw. A large number of defectshave been unearthed in testing which may result in a delayed release. The mgtwants you to present the measures you have taken as QA mgr in the developmentof the software towards a quality product. You have to present to the mgt on theinitiatives of your team in building quality into the sw

How would you justify ur actions to the mgt.

ANS: Give them a detailed outline of the plan regarding the following questionsMake a list of defects in the software unearthed during the testingConducting a brainstorming session to find out the root causes for the defectsConstructing a control chart to find solutions to the problemsMake a plan of the steps involved in solving the problems as to who is responsible forwhat Keep them posted on the improvements made in the productsGive them the test reports. Test reports include the number of defects that still exist.Prepare a detailed chart on the level of improvements made.

2. A potential customer of your organization requires a sw that can be provided onlywith new tools and technology and currently available in ur orgn. Your mgt hasdecided to accept the contact. How should the project be planned for successfulcompletion?

ANS: Reallocate the resource for the project Get a detailed requirement from thecustomer so that they could be measured and tested to see if the objectives are met or not.Design the product with the help of all the developers, code, test and implement in theproduction environment and monitor their progress to see if they are met.

3. Your orgn requires a metrics program to be implemented However the mgt focusis only one net profit. How would you impress on the need to measure costoverruns and schedule overruns?

ANS: Without measures business cannot be conducted for a long timeIf there are no measures for cost/schedule overrun we would not be able to takeappropriate measures before and hence the customer may be dissatisfied.

4. As a consultant to an organization involved in handling large S/w projects howwould you impress on the mgt on the need for structured testing?

ANS: Structured testing advantages are It tests the logic of the software. Hence hiddendefects could be found at earlier stages Parts of the software may be tested


32/46

5. Suggest measures of effectiveness in the Checkpoint reviews in Requirement,External design, Internal Design and Program Specs phases.

ANS: Requirements Check for completenessExternal Design Supports the requirements

6. Develop Standards on MeetingsANS: Everyone in the meeting should be given equal rights in participating in themeeting.They should be willing to share their ideasOnly one can speak at a timeDecisions will be arrived at a consensus in a meeting

7. Your company has quite a number of tools procured from vendors. But theirimplementation is poor among business users. How will you ensure that the toolsprocured are used as well?

ANS: Training, vendors support, support activites in case of problems, afterimplementation monitor them

8. Your operational dept encounters production defect at the rate of 3 defects per1000 lines of code. During a vendor meet you come across another companyXYZ that is of the same size of yours and in the same industry. This companysproduction defect is 2 defects per 1000 lines of code. Can you conclude that theXYZ operation dept is better that yours. Can you use this for benchmarking.Explain. (7 marks)

ANS: Yes it could be used for benchmarking as it is of the same size and the sameindustry as yours. Benchmark with them. Find out what process they use for coding.Follow the same techniques as them and try and reduce your defects. Make companyvisits.

9. Name three attributes of a product that you would ask the customer during asurvey. For each of the attribute ask a relevant question that you would ask thecustomer and suggest a metric to evaluate the goal that has been set.

ANS: Reliability of the product, Integrity of the product, Usability of the product

10.You as a QC person, what type of test end report will you prepare for the PL ofthe concerned project? What will you report and why?

ANS: What are the issues that are still openA summary of the defects that were uncovered during testing (number of critical errors,minor, major)Screen shots of the defects if any availableWho detected the errorWho corrected the errorNumber of days involved in detecting the error

11.A payroll system has been developed and is to be rolled out to production. Whatsteps will you take to ensure that defects are caught as early as possible.


33/46

ANS: Monitor the progress using logs, cpu time, memory usage during peak hours, askthe customer if this is the quality he expected

12.your manager wants to go for mbnqa. He is aware of the categories. As an IT headhe wants you to determine the categories that can be calculated by you to

determine whether the company can get the award. (for which categories you cancalculate the points as an IT head.)ANS: 1) Get the latest criteria for qualifying for the mbnqa award

2) Compare the criteria with your organization.3) Inform the management about the whether they qualify or not

4) If they qualify then with the managements approval apply for the award

13.You have 4 defects per FP now. You want to reduce it to 2 defects per FP. Whatwill you do?

ANS: 1)Benchmark with other organizations to see what are the best practices followed2)Brainstorm with the team to find out the reasons for defects

3)Implement the practice and measure the progress4) By going around the PDCA cycle and continuously improving the process youcan improve Plan security or risk environment in your organizati

14.The vendor payment has not been managed properly. Due to this when thepayment is postponed for a vendor it is written both in vendor to be paid andcheck book details. Errors due to this are 1000 per year and this resresents 1 %each wrong payment results in a loss of $1000 loss. What is the loss. SHow urworking

ANS: 1000 * 1000

15.You have to make a presentation on the features of an ISO and TQM to programto your mgt What would be part of your presentation

ANS: Define what ISOWhat are the objectives ofISOWhat are the different types of models available in ISOWhich model is best suited for the organizationDefine TQM and objectivesHow do they benefit the organizationWhat are the steps that need to taken to implement them

16.As ManagerQ of an ISO 9001 company you have planned for a global qualityaward as the next milestone. How would you impress on ur mgt the plans andgain approval of your plan

ANS: Find opportunities to reward the people as and when possible. Ask them whatreward means to them as reward is perceived differently by different people. People dontwork for money.So convince the management byQuoting some of the Quality Gurus sayings like Joseph JuranGive them proven success/ positive outcomes of rewarding people by other organization


34/46

17.Mr. Laloo P. Yadav is the new IS Manager of an investment company. His team

needs to develop an online trading system within 2 months with no increase inteam size. An online (buy/sell) transaction has to be completed within 2 secondsand the online search should not take more than 5 seconds. How should Mr.

Yadav approach this to get the software developed with the best quality andwithin schedule?ANS: First form a team of subject matter experts and developers to conduct acheckpoint reviewsBrainstorm with them as to phases in which checkpoint reviews needed to be conducted(Requirements phase, Design phase, Coding phase). Prepare a plan as to who will beresponsible for conducting the reviews, on what date they will be conducted, what are thecriterias to be met (eg An online (buy/sell) transaction has to be completed within 2seconds and the online search should not take more than 5 seconds) before proceeding tothe next phase so that defects could be found at the earliest possible and hence reducesthe cost and time of reworking at the end of the project, what are the statistical tools that

would be used to measure the processing performance. There should be a consensus onthe decisions made in the above mentioned points for delivering a quality software on thecustomer specified date.Plan should be documented sent to the all the concerned people(IT manager, developer,reviewers) so that they are aware of their roles and responsibilities to produce thesoftware on time. Ensure everyone complies with the plan.Adequate training should be given to the person who is conducting the review regardingthe intents of the review.Conduct the checkpoint reviewsCompare the actual result with the expected result with the help of the statistical toolsthat were mentioned in the plan.If the actual result does not meet the criteria mentioned in the plan brainstorm the rootcauses for the problems. Make appropriate changes and retest the software.

18. Differentiate between Product Quality and Process Quality and the role ofQuality analyst in each of them.

ANS: Process Quality helps in achieving the product qualityProcess Quality are InternalQuality focus(operation). Product quality focuses on externalQuality(market)Process Quality focus on process. Product quality are concerned with resultsProcess Quality people are cost. Product quality people are investment

19.An organization has implemented standards. However the implementation isweak. So you have been called to have a re-look at the standards. What would berole of different actors involved (e.g. QA, QC, Standardization Group etc..)

ANS: Role ofQAForm standards by benchmarking with other industriesReview the implementation of the standards.Get feedback from the QCMake appropriate changes to the standards


35/46

Role OfQC Implement the standardsStandardization Group

20.State how would you focus the attention of your management on the defectsidentified by the QC group, but not rectified by the dEv. Team.

ANS: If the defects are not rectified by the development team then inform themanagement telling them the consequences(like product may not be delivered on time ordefective product will be delivered to the customer which spoils the credibility of theorganization, losses incurred by the organization)

21.The procedure of tool selection was given (define needs, train the user, getfeedback etc). The tools in your organization were selected using that procedurebut still the tools were ending up as shelfware, as in, the people are not using thetools after deployment. How will you, as a QA manager, select tools whichbecome popular in the org.

ANS:

1) Brainstorm with the employees as to what are tools that they require to do their jobeffectively. You can even visit other organizations to see what tools they use and howeffective it is and make a recommendation. Employees consent should be got beforeusing the tool2) Get managements approval3) Train the users with those tool. Have a dedicated and skilled person for training andsolving problems related to the tool4) Deploy those tools5) Measure the effectiveness of the tools to see if they have added any value to the workproducts or process.

22. You are Software test Manager. Your testers ask you what attributes of a defectthey need to note down as they are doing the testing. Suggest three attributes of adefect that are important.

ANS: Type, Severity, Effort required to detect and correct the error

23.Roles and responsibilities during a software inspectionANS:Expanded QA Role

Prepares inspection checklists, schedules meetings Moderates inspection meetings Logs and tracks action items to resolution Writes test plans, procedures, scenarios Conducts, participates in functional/regression testing Conducts system validation, user acceptance testing

24. Long time back 10 years before IT department wrote few standards. Users didnot follow them. You are now QA manager of the organization. You have beenasked to solve this problem by forming a standard committee. Write the membersofStandards Committee. And Write the responsibility of each Standard


36/46

Committee (Who are the members , Responsibilities) QA Group(Responsibilities) Users (Responsibilities) ITOrganization (Responsibilities)

ANS: QA Group develops an annotated bibliography on software standards and

standards-related topics, especially those related to the Body of Knowledge;

QA groups authors/reviews articles on software standards topics anddisseminating these through the newsletter and via the web; Providing opportunities for tutorials and training the users about standards and t

their development; QA groups participating on the USTAG (Tech'l Advisory Group) forISO/IEC

JTC1/SC7 which is concerned with developing/reviewing international standardson software engineering, lifecycle, process, and quality topics;

QA groups works cooperatively with the IEEE Software Engineering StandardsCommittee on software quality-related standards;

QA groups Respond to questions from the users on software standards. The IT organization supports the standards committee by providing adequate

resources and funding They provide commitment to follow the standards and communicate to the alllevels of the organization their roles and responsibilities in adhering to the standards

25.Brainstorm with the team as why the project went beyond schedule. Find out thecauses for delay. Discuss the alternatives that could be taken to solve theproblems.

ANS: Apologize to the customer for the delayed delivery and the project going over thebudget. Suggest the customer the actions that are going to be taken. Get his approval.Give him the details as to who will resolve the problem and when would it be resolvedImplement the action that was agreed upon.

26.Design a mentoring program to transfer knowledge from seniors to juniors.ANS: Train them by explaining to them the concepts (eg standards)Give them a project/ assignments as a part of the trainingMeet with the team every once in 3-4 weeks. Review their assignments and providefeedback in1. Program Design and Planning.2. Program Management.3. Program Operations.4. Program Evaluation.

27.What should be done before benchmarking?ANS: Before Benchmarking you need to prepare what are the objectives of your visit,which are the organization you want to benchmark against, what are the actions that willbe taken on completion of the benchmark, how will it benefit the customers,managements approval.

28.Do You think that KLOC is a right measure for the code which your MIShas developed forInventrory system.


37/46

ANS: studies conducted in mis (management information systems) environments showthat, for both development and maintenance, function points based measures satisfy thecriterion.Excellent means of quantifying software product quality as well as to assess theeffectiveness of the testing process. Many industry averages exist, most of which are in

the area of 10-20 defects per one thousand lines of code (KLOC) during system testing,while prior to and including system testing values are up to 200 defects per KLOC[Humphrey 1996]. Rubin reports defect rates from a world-wide survey per industrysector with Aerospace at 4.6 defects / KLOC, Financial at 3.1 defects / KLOC andSystem Software 2.0 / KLOC [Rubin 1995]. Rubin also reports 0.9 defects per functionpoint as a world-wide industry average, while Capers Jones reports 1.75 coding defectsper function point [Capers 1995] [Rubin 1995]. Defect densities should drop ten-foldbetween testing and maintenance phases [Grady 1992]. If such trends are not realizedbetween prerelease and postrelease of software, then this is an indication that the testingprocess is not effective. This metric should also be used in parallel with the percentage ofeffort spent on testing. Limited testing time allocated will result in few defects detected

prerelease and many detected postrelease.

29.YourOrganization recently implemented a total quality management program.This has caused you to change your role from a quality assurance manager to aquality leader. Your responsibility as a leader is to get line management to domany of the tasks that you previously did as a quality assurance manager. Whatstrategy will you use to get buy in from first-line supervisors to incorporatequality leadership as part of their day-to-day job function?

ANS: Tell them that you would be able to do both the jobs. Benefits that you wouldoffer to the company by doing both the jobs

30.The Malcom Baldrige NQA defines one of the roles of a leader as establishing avision. You know that a vision must be expressed in terms external to theorganization, and define the organization ideally would like to accomplish. Forexample, one of Ford's visions was to have customers that brag about theirproducts. You have asked yourIT director to develop a vision for the function. Hetell you that the IT function already has a mission, and his vision is to accomplishthat mission. How do you explain to yourIT director the difference between avision and a mission?

ANS: Tell the manager what is vision and what is mission.Mission tells you the purpose of the organization. Vision is a term that tells what theorganization wants to achieve.Tell him the purpose of redefining the vision and mission

31.YourIT function had a QA started in 1987 which was terminated in a cost cut-back in 1989. At that time, the employees of the quality assurance functionpersonally performed most of the quality efforts, such as conduction reviews andwriting standards. You were recently appointed quality assurance manager. Youknow that the tasks previously performed by the quality assurance group should,in fact, be incorporated into the day-to-day work programs of the IT function.


38/46

What approach would you like to incorporate quality practices into the softwaredevelopment processes?

ANS: Create an inventory of the quality practices that have been created with their title,statusStore them in a library that is accessible by all the employees of the organization

Assess the process. Before developing a quality practice check the inventory of theprocess that is already existing to suit the process. A process map could be created forthis purpose

32.A product that your organization is about to produce is already available in themarket. You are asked to come up with a process to evaluate the design of thisproduct.

ANS: Form a team to collect information how the customers perceive the quality of theproduct in the market (customer survey),doing a interview with the company employees about the product functionalities throughbenchmarking

Assess if the product if produced by the company will be welcomed by the market or not

33.The QA department publishes a status on error reporting, fixed in the 30 daystime. You however feel this has a negative impact on the QA department. Show 2techniques you would use to reduce the negative impact.

ANS:Techniques Why you selected it?a ) Brainstrom and use cause and effect diagram to find the root cause of the problem_________________ __________________________________________

_________________ _________________________________________b) Use of statistical tools like control charts to reduce the variation in the process _________________ __________________________________________

_________________ __________________________________________

34. Mr. Masor is an IT director, He is a quality conscious person , understands Customersatisfaction is the goal etc. So decides to set up the Department to test software and alibrarian for documentation in the project etc.* Rate Mr. Masor as leader on a scale of 1 to 5* Rate his approach on the Quality principles* Explain why?ANS: Rating level - 3He has decided to document the processes. Estimation for the current projects will bebased on the success of previous projects. Projects could be easily planned and trackedwhich results in stabilityA separate department has been set up to test the software the developers could spendmore time on development.

35. In order to bring about improvement in the testing process and help your teammembers come up with guidelines on ( 2 steps each)

a) How to stop testing?


39/46

b) How to test with constraint on resources Test with valid data, the mostimportant functionality36. A Helpdesk has been instituted to collect the problems from the customer. How willIT department solve the problems to keep the customers?ANS: Find out the frequently occurring problems.

Brainstorm with the development team as to what could be the root causes for theproblemsImplement the solutions along with logs so that the problems could be tracked easilyDo an adequate in house testing, users may also be asked to test the productWhen the QC team faces time constraints ask them to assign priority to the test that areimportant to be performed and only those test cases will be performed. Usually these testcases will be testing important functionality of the product or the high risk requirementswith valid data.

37. Your organization has planned to purchase a third party tool for timesheet entry. Butthere is opposition from the project leaders that there are people with skills to develop the

product in-house. Your boss asked for your advice. AsQuality analyst how will youdecide on whether to purchase or develop in-houseANS: Find out why the organization has chosen to outsource the development. Generallyproducts are outsourced for the reason of problems in the organization is not adequatelyaddressed. If the problems could be overcome easily then advice the management todevelop the product in house. Tell him that outsourced products will not be supported bythe organization and hence make its implementation difficult.If the problems cannot be solved and there is a time constraint on the product to bedeveloped then advice the developers about the problems that are existing and get theirconsent before outsourcing the product

38. Zero defects- do you agree. Substantiate with reasons?Ans- Explain Philip Crossby 10-14 principles.

Step 1: Management Commitment

Action. Discuss the need for quality improvement with management, emphasisizing theneed for defect prevention. Do not confuse communication with motivation. Theresults of communication are real and long-lasting; the results of motivation are shallowand short-lived. Prepare a quality policy that states each individual isexpected to perform exactly like the requirement or cause the requirement to beofficially changed to what we and the customer really need. Agree that qualityimprovement is a practical way to profit improvement. Accomplishment. Helpingmanagement recognize it must be personally committed to participating inthe program raises the level of visibility for quality and ensures everyones cooperationso long asthere is progress.

Step 2: Quality Improvement Team

Action. Bring together representatives of each department to form the qualityimprovement


40/46

team. These should be people who can speak for their departments to commit operationsto actions. Preferably, the department heads should participate at least on the first goaround. Orient the team members as to the content and purpose of the program. Explaintheir roleswhich are to cause the necessary actions to take place in their departmentsand the company. Accomplishment. All the tools necessary to do the

job are now together in one team. It works well to appoint one of the members as thechair of the team for this phase

Step 3: Quality Measurement

Action. It is necessary to determine the status of quality throughout the company. Qualitymeasurements for each area of activity must be established where they dont exist andreviewed where they do. Record quality status to show where improvement is possibleand where corrective action is necessary and to document actual improvement later.Nonmanufacturing measurements, which are sometimes difficult to establish

Step 4: Cost of Quality EvaluationAction. Initial estimates are likely to be shaky (although low), and so it is necessary atthis point to get more accurate figures. The comptrollers office must do this. Theyshould be provided with detailed information on what constitutes COQ. COQ is not anabsolute performance measurement; it is an indication of where corrective action will beprofitable for a company. The higher the cost, the more corrective action that needs to betaken. Accomplishment. Having the comptroller establish COQ removes any suspectedbias from the calculation. More important, a measurement of quality managementperformance has been established in the companys system.

Step 5: Quality Awareness

Action. It is time now to share with employees the measurements of what nonquality iscosting. This is done by training supervisors to orient employees and by providing visibleevidence of the concern for quality improvement through communication material suchas booklets, films and posters. Dont confuse this with some getmotivated- quick scheme.It is a sharing process and does not involve manipulating people. This is an importantstep. It may be the most important step of all. Service and administrative peopleshould be included just like everybody else. Accomplishment. The real benefit ofcommunication is that it gets supervisors and employees in the habit of talking positivelyabout quality. It aids the process of changing, or perhaps clarifying, existing attitudestoward quality. And it sets the basis for the corrective action and error cause removalsteps.

Step 6: Corrective Action

Action. As people are encouraged to talk about their problems, opportunities forcorrection come to light, involving not just the defects found by inspection, audit or self-evaluation, but also less obvious problemsas seen by the working people themselves


41/46

that require attention. These problems must be brought to the supervision meetings ateach level. Those that cannot be resolved are formally passed up to the next level ofsupervision for review at their regular meeting. If a specific functional area does nothold such meetings, the team should take action to establish them in that department.Accomplishment. Individuals soon see the problems brought to light are being faced and

resolved on a regular basis. The habit of identifying problems and correcting them is thebeginning.

Step 7: Establish an Ad Hoc Committee for the Zero Defects Program

Action. Select three or four members of the team to investigate the zero defects conceptand ways to implement the program. The quality manager must be clear, right from thestart, that zero defects is not a motivation program. Its purpose is to communicate to allemployees the literal meaning of the words zero defects and the thought that everyoneshould do things right the first time. This must be transmitted to every member of theteam. In particular, the ad hoc group should seek ways to match the program to the

companys personality. Accomplishment. Improvement comes with eachstep of the overall program. By the t ime zero defects day is reached, as much as a yearmay have gone by and the initial improvement will be flattening out. At that point, thenew commitment to a specific goal takes over, and the improvement begins. Setting upthe ad hoc committee to study and prepare the implementation ensures the goals of theprogram will be firmly supported by the companys thought leaders.

Step 8: Supervisor Training

Action. Conduct a formal orientation with all levelsof management prior toimplementation of all the steps. All managers must understand each step well enough toexplain it to their people. The proof of understanding is the ability to explain it.Accomplishment. Eventually all supervisors will be tuned into the program and realize itsvalue for themselves. Then they will concentrate their actions on the program.

Step 9: Zero Defects Day

Action. Establishment of zero defects as the performance standard of the company shouldbe done in one day. That way, everyone understands it the same way. Supervisors shouldexplain the program to their people and do something different in the facility so everyonewill recognize it is a new attitude day. Accomplishment. Making a day of the zerodefects commitment provides an emphasis and a memory that will be long lasting.

Step 10: Goal Setting

Action. During meetings with employees, each supervisor requests they establish thegoals they would like to strive for. Usually, there should be 30-, 60- and 90-day goals. Allshould be specific and measurable. Accomplishment. This phase helps people learn tothink in terms of meeting goals and accomplishing specific tasks as a team.Step 11: Error Cause Removal

Action. Ask individuals to describe any problem that keeps them from performing errorfree work on a simple, one-page form. This is not a suggestion system. All they have to


42/46

list is the problem; the appropriate functional group (for example, industrial engineering)will develop the answer. It is important that any problems listed be acknowledgedwithin 24 hours. Typical inputs might be: This tool is not long enough to work right with all the parts. The sales department makes too many errors on their order entry forms.

We make a lot of changes in response to telephone calls, and many of them end uphaving to be done all over again. I dont have any place to put my pocketbook. Accomplishment. People now know theirproblems can be heard and answered. Once employees learn to trust this communication,the program can go on forever.

Step 12: Recognition

Action. Establish award programs to recognize those who meet their goals or performoutstanding acts. It is wise not to attach relative values to the identification of problems.Problems identified during the error cause removal stage should all betreated the sameway because they are not suggestions. The prizes or awards should not be financial.

Recognition is what is important. Accomplishment. Genuine recognition of performanceis something people really appreciate. They will continue to support the program whetheror not they, as individuals, participate in the awards.

Step 13: Quality Councils

Action. Bring the quality professionals and team chairpersons together regularly tocommunicate with each other and determine actions necessary to upgrade and improvethe solid quality program being installed. Accomplishment. These councils are the bestsource of information on the status of programs and ideas for action. They also bring theprofessionals together on a regular basis.

Step 14: Do It Over Again

Action. The typical program takes a year to 18 months. By that time, turnover andchanging situations will have wiped out most of the education effort. Therefore, it isnecessary to set up a new team of representatives and begin again. For instance, markzero defects day as an anniversary. Or give a special lunch for all employees. Thepoint is that the program is never over. Accomplishment. Repetition makes the programperpetual and, thus, part of the woodwork. If quality isnt ingrained in the organization,

it will never happen.

Subjective Questions-Quality principles

1.Is it possible to implement too much quality control in an organization? Yes / No?Explain.

Ans: It is possible to implement too much quality control Wherein QA processes are set properly If the cost, resources and time are not prohibitive If u get the involvement of top management, implementing too muchQuality control becomes easier as Philp Crossby says Quality is free. Quality must be built-in a product not tested in.

Or


43/46

Too much QA is not required if Standards are developed properly Processes are well defined

Quality controls are installed at logical points in the process to minimizethe defects based on following:o Risk severityo Cost, effort and cycle time impacto Availability of appropriate resources/ people

2. Customer says, the programme developed is not good. But developer says, theprogram is good and the requirements given by the customer was not good. How will youtackle this situation as a QA Manager?As a QA manager , JAD (joint Application Development ) sessions will have to bearranged with which the customer can be involved from the beginning.- Every phase will be done with the acceptance of both the parties

- This is done with frequent meetings , freezing of requirements , reviews andtesting in the appropriate phases, signing-off at each stage.Points: Conduct JAD sessions Requirement Specification Sign off Change control procedure Service level agreement to be set up Customer to be involved in all phases V testing concept

3.If two organizations with same standards, one having 10 defects per 1000 KLOC and

other one having 12 defects per 1000 KLOC can be compared? Yes / No? Explain.Ans 3- No. two organizations can be compared. Every organization has its own processand standards. Two organizations can be compared on the basis of b. Complexity of the projectc. Languaged. Process capabilitye. History of defectsf. Common causes

4. a. Explain Drive out fear.Ans- 4a. Drive out Fear- One related aspect of fear is the inability to serve the best

interest of the company through necessity to satisfy specified rules, or to satisfy aproduction quota, or to cut costs by some specified amount.Example: During Inspection, An inspector incorrectly records the results of an inspectionfor fear of exceeding the quota of allowable defects.

b. Eliminate numerical goals.Ans- 4b. Eliminate Numerical Goals- Numerical goals often have a negative effect

through frustration. These devices are management's lazy way out. They indicate


44/46

desperation and incompetence of management. It never helped anyone do a better job.There is a better way.

4. How Deming has elaborated the principle on that basis. Explain in brief?Ans. Explain Deming principles.

Deming has suggested 14 principles that can better overcome this By:1. Create Consistency ofPurpose in the Company2. Learn the New Philosophy3. Require Statistical Evidence ofInformation Technology Quality4. Reduce the Number of Vendors5. Use Statistical Methods to Find Sources ofTrouble6. Institute Modern Aids to Training on the Job7. Improve Supervision8. Drive Out Fear9. Break Down Barriers Between Departments10. Eliminate Numerical Goals, Slogans, Pictures, Posters Urging People to Increase

Productivity, Sign TheirWork as an Autograph, etc.11. Look Carefully at WorkStandards12. Institute a Massive Training Program for Employees in Simple but PowerfulStatistical Methods13. Institute a Vigorous Program for Retraining People in New Skills14. Create a Structure in Top Management that Will Push Every Day on the Above 13Points5. Zero defects- do you agree. Substantiate with reasons?Ans- Explain Philip Crossby 10-14 principles.

Ans 5a. Acc to Philip Crossby, Zero Defects is a revelation to all involved that they areembarking on a new way of corporate life. Working under this discipline requirespersonal commitments and understanding. Therefore, it is necessary that all members ofthe company participate in an experience that will make them aware of this change.He proposed 14 principles to achieve defect free and quality product by:1. Management Commitment2. The Quality Improvement Team3. Quality Measurement4. The Cost ofQuality5. Quality Awareness6. Corrective Action7. Zero Defects Planning8. SupervisorTraining9. ZD Day10. Goal Setting11. Error-Cause Removal12. Recognition13. Quality Councils14. Do it Over Again


45/46

Subjective Questions On Quality Leader Ship

1. ABC is a software company, focused on Software Services. Come outwith Vision, Mission, Goal and Values. (10 Marks)- refer content forKD-2

Ans 1: KD-2 content part

2. The user of the software is not only the customer. Apart from user give three othercustomers who use the software product. Explain How their perspectives are taken careduring SDLC (5 Marks)Ans 2: The other customers: IT Manager Project manager/ test manager QA Information resource manager/ internal control officer/ system security officer

SSS/ICS Tester

3. How do you measure Management Commitment towards Quality in yourorganization? ( 5 Marks)Explain the responsibilities of any 3: Project manager, IT manager , QA

4. One of the customers called the help desk and told that there is a problem in thesoftware and the system is not working. The help desk referred the problem to you. Howwill you go about handling it? Be specific about the time frame? (10 Marks)Ans-3, 4 , 5 KD2 Content part

5. YourIT function had a QA started in 1995 which was terminated in a cost cut-back in1997. At that time, the employees of the quality assurance function personally performedmost of the quality efforts, such as conduction reviews and writing standards. You wererecently appointed Quality Assurance Manager. You know that the tasks previouslyperformed by the quality assurance group should, in fact, be incorporated into the day-to-day work programs of the IT function. What approach would you like to incorporatequality practices into the software development processes? (10 Marks)

6. As a Quality Analyst you have been asked to prepare a Sample QA report. What wouldbe minimum content of such a report and what would be your approach in arriving such areport (10 Marks)


46/46

Documents

Subjective CSQA