Upload
adam-tucker
View
234
Download
1
Embed Size (px)
Citation preview
8/3/2019 Subjective CSQA
1/46
Subjective Questions
Give three examples from IT organization where Pareto analysis of 80:20
holds good.
1. Defect Analysis
2. Failures found in production
3. Cycle/Delivery Time reduction
4. Employee Satisfaction/Dissatisfaction
5. Customer Satisfaction/Dissatisfaction
6. Help Desk problems
The process for using Pareto charts is described in the following steps:
1. Define the problem clearly using any of the tools from Quality Toolbox
(e.g., Use brainstorming, affinity diagrams, or cause-and-effect diagrams)
2. Collect a sufficient sample size of data over the specified time, or use
historical data, if available
3. Sort the data in descending order by occurrence or frequency of causescharacteristics
4. Construct the Pareto Chart and draw bars to correspond to the sorted data
in descending order, where the x axis is the problem category and the y
axis is frequency
5. Determine the vital few causes on which to focus improvement efforts
6. Compare and select major causes, repeating the process until the
problems root causes are reached sufficiently to resolve the problem
2. List down some Standard Helpdesk problem.
1. Terminal kbd locked
2. Terminal 123x is hung
3. Terminal shows no cursor on the screen
4. Unable to start session
8/3/2019 Subjective CSQA
2/46
5. Unable to print from E-mail
6. Terminal 324x cant access menu
7. Model X printer not printing
8. System logs user off
9. Unable to print reports
10. Terminal 789x unable to logon
11. Transactions abending
12. System drops session
13. Unable to get out of application
14. System accepts invalid data
15. Unable to connect with host
16. Users cannot catalog
17. Cannot log on to e-mail
18. Users hung in application
19. User unable to access printer
20. System sends error xxx
21. Not able to logon to the system
22. Printer not working
23. Email server Down
24. Hung system (Machine not responding)
25. Keyboard/Mouse not working
3. You have been asked by a systems development project leader for your
help in developing a test plan. The project leader wants to know what
should be included in a test plan. He has asked you to develop a brief table
of contents for a test plan. What would you include in that table of contents
and why?
Test Plan Template, according IEEE 829 standards
1. Test Plan Identifier
2. References
3. Introduction
4. Test Items
8/3/2019 Subjective CSQA
3/46
5. Software Risk Issues
6. Features to be Tested
7. Features not to be Tested
8. Approach
9. Item Pass/Fail Criteria
10. Suspension Criteria and Resumption Requirements
11. Test Deliverables
12. Remaining Test Tasks
13. Environmental Needs
14. Staffing and Training Needs
15. Responsibilities
16. Schedule
17. Planning Risks and Contingencies
18. Approvals
19. Glossary
4. What are the steps that you would follow while doing Regression
testing?
Or
The code has been given for regression testing. Write the process to be
followed.
In simple,
1. Identify the areas that are not changed
2. Select the type of regression testing that needs to be done i.e unit
regression, regional or full regression
3. Determine if regression testing would be done with downstream
applications
4. Check the availability of budget, resource, time
5. Select the testcases
6. Use a tool to expedite regression testing (if available)
7. Execute the testcases
8. In case any defects are observed, close it asap.
8/3/2019 Subjective CSQA
4/46
Risk-based Test Case Selection for regression testing
Risk-based Test Selection approach has four main steps.
Step 1: Estimate the cost for each test case:
Cost is categorized on a one to five scale, where one is low and five is high. Two
kinds of costs will be taken into consideration:
1) The consequences of a fault as seen by the customer, for example, losing
market share because of faults,
2) The consequences of a fault as seen by the vendor, for example, high
software maintenance costs because of faults.
Step 2: Derive severity probability for each test case:
For each test case, we compute severity probability depending on the number of
defects and the severity of defects. Severity probability falls into a zero to five
scale, where zero is low and five is high.
Step 3: Calculate Risk Exposure for each test case:
Risk Exposure is the multiplication of Cost and severity probability. To enhance
or focus the results, we can also add weights to test cases that we need to give
preference to.
Step 4: Select test cases that have the highest values of Risk Exposure as
Safety Tests (Safety Tests check that serious failures do not occur).
Risk-based Test Scenario Selection
Since end-to-end scenarios involve many components of the system working
together, they are highly effective at finding regression faults. Our selection
strategy obeys two rules:
R1: Select scenarios to cover the most critical test cases.
R2: Ensure scenarios cover as many test cases as possible.
Based on a traceability matrix showing the relation between end-to-end test
scenarios and test cases, our risk-based test scenario selection approach also
has four main steps.
Step 1: Calculate Risk Exposure REs for each scenario:
8/3/2019 Subjective CSQA
5/46
Using the traceability matrix, we can simply calculate the Risk Exposure for each
scenario by summing up the Risk Exposure for all test cases that this scenario
covers.
Step 2: Select the scenario with highest REs
Step 3: Update the traceability matrix (remove selected scenarios and covered
test cases, and re-calculate REs):
When running the chosen scenario, all test cases covered by the scenario will be
executed. According to our selection rules, these test cases should not affect our
selection any more. We should focus on those test cases that have not yet been
executed. In our approach, we cross out the column for the chosen scenario, and
rows for all the test cases covered by the scenario. All of this is easily automated.
Step 4: Repeat Steps 2 and 3 as desired.
5. What are the phases involved in SDLC? What, when, where and why do
QA and Testers play a role in these phases.
First point refers to Tester role & second - QA
Initiation
. Provide input for estimating testing efforts
QA-Kickoff meeting participation; Giving Process training to the team;
Definition
Review of functional requirement document
Design test strategy
QA-Req Review; Project Plan Review; Giving Tailoring Guidance
System Design
Review of system design doc, interface agreement doc etc
QA-Design Review
Programming & Training
Test plan/specification preparation
Preparation of Test Data
Preparation of Test environment
QA-Test Plan Review; Oversee Code reviews; Ensure proper collection of review
data & other metrics
8/3/2019 Subjective CSQA
6/46
Evaluation & Acceptance
Perform various validation activities like integration testing, system testing
Test manager: oversees acceptance testing
Tracking defects
QA-Oversee integration & system testing according to the standard processes
Installation & Operation
o Ensure properly tested code is shifted to production
QA-Ensuring Formal project closure & project data is submitted to Organizations
Process Database
Role of QA other than those in SDLC(in general):
y Developing policies, procedures and standards
y Acquiring and implementing tools and methodologies
y Marketing creating awareness of quality programs and concepts
y Measuring quality
y Defining, recording, summarizing and presenting analyses
y Performing process analysis (statistical process control)
11. What are the responsibilities of the following participants in Effective
Quality Management?
IT Management
Quality Control Dept
QA Dept
It is important to understand Qlty Mgt before listing down & differentiating the
responsibilities of different roles.
Quality management:
a philosophy and a set of guiding principles that represent the foundation of a
continuously improving organization.
the application of quantitative methods and human resources to improve the
products and services supplied to an organization, all processes within an
organization, and the degree to which the current and future needs of the
8/3/2019 Subjective CSQA
7/46
customer are met.
integrates fundamental management techniques, existing improvement efforts,
and technical tools under a disciplined approach focused on continuous
improvement. It is a culture change.
IT Mgmt
IT management involved in a corporate quality management program should
undertake the following four actions in an effort to rethink and assign their quality
responsibilities:
1. Determine what new, changed, and continued quality responsibilities will be
assigned to the IT group as a result of the corporate quality program.
2. Evaluate the capability of the IT group to deploy quality initiatives within and
outside the group. Define the skills, commitment, and quality approaches
currently available to line management.
3. Determine the value added by utilizing IT QA analysts to support corporate
quality management initiatives.
4. Develop a plan to assimilate and leverage the current function into the quality
support activity needed to support both the corporate quality management
program and IT quality responsibilities.
More clearly :-
Understand the concept of quality management, which includes understanding
the degree to which the current and future needs of the customer (internal as well
as external) are met
Executive management's commitment to quality should be expressed in writing
to all employees in the form of a quality policy.
Adopt behaviors required to show commitment
Accept the need to change to participative leadership
Lead in the development of a quality management implementation plan
Lead the formation of the implementation organization
Lead the planning for process improvement teams
Provide funds for training
8/3/2019 Subjective CSQA
8/46
Provide time for training and meetings
Identify quality standards and measures
Publicize and reward results
Monitor and measure progress
Provide personnel and other resources
QC
To identify the most logical points in the process to add controls.
To determine whether the product conforms to a standard or procedure i.e.,
compliance checks
Create the Software V&V Plan
Conduct Management Review of V&V
Support Management and Technical Reviews
Interface with Organizational and Supporting Processes
Creation of V&V Report
Software Change Control/Configuration Control (if CCB is a overseen by QC
dept)
Defect Management - Usage of checklist, standards for defect identification and
removal.
Defect measurement & deposit
QA
Set up Quality Improvement Team, Measurement team and awareness Team -
Crosby
Help define and implement the scope, validity, use, and management of the
data and information that underlie the corporations corporate quality
management system
Developing the companys base of data and information used for planning and
day-to-day management.
Evaluation of how quality and data and information reliability, timeliness, and
access are assured.
Developing the companys approach to selecting quality-related competitive
8/3/2019 Subjective CSQA
9/46
comparisons and world-class benchmarks to support quality planning, evaluation,
and improvement.
Determining how data and information are analyzed to support the companys
overall quality objectives.
Improve standards by involving employees Deming and TQM
Institute modern aids to training,
Institute training program to retrain and on statistical methods
Defect Prevention
12. All processes and standards have been followed in the lifecycle of a
particular project, yet the project is consistently behind schedule, is over
budget and the customer is unhappy. State briefly what you think are
reasons behind this and who's responsible.
or
You are the QA Manager. There are well-defined standards, process,
procedures etc., in place. Your development team strictly followed and
produced the product. But the customer is dissatisfied, as the product was
delivered very late, (Schedule overrun) and over-budget. Also the customer
was not happy with the functioning. What would you do now?
Considering all these main considerations we cannot do much about the
schedule overrun and the cost incurred through that. Therefore the only way to
gain customer satisfaction back is to concentrate and solve the Customer
dissatisfaction issue. In a situation like this the best way to go about this would
to be
1. Get on your customers wavelength- By reacting positively to their concern,
getting to the same wavelength and give undivided attention to the current
issue
2. Get the facts-Ask questions, record conversations, Listen carefully, obtain
feelings and concerns
3. Establish and initiate an action program Even if the requirements are not
valid issues we still need to take consideration of the pressing issue and
provide a solution for this.
8/3/2019 Subjective CSQA
10/46
4. Can negotiate a satisfactory resolution with the customer by suggesting a
resolution and getting the agreement and implement the resolution with
customer consent.
5. If required there could be sessions (JAD Sessions) where the customer
and the development team could meet up and discuss any discrepancies.
6. Follow up with the customer to validate whether they are satisfied with the
new solution being implemented
Possible reasons could be:
y Estimation of the efforts is not proper (Over Budget) Project Manager
y Project Plan is not properly developed -Project Manager
y Project Tracking is not proper - Project Manager is responsible forschedule slippage and Effort over run
y Change Control Process need to be looked into Configuration Controller
y Processes may need to be revisited and changed QA is responsible
y Look at standards for improvement Project Manager - Deming
y Lack of emphasis on measurement
y No Defect Prevention Project Manager
y Defect Elimination is not done properly Project Manager
y Failure to determine the cost associated with defects Project Managery Failure to initiate programs to Manage defects Project Manager
y Most economical means for identifying defects unknown
y Managements unwillingness to accept full responsibility for all defects
Deming and Crosby principle
y Inability to follow V-Testing to capture defects earlier in the lifecycle
13. Your operational dept encounters production defect at the rate of3
defects per1000 lines of code. During a vendor meet you come acrossanother company XYZ that is of the same size of yours and in the same
industry. This companys production defect is 2 defects per1000 lines of
code. Can you conclude that the XYZ operation dept is better that yours.
Can you use this for benchmarking? Explain.
OR
8/3/2019 Subjective CSQA
11/46
If two organisations with same standards, one having 10 defects per1000
KLOC and the other one having 12 defects per1000 KLOC can be
compared? Yes or No? Explain.
Here, a decision cant be taken on a pure objective basis as there are many other
factors that need to be considered while comparing the two defect densities.
1. Firstly, it should be made sure that the two defect densities to be
compared are normalized on common factors.
2. Usually defect density normalization with respect to function points are
preferred over KLOC. For example, while considering language
differences, the fact that Visual Basic doesn't readily lend itself to LOC
counts makes Function Point sizing the more appropriate common base
across all three projects.
3. In some cases, the modules in which few faults are discovered during
testing may simply not have been tested properly. Those modules which
reveal large numbers of faults during testing may genuinely be very well
tested in the sense that all the faults really are 'tested out of them'. The
key missing explanatory data in this case is, of course, testing effort.
4. Another hypothesis is the popular software engineering assumption that
small modules are likely to be (proportionally) less failure prone. In other
words small modules have a lower defect density. In fact, empirical
studies summarised in [Hatton 1997] suggest the opposite effect: that
large modules have a lower fault density than small ones.
5. It is recommended that more complete models that enable to augment the
empirical observations with other explanatory factors, most notably,
testing effort and operational usage. If you do not test or use a module you
will not observe faults or failures associated with it for which operational
usage has to be considered.
6. Some of other factors that need to be considered include -
y Complexity of the project
y Language
y Process capability
8/3/2019 Subjective CSQA
12/46
y History of defects
y Defect severity
y Common causes
14. Who is responsible for keeping track of changes in the software? Who
has the authority to change? How do you ensure that change control is
properly carried out?
SCM Steps
1. Management of the SCM Process
2. Software Configuration Identification
3. Software Configuration Control4. Software Configuration Status Accounting
5. Software Configuration Auditing
6. Software Release Management and Delivery Software
Who is responsible?
y Configuration Controller is responsible for keeping track of changes.
y Changes to the code is normally controlled by the usage of configuration
tools like Visual Source Safe, Ellips, Changeman Concurrent Versioning
System (CVS)
Who authorizes changes?
y If the change is major, it should be approved by Systems Planning
steering committess/SCCB (Software Configuration Control Board).
y For a minor change, IT manager or Senior person in User department can
approve it. However, all the changes should be in written format.
How to ensure Change Control
y The nature of the proposed change should be explained in writing, and
formally approved by a responsible individual as mentioned above.
8/3/2019 Subjective CSQA
13/46
Documenting the proposed change clears up any initial
misunderstandings that may arise when only verbal requests are made. In
addition, written proposals provide a history of changes in a particular
system.
y Developers should make changes and not the operations
y Someone independent of the person who designed and made the change
should be responsible for testing the final revised program. The results
should be recorded on program change registers and sent to the IT
manager for approval. Operations should accept only properly approved
changes.
y Finally, the documentation system should be updated with all change
sheets or change registers and printouts.
y Perform Configuration Control Audit to ensure Change control.
y Usage of tool for change control for code and document
15. If a defect occurs in the software product, whom do you held
responsible for the defect & why?
y Individual should not be held responsible for defects. Defect information
should be used to improve the process. As imperfect or flawed processes
cause most defects, processes may need to be altered to prevent defects.y The main intention of defect record should be for four major purposes:
o To ensure the defect is corrected
o To report status of the application
o To gather statistics used to develop defect expectations in future
applications
o To improve the software development process
y At a minimum, the tool selected should support the recording and
communication of all significant information about a defect for better
analysis. For example, a defect log could include:
o Defect ID number
o Descriptive defect name and type
o Source of defect - test case or other source that found the defect
o Method SDLC phase of creation
8/3/2019 Subjective CSQA
14/46
o Phases SDLC phase of detection
o Component or program that had the defect
o Defect severity
o Defect priority
o Defect status (e.g. open, fixed, closed, user error, design, and so
on) - more robust tools provide a status history for the defect
o Date and time tracking for either the most recent status change, or
for each change in the status history
o Detailed description, including the steps necessary to reproduce
the defect
o Screen prints, logs, etc. that will aid the developer in resolution
process
o Stage of origination
o Persons assigned to research and correct the defect
y Finally, Identify the categories of defects, origin of defects
y Use statistical processes to determine the root causes of the problem
y Close the gap by improving the process or updating the processes,
standards, checklists etc if required.
16. Security and Privacy of customer information are very important for e-
commerce projects. Quality principles expect that management policies are
a pre-requisite for good work process. Draft a policy for e-commerce
security and privacy.
Or
Write a Security and Privacy policy for e-securities projects for your
organization.
Securityrelates to the means (process and technology) by which an entity
protects the privacy of any sort of data/information. Security measures keep
information secured, and decrease the means of tampering, destruction, or
inappropriate access.
Privacyrefers to the individuals right to keep certain information private,
unless that information will be used or disclosed with his or her permission. (more
8/3/2019 Subjective CSQA
15/46
like the rights of individuals or Consent/Authorization
Issues/Procedures/Processes )
Security is more related to the availability of the information and policy for that
should address the same with proper checks and balances taking care of that
while privacy is some thing which ensures right information to the right person.
SECURITY & PRIVACY POLICY
y XYZ Company protocols adhere to the latest standards; your information
is encrypted during your e-commerce sessions with XYZ Company.
y We do not store credit card or purchasing card information on our web
server, and do require a re-entry of the credit card number for each
purchase. This is an added level of security, and helpful in laboratories or
purchasing departments with multiple users of a central computer.
y Security audits are conducted by third parties in order to further ensure
security.
XYZ Company Online Privacy Policy
This Policy relates only to our online information collection and use practices.
In short, we do the following:
y We only collect personally identifiable information that you voluntarily and
knowingly provide us.
y We use the information that you provide us only for the purpose(s) for
which you specifically provided it or for specific additional purposes for
which we receive your prior consent.y We do not share any information you provide us with anyone outside of
XYZ Corporation, except for suppliers who assist us in maintaining and
managing the activities on our site. These suppliers are legally obligated
to maintain the confidentiality of any information we provide them,
including your information.
8/3/2019 Subjective CSQA
16/46
y We may use a technology called cookies to enhance your experience on
our site.
y We employ appropriate security measures to protect the loss, misuse and
alteration of any information you provide us.
y We provide you with choice and control over the collection and use of any
personally identifiable information that you provide us on-line, and a
means for updating, correcting or removing this information .
Cookies
Like many companies, we use a technology called cookies to enhance your
experience on our site. We use cookies to store visitors preferences, record
session information, such as items that consumers add to their shopping cart,
record past activity at a site in order to provide better service when visitors return
to our site , customize Web page content based on visitors' browser type or other
information that the visitor sends.
The cookies XYZ Company uses do not contain any personally identifiable
information and can not profile your system or collect information from your hard
drive. You are not identified by name or e-mail address, just by a unique string of
numbers that we assign the first time you come to our site.
Security
We employ appropriate security measures to protect the loss, misuse and
alteration of the information under our control. For our e-commerce activities, we
employ Secure Sockets Layer (SSL) software, which encrypts information you
input, as an additional security measure. However, as no on-line data
transmission can be guaranteed to be totally secure, we (like all web sites)
cannot warrant or guarantee 100% security of any information you transmit to us
at our web site.
Links To Other Sites
8/3/2019 Subjective CSQA
17/46
XYZ Company does not guarantee the content of other sites for which we
provide a link.
17. Is it possible to implement too much quality control in an Organisation?
Yes or No? Explain.
Implementation of too much Quality Control may have certain impediments to
start with-
1. First of all, it has to be driven top down by the management
2. Staff may not like too many QC points
3. Staff may resist/oppose this as they may feel it will hinder the faster
progress of work because of more check points
It is possible to do it wherein QA processes are set properly, and if the cost,
resources and time are not prohibitive, and if you get the involvement of the top
management, implementing too much quality control becomes easier as Philip
Crosby says, "Quality is Free".
But, the term TOO MUCH here may depend upon many factors which may be
prevailing in the organization. In cases where there are chaos all around, wherethere are too many complaints frequently from the customers, no. of QUALITY
CONTROL points may be increased. But as the CBOK says, one of the quality
management philosophy objectives is to continually improve process capability
by reducing variation and rework. With this strategy quality is built into the
products rather than tested at the end. As standards and Do procedures are
perfected, the need for extensive quality control is reduced.
Quality control procedures are considered appraisal costs. They add to the
overall cost, increase the effort required, and increase the cycle time for building
products and delivering services. Where standards and Do procedures are not
perfected, quality control is necessary in a process to catch defects before they
affect the outcome of downstream processes. Appraisal costs are part of the
Cost of Quality, which is covered in Knowledge Domain 1. The challenge is to
8/3/2019 Subjective CSQA
18/46
install the appropriate amount and types of controls to minimize cost, effort, and
cycle time; and to minimize the risk that defects will go undetected and "leak" into
other processes.
Quality must be built-in a product and not tested in.
Too much Quality Control is not required if
y Standards are developed properly
y Processes are well defined
y Quality controls are installed at the logical points in the process to
minimize the defects. Logical points are determined based on the
following
o Risk severity
o Cost, effort and cycle time impact
o Availability of appropriate resources/people
o Strength of control method (Automatic, Self-Checking, Peer review,
Third Party audit, Supervisory)
o Impact on overall culture
18. List various Cost of QualityCategories
(from Hagan 1986) COQ Categories
I. Prevention Costs
1. Requirements
o 1. Marketing research for customer/user quality needs
o 2. Customer/user quality surveys
o
3. Product quality risk analysiso 4. Prototyping for customer review
o 5. User requirements/specification reviews/inspections
2. Project
o 1. Project quality planning
o 2. Project process validation
8/3/2019 Subjective CSQA
19/46
o 3. Quality assessment of development platform and tools
o 4. Platform and tools development for quality
o 5. Developer quality training
o 6. Quality metrics data collection
o 7. Design for quality: software component reuse
o 8. Formal inspections / peer reviews
o 9. Project configuration management
o 10. Supplier capability assessment
3. Reuse library
o 1. Salaries
o 2. Expenses
o 3. Training
o 4. Platform and tools
4. Configuration management administration
o 1. Salaries
o 2. Expenses
o 3. Training
o 4. Platform and tools
5. SQA administration
o 1. SQA salaries
o 2. SQA expenses
o 3. Software process and standards definition and publication
o 4. Metrology: data maintenance, analysis, and reporting
o 5. SQA program planning
o 6. SQA performance reporting
o 7. SQA education/training
o 8. Process improvement
o 9. SQA process compliance audits
II. Appraisal Costs
1. Supplied product testing
2. Project appraisal costs
o 1. Verification and validation activities
8/3/2019 Subjective CSQA
20/46
o 2. Testing: planning, platforms, setup, test data generation, test
execution and logging, reporting, test data evaluation
o 3. Product quality audits
3. External appraisals
o 1. Process maturity evaluation
o 2. Field performance trials
o 3. Special product evaluations
III. Internal failure costs
1. Product design defect costs
o 1. Causal analysis and reporting
o 2. Design corrective actiono 3. Rework and retest due to design corrective action
o 4. Work products wasted due to design changes
2. Purchased product defect cost
o 1. Defect analysis cost
o 2. Cost of obtaining product fix
o 3. Cost of defect work-arounds
o 4. Rework
3. Implementation defect costs
y 1. Defect measurement and reporting
y 2. Defect fixing
y 3. Causal analysis and reporting
y 4. Project process corrective action
y 5. Fix inspection
y 6. Retest and integration
IV. External failure costs
1. Technical support for responding to defect complaints
2. Product returned due to defect
3. Maintenance and release due to defects
4. Defect notification costs
8/3/2019 Subjective CSQA
21/46
5. Upgrade due to defect
6. Service agreement claims (warranty expense reports)
7. Liability claims (insurance and legal reports)
8. Penalties (product contract reports)
9. Costs to maintain customer/user goodwill due to dissatisfaction (sales
reports)
10. Lost sales due to quality problems (field salesperson reports)
19. How will you improve the performance of your subcontractors
Move towards single supplier for any one item, on a long-term relationship of
loyalty and trust. To be competitive it is very important to have lower costs. We
have to minimize total cost; not only the price. Remember that defective units are
cost; delay in delivery is cost, excessive inventory is cost, etc. To minimize total
cost long-term relationship with suppliers is really important. If you as a customer
help your supplier to develop, to improve the quality, you will receive better
products so you will win and your supplier too.
Deming favors the practice of working with a single supplier, where feasible, to
reduce variability of incoming materials, and states that this practice should be
built on a long-term relationship of trust and understanding between supplier and
purchaser. In this way, suppliers can produce materials that do a better job of
fulfilling the needs of the organization. To maintain long-term contracts, suppliers
will be more likely to improve their own processes to provide better products or
services.
Effective Subcontract Management and Oversight is a team effort and is critical
for ensuring and/or improving subcontractor performance. To improve
Subcontractors' Performance
y Perform daily walkdown of subcontractor work activities
y Perform joint performance audits with Sub Contract Coordinator and
subcontractor
y Ensures compliance with subcontract requirements
8/3/2019 Subjective CSQA
22/46
y Foster implementation of benchmarked programs
(Benchmark Contractors' and Subcontractors' Performance
By comparing current performance against other contractors and the rest of the
industry in all relevant areas, we can determine areas where training is needed
and continuously improve business processes. We can also benchmark our
subcontractor's performance across different projects and against other
subcontractors and use the findings to create an effective model for predicting
and preventing claims.)
y Review subcontractor generated data
y Support Sub Contract Coordinator in conducting subcontractor
investigationsy Provides lessons learned information to subcontractor
y Interfaces with all Operational Managers to support Project initiatives
y Coach subcontractor in developing and implementing corrective actions
resulting from audits and self assessments
y Assure subcontractor submits benchmark Program results
y Identify and evaluate violations
y Prepare notices to subcontractor
y Sign / approve violation notices to subcontractorsy Transmit notices to subcontractors
y Approve subcontractor corrective actions and/or provide direction
y Monitor close-out of quality issues
y Chair progress review meetings
y Assess subcontractor performance (monthly subcontractor scorecard)
20. Do You think that KLOC is a right measure for the code which your MIS
has developed for Inventrory system.
Though LOC metric is easy to understand and widely used, there are certain
intricacies involved which can mislead with wrong interpretations especially
during the important calculations of defect density and Productivity. Now a days,
Function Point metrics are getting more popular because of their normalized
8/3/2019 Subjective CSQA
23/46
calculations, though it is initially difficult to understand. Both the metrics are
discussed in detail here:
Lines Of Code (LOC)
The LOC metric is anything but simple. The major problem comes from the
ambiguity of the operational definition, the actual counting. In the early days of
Assembler programming, in which one physical line was the same as one
instruction, LOC definition was clear. With the availability of high level languages
the one to one correspondence broke down. Differences between physical lines
and instruction statements (or logical lines of code) and differences among
languages contribute to the huge variations in counting LOCs. Even within the
same language, the methods and algorithms used by different counting tools can
cause significant differences in the final counts. Several variations that are
significant are
Count only executable lines
Count executable lines + data defns
Count executable lines + data defns + comments
Count executable lines + data defns + comments + job control language
Count lines as physical lines on an input screen
Count lines as terminated by logical delimiters
When straight LOC count data is used without normalizing, size & defect rate
comparisons across languages are often invalid. For productivity, the problems
with LOC are more severe. A Basic problem is that the amt of LOC in a program
is negatively correlated with design efficiency. Efficient design provides the
functionality with lower implementation effort and fewer LOCs. In addition to the
level of languages issue, LOC data do not reflect non-coding work such as the
creation of requirements, specifications & user manuals. Therefore, LOC do not
reflect the true productivity in this case.
Function Points
A Function can be defined as a collection of executable statements that perform
8/3/2019 Subjective CSQA
24/46
a certain task, together with declarations of the formal parameters and local
variables manipulated by those statements. Here, if defects per unit of functions
is low, then the software should have better quality even though the defects per
KLOC value could be higher when the functions were implemented by fewer
lines of code. However, measuring functions is theoretically promising but
realistically very difficult.
Here, first the Function Count (FC) has to be made using the following five
components with their respective weighting factors which in turn are decided by
certain guidelines and standards. The five components and their usual weighting
factors according to their complexities are given below (For e.g. for the External
O/P Component, if the number of data element types is 20 or more and the no. of
files types referened is 2 or more -> then complexity is HIGH. iIf the number of
data element types is 5 or fewer and the no. of files types referened is 2 or 3 ->
then complexity is LOW):
1. External I/P: Low complexity:3, Medium cmplxity:4, High cmplxity:6,
2. External O/P: Low complexity:4, Medium cmplxity:5, High cmplxity:7,
3. Logical I/P: Low complexity:7, Medium cmplxity:10, High cmplxity:15,
4. Logical O/P: Low complexity:5, Medium cmplxity:7, High cmplxity:10,
5. External Inquiry: Low complexity:3, Medium cmplxity:4, High cmplxity:6,
Then -> FC= {i=1to5[j=1to3(Wij*Xij)]}
Where Wij is the weighting factors of the five components by complexity level
(low, med, high)
Xij are the numbers of each component in the application.
The second step involves a scale from 0 to 5 to assess the impact of 14 general
system characteristics in terms of their likely effect on the application. The 14
characteristics are:
1. Data communications
2. Distributed functions
8/3/2019 Subjective CSQA
25/46
3. Performance
4. Heavily used configuration
5. Transaction rate
6. Online data entry
7. Enduser efficiency
8. Online update
9. Cmplx processing
10. Resuability
11. Installation use
12. Operational use
13. Multiple sites
14. Facilitation of change
The scores (ranging from 0 to 5) for these chrcs are then summed, based on the
following formula, to arrive at the Value Adjustment Factor (VAF)
Value Adjustment Factor (VAF) = {0.65+0.01*[i=1to14(Ci)]}
Where Ci is the score for general system characteristic i. Finally, the no. of FPs
are calculated by:
FP = FC*VAF----------------------------
8/3/2019 Subjective CSQA
26/46
2. As Requirement analysis plays a major role in the s/w development lifecycle, list out the four key attributes of requirements & explain. Give twoquality checklists for each of the attributes.
Complete.
The requirements document includes all of the necessary requirementsinformation.
For example, whether or not SRS includes (Checklist):
1. all the functions and nonfunctional requirements,2. constraints,3. external interface requirements, and4. data requirements that must be satisfied.
Consistent.
1. Internal conflicts do not exist between requirements in the document thatresult in the requirements contradicting each other.
2. The requirements also do not conflict with higher-level requirementsincluding business, user, or system-level requirements.
3. Terminology should also be used consistently within the document:y A word has the same meaning every time it is used.y Two different words are not used to mean the same thing.
Modifiable.
The requirements document is organized and written in a manner that willfacilitate making future change:
1. Nonredundant: Each requirement is stated in only one place.2. Changeable: Each requirement can be changed without excessive impact
on other requirements.
Unambiguous.
1. Each requirement statement should have only one interpretation, andeach requirement should be specified in a coherent, easy-to-understandmanner. For example, the author searches for words that end in ly (forexample, quickly, user-friendly, automatically) because adverbs by natureare almost always ambiguous.
Concise.
1. Each requirement should be stated in short, specific, action-oriented
8/3/2019 Subjective CSQA
27/46
language.
Finite.
1. The requirement should not be stated in an open-ended manner. For
example, words like all, every, and throughout should be avoided inrequirements statements.
Measurable.
1. Specific, measurable limits or values should be stated for eachrequirement as appropriate.
Feasible.
1. The requirement can be implemented using available technologies,
techniques, tools, resources, and personnel within the specified cost andschedule constraints.
Testable.
There exists a reasonably cost-effective way to determine that the softwaresatisfies the requirement.
Traceable.
1.Each requirement should be traceableback to its source (for example, user-level requirements, system-level
requirements, standard, and enhancement request).
2.It should also be specified in a mannerthat allows traceability forward into the design, implementation, and tests.
-------------------
-------------------1. Give three examples from IT organization where Pareto analysis of 80:20
holds good.
1.Defect Analysis
2.Failures found in production
3.Cycle/Delivery Time reduction
4. Employee Satisfaction/Dissatisfaction
8/3/2019 Subjective CSQA
28/46
5. Customer Satisfaction/Dissatisfaction
6.Help Desk problems
The process for using Pareto charts is described in the following steps:
1.Define the problem clearly using any of the tools from Quality
Toolbox (e.g., Use brainstorming, affinity diagrams, or cause-and-effect diagrams)1.Collect a sufficient sample size of data over the specified time, or
use historical data, if available
2.Sort the data in descending order by occurrence or frequency of
causes characteristics
3.Construct the Pareto Chart and draw bars to correspond to the
sorted data in descending order, where the x axis is the problem category and the y axis is
frequency
4.Determine the vital few causes on which to focus improvement
efforts
5.Compare and select major causes, repeating the process until the
problems root causes are reached sufficiently to resolve the problem
2. State some differences between SEI CMM and ISO 9000
ISO 9000:2000 Fundas n Vocabulary
ISO 9001:2000 Requirements
ISO 9004:2000 Gdliens for pefformance improvements
ISO 9000-3:2000
Gdliens for the application forISO 9000:2000
to ComputerSW
ISO 9001:2000 CMMI
Terminology translation
Top Mgt Higher leve/Sr mgt
8/3/2019 Subjective CSQA
29/46
QMS;Qlty Manual OSSP
Qlty PlanPrj Plan;SW Development Plan;Sys EnggPlan; Data Mgt Plan
Customer; interested party Customer;Stakeholder
Documented procedure Plan for performing the process; procedure
Recordwork product; record;evidence ofimplementation
Qlty mgt (very broad sense) Qlty Mgt (& Qntive mgt)
Similarities
ISO 8 Principles:-
Customer focus
-GP2.7, Identify & involve Relavantstakeholder-PPSP 2.6, Plan Stakeholder involvement-RD,TS-CMMI is not as strong as ISO
Leadership
-GP2.1, Establish an Organizational Policy-GP2.4, Assign Responsibility-GP2.10,Review Status with Higher Mgt-OPF
Invovlement ofPeople
-GP2.3, Provide Resources
-GP2.5,Train Ppl-GP2.7,Identify n involve RelavantStakeholder
Process Approach
-GP2.2, Plan the Process-GP3.1, Establish a efined Process-OPD,IPM
System Approach -GP3.1,Establish a defined Process
Continual Improvement-Focus of entire CMMI through cap n maturitylevels
Factual Approach to Decision Making-GP2.8, M&C the process-PMC,MA,IPM,DAR
Mutually Beneficial Supplier Relationships
-SAM-CMMI is less specific abt "collaboration"-CMMI is more concerned with "control"
8/3/2019 Subjective CSQA
30/46
Differences
Language
ISO uses 'SHALL' statements (prescriptive) CMMI doesnt
Compactness of stts in ISO e.g.,
More elaborated (e.g., "determine and provideresources" is implemented in CMMI withGP2.2 & GP2.3 in all Pas)
Details
ISO is very sparseCMMI provides practices,subpractices,typicalwork products & amplifications
Guidance
ISO hasn't provided detailed imppln guidance CMMI has Capability levels n maturity levels
Process Improvement
ISO 9004:2000 provides very igh levelguidance for prc improvement
CMMI is devoted to prc improvement-DistinguishedOrg. n Prj level prcimprovement activiteis
Institutionalization
ISO requires orgns to estblish QMS butdoesn't explicitly required instituionalization-bldg strong prc infrastructure is left to theOrgn.
CMMI very strongly emphasizesinstitutionalization through GGs n GPs. This isa major strength of the CMMI and is critical tooveall prc imprvovment success
Standard Model
Broad direction Detailed
One set of requirements to be satisfied Progressive steps (levels)
No guidelines ofr implementation Institutionalization & implementation guidance
Requires interpretation for organizations withmany programs
Accomodates organizations with manyprograms
Applicable for all kinds of organizations
ISO 9000-3 gives the Gdliens for theapplication forISO 9000:2000 to ComputerSW
Applicable only to software developmentorganizations
Static in nature Evaluationary in nature and espousescontinuous improvement of the software
8/3/2019 Subjective CSQA
31/46
development processes
Contains 8 clauses Contains 18 KPAs
Certification Audit is like an exam Final assessment is collaborative
Result of certification is pass fail criteria
Result of assessment is a quantitative score ofthe maturity of the software developmentprocess
Continuous Staged
1. Your organization is in testing a new version of sw. A large number of defectshave been unearthed in testing which may result in a delayed release. The mgtwants you to present the measures you have taken as QA mgr in the developmentof the software towards a quality product. You have to present to the mgt on theinitiatives of your team in building quality into the sw
How would you justify ur actions to the mgt.
ANS: Give them a detailed outline of the plan regarding the following questionsMake a list of defects in the software unearthed during the testingConducting a brainstorming session to find out the root causes for the defectsConstructing a control chart to find solutions to the problemsMake a plan of the steps involved in solving the problems as to who is responsible forwhat Keep them posted on the improvements made in the productsGive them the test reports. Test reports include the number of defects that still exist.Prepare a detailed chart on the level of improvements made.
2. A potential customer of your organization requires a sw that can be provided onlywith new tools and technology and currently available in ur orgn. Your mgt hasdecided to accept the contact. How should the project be planned for successfulcompletion?
ANS: Reallocate the resource for the project Get a detailed requirement from thecustomer so that they could be measured and tested to see if the objectives are met or not.Design the product with the help of all the developers, code, test and implement in theproduction environment and monitor their progress to see if they are met.
3. Your orgn requires a metrics program to be implemented However the mgt focusis only one net profit. How would you impress on the need to measure costoverruns and schedule overruns?
ANS: Without measures business cannot be conducted for a long timeIf there are no measures for cost/schedule overrun we would not be able to takeappropriate measures before and hence the customer may be dissatisfied.
4. As a consultant to an organization involved in handling large S/w projects howwould you impress on the mgt on the need for structured testing?
ANS: Structured testing advantages are It tests the logic of the software. Hence hiddendefects could be found at earlier stages Parts of the software may be tested
8/3/2019 Subjective CSQA
32/46
5. Suggest measures of effectiveness in the Checkpoint reviews in Requirement,External design, Internal Design and Program Specs phases.
ANS: Requirements Check for completenessExternal Design Supports the requirements
6. Develop Standards on MeetingsANS: Everyone in the meeting should be given equal rights in participating in themeeting.They should be willing to share their ideasOnly one can speak at a timeDecisions will be arrived at a consensus in a meeting
7. Your company has quite a number of tools procured from vendors. But theirimplementation is poor among business users. How will you ensure that the toolsprocured are used as well?
ANS: Training, vendors support, support activites in case of problems, afterimplementation monitor them
8. Your operational dept encounters production defect at the rate of 3 defects per1000 lines of code. During a vendor meet you come across another companyXYZ that is of the same size of yours and in the same industry. This companysproduction defect is 2 defects per 1000 lines of code. Can you conclude that theXYZ operation dept is better that yours. Can you use this for benchmarking.Explain. (7 marks)
ANS: Yes it could be used for benchmarking as it is of the same size and the sameindustry as yours. Benchmark with them. Find out what process they use for coding.Follow the same techniques as them and try and reduce your defects. Make companyvisits.
9. Name three attributes of a product that you would ask the customer during asurvey. For each of the attribute ask a relevant question that you would ask thecustomer and suggest a metric to evaluate the goal that has been set.
ANS: Reliability of the product, Integrity of the product, Usability of the product
10.You as a QC person, what type of test end report will you prepare for the PL ofthe concerned project? What will you report and why?
ANS: What are the issues that are still openA summary of the defects that were uncovered during testing (number of critical errors,minor, major)Screen shots of the defects if any availableWho detected the errorWho corrected the errorNumber of days involved in detecting the error
11.A payroll system has been developed and is to be rolled out to production. Whatsteps will you take to ensure that defects are caught as early as possible.
8/3/2019 Subjective CSQA
33/46
ANS: Monitor the progress using logs, cpu time, memory usage during peak hours, askthe customer if this is the quality he expected
12.your manager wants to go for mbnqa. He is aware of the categories. As an IT headhe wants you to determine the categories that can be calculated by you to
determine whether the company can get the award. (for which categories you cancalculate the points as an IT head.)ANS: 1) Get the latest criteria for qualifying for the mbnqa award
2) Compare the criteria with your organization.3) Inform the management about the whether they qualify or not
4) If they qualify then with the managements approval apply for the award
13.You have 4 defects per FP now. You want to reduce it to 2 defects per FP. Whatwill you do?
ANS: 1)Benchmark with other organizations to see what are the best practices followed2)Brainstorm with the team to find out the reasons for defects
3)Implement the practice and measure the progress4) By going around the PDCA cycle and continuously improving the process youcan improve Plan security or risk environment in your organizati
14.The vendor payment has not been managed properly. Due to this when thepayment is postponed for a vendor it is written both in vendor to be paid andcheck book details. Errors due to this are 1000 per year and this resresents 1 %each wrong payment results in a loss of $1000 loss. What is the loss. SHow urworking
ANS: 1000 * 1000
15.You have to make a presentation on the features of an ISO and TQM to programto your mgt What would be part of your presentation
ANS: Define what ISOWhat are the objectives ofISOWhat are the different types of models available in ISOWhich model is best suited for the organizationDefine TQM and objectivesHow do they benefit the organizationWhat are the steps that need to taken to implement them
16.As ManagerQ of an ISO 9001 company you have planned for a global qualityaward as the next milestone. How would you impress on ur mgt the plans andgain approval of your plan
ANS: Find opportunities to reward the people as and when possible. Ask them whatreward means to them as reward is perceived differently by different people. People dontwork for money.So convince the management byQuoting some of the Quality Gurus sayings like Joseph JuranGive them proven success/ positive outcomes of rewarding people by other organization
8/3/2019 Subjective CSQA
34/46
17.Mr. Laloo P. Yadav is the new IS Manager of an investment company. His team
needs to develop an online trading system within 2 months with no increase inteam size. An online (buy/sell) transaction has to be completed within 2 secondsand the online search should not take more than 5 seconds. How should Mr.
Yadav approach this to get the software developed with the best quality andwithin schedule?ANS: First form a team of subject matter experts and developers to conduct acheckpoint reviewsBrainstorm with them as to phases in which checkpoint reviews needed to be conducted(Requirements phase, Design phase, Coding phase). Prepare a plan as to who will beresponsible for conducting the reviews, on what date they will be conducted, what are thecriterias to be met (eg An online (buy/sell) transaction has to be completed within 2seconds and the online search should not take more than 5 seconds) before proceeding tothe next phase so that defects could be found at the earliest possible and hence reducesthe cost and time of reworking at the end of the project, what are the statistical tools that
would be used to measure the processing performance. There should be a consensus onthe decisions made in the above mentioned points for delivering a quality software on thecustomer specified date.Plan should be documented sent to the all the concerned people(IT manager, developer,reviewers) so that they are aware of their roles and responsibilities to produce thesoftware on time. Ensure everyone complies with the plan.Adequate training should be given to the person who is conducting the review regardingthe intents of the review.Conduct the checkpoint reviewsCompare the actual result with the expected result with the help of the statistical toolsthat were mentioned in the plan.If the actual result does not meet the criteria mentioned in the plan brainstorm the rootcauses for the problems. Make appropriate changes and retest the software.
18. Differentiate between Product Quality and Process Quality and the role ofQuality analyst in each of them.
ANS: Process Quality helps in achieving the product qualityProcess Quality are InternalQuality focus(operation). Product quality focuses on externalQuality(market)Process Quality focus on process. Product quality are concerned with resultsProcess Quality people are cost. Product quality people are investment
19.An organization has implemented standards. However the implementation isweak. So you have been called to have a re-look at the standards. What would berole of different actors involved (e.g. QA, QC, Standardization Group etc..)
ANS: Role ofQAForm standards by benchmarking with other industriesReview the implementation of the standards.Get feedback from the QCMake appropriate changes to the standards
8/3/2019 Subjective CSQA
35/46
Role OfQC Implement the standardsStandardization Group
20.State how would you focus the attention of your management on the defectsidentified by the QC group, but not rectified by the dEv. Team.
ANS: If the defects are not rectified by the development team then inform themanagement telling them the consequences(like product may not be delivered on time ordefective product will be delivered to the customer which spoils the credibility of theorganization, losses incurred by the organization)
21.The procedure of tool selection was given (define needs, train the user, getfeedback etc). The tools in your organization were selected using that procedurebut still the tools were ending up as shelfware, as in, the people are not using thetools after deployment. How will you, as a QA manager, select tools whichbecome popular in the org.
ANS:
1) Brainstorm with the employees as to what are tools that they require to do their jobeffectively. You can even visit other organizations to see what tools they use and howeffective it is and make a recommendation. Employees consent should be got beforeusing the tool2) Get managements approval3) Train the users with those tool. Have a dedicated and skilled person for training andsolving problems related to the tool4) Deploy those tools5) Measure the effectiveness of the tools to see if they have added any value to the workproducts or process.
22. You are Software test Manager. Your testers ask you what attributes of a defectthey need to note down as they are doing the testing. Suggest three attributes of adefect that are important.
ANS: Type, Severity, Effort required to detect and correct the error
23.Roles and responsibilities during a software inspectionANS:Expanded QA Role
Prepares inspection checklists, schedules meetings Moderates inspection meetings Logs and tracks action items to resolution Writes test plans, procedures, scenarios Conducts, participates in functional/regression testing Conducts system validation, user acceptance testing
24. Long time back 10 years before IT department wrote few standards. Users didnot follow them. You are now QA manager of the organization. You have beenasked to solve this problem by forming a standard committee. Write the membersofStandards Committee. And Write the responsibility of each Standard
8/3/2019 Subjective CSQA
36/46
Committee (Who are the members , Responsibilities) QA Group(Responsibilities) Users (Responsibilities) ITOrganization (Responsibilities)
ANS: QA Group develops an annotated bibliography on software standards and
standards-related topics, especially those related to the Body of Knowledge;
QA groups authors/reviews articles on software standards topics anddisseminating these through the newsletter and via the web; Providing opportunities for tutorials and training the users about standards and t
their development; QA groups participating on the USTAG (Tech'l Advisory Group) forISO/IEC
JTC1/SC7 which is concerned with developing/reviewing international standardson software engineering, lifecycle, process, and quality topics;
QA groups works cooperatively with the IEEE Software Engineering StandardsCommittee on software quality-related standards;
QA groups Respond to questions from the users on software standards. The IT organization supports the standards committee by providing adequate
resources and funding They provide commitment to follow the standards and communicate to the alllevels of the organization their roles and responsibilities in adhering to the standards
25.Brainstorm with the team as why the project went beyond schedule. Find out thecauses for delay. Discuss the alternatives that could be taken to solve theproblems.
ANS: Apologize to the customer for the delayed delivery and the project going over thebudget. Suggest the customer the actions that are going to be taken. Get his approval.Give him the details as to who will resolve the problem and when would it be resolvedImplement the action that was agreed upon.
26.Design a mentoring program to transfer knowledge from seniors to juniors.ANS: Train them by explaining to them the concepts (eg standards)Give them a project/ assignments as a part of the trainingMeet with the team every once in 3-4 weeks. Review their assignments and providefeedback in1. Program Design and Planning.2. Program Management.3. Program Operations.4. Program Evaluation.
27.What should be done before benchmarking?ANS: Before Benchmarking you need to prepare what are the objectives of your visit,which are the organization you want to benchmark against, what are the actions that willbe taken on completion of the benchmark, how will it benefit the customers,managements approval.
28.Do You think that KLOC is a right measure for the code which your MIShas developed forInventrory system.
8/3/2019 Subjective CSQA
37/46
ANS: studies conducted in mis (management information systems) environments showthat, for both development and maintenance, function points based measures satisfy thecriterion.Excellent means of quantifying software product quality as well as to assess theeffectiveness of the testing process. Many industry averages exist, most of which are in
the area of 10-20 defects per one thousand lines of code (KLOC) during system testing,while prior to and including system testing values are up to 200 defects per KLOC[Humphrey 1996]. Rubin reports defect rates from a world-wide survey per industrysector with Aerospace at 4.6 defects / KLOC, Financial at 3.1 defects / KLOC andSystem Software 2.0 / KLOC [Rubin 1995]. Rubin also reports 0.9 defects per functionpoint as a world-wide industry average, while Capers Jones reports 1.75 coding defectsper function point [Capers 1995] [Rubin 1995]. Defect densities should drop ten-foldbetween testing and maintenance phases [Grady 1992]. If such trends are not realizedbetween prerelease and postrelease of software, then this is an indication that the testingprocess is not effective. This metric should also be used in parallel with the percentage ofeffort spent on testing. Limited testing time allocated will result in few defects detected
prerelease and many detected postrelease.
29.YourOrganization recently implemented a total quality management program.This has caused you to change your role from a quality assurance manager to aquality leader. Your responsibility as a leader is to get line management to domany of the tasks that you previously did as a quality assurance manager. Whatstrategy will you use to get buy in from first-line supervisors to incorporatequality leadership as part of their day-to-day job function?
ANS: Tell them that you would be able to do both the jobs. Benefits that you wouldoffer to the company by doing both the jobs
30.The Malcom Baldrige NQA defines one of the roles of a leader as establishing avision. You know that a vision must be expressed in terms external to theorganization, and define the organization ideally would like to accomplish. Forexample, one of Ford's visions was to have customers that brag about theirproducts. You have asked yourIT director to develop a vision for the function. Hetell you that the IT function already has a mission, and his vision is to accomplishthat mission. How do you explain to yourIT director the difference between avision and a mission?
ANS: Tell the manager what is vision and what is mission.Mission tells you the purpose of the organization. Vision is a term that tells what theorganization wants to achieve.Tell him the purpose of redefining the vision and mission
31.YourIT function had a QA started in 1987 which was terminated in a cost cut-back in 1989. At that time, the employees of the quality assurance functionpersonally performed most of the quality efforts, such as conduction reviews andwriting standards. You were recently appointed quality assurance manager. Youknow that the tasks previously performed by the quality assurance group should,in fact, be incorporated into the day-to-day work programs of the IT function.
8/3/2019 Subjective CSQA
38/46
What approach would you like to incorporate quality practices into the softwaredevelopment processes?
ANS: Create an inventory of the quality practices that have been created with their title,statusStore them in a library that is accessible by all the employees of the organization
Assess the process. Before developing a quality practice check the inventory of theprocess that is already existing to suit the process. A process map could be created forthis purpose
32.A product that your organization is about to produce is already available in themarket. You are asked to come up with a process to evaluate the design of thisproduct.
ANS: Form a team to collect information how the customers perceive the quality of theproduct in the market (customer survey),doing a interview with the company employees about the product functionalities throughbenchmarking
Assess if the product if produced by the company will be welcomed by the market or not
33.The QA department publishes a status on error reporting, fixed in the 30 daystime. You however feel this has a negative impact on the QA department. Show 2techniques you would use to reduce the negative impact.
ANS:Techniques Why you selected it?a ) Brainstrom and use cause and effect diagram to find the root cause of the problem_________________ __________________________________________
_________________ _________________________________________b) Use of statistical tools like control charts to reduce the variation in the process _________________ __________________________________________
_________________ __________________________________________
34. Mr. Masor is an IT director, He is a quality conscious person , understands Customersatisfaction is the goal etc. So decides to set up the Department to test software and alibrarian for documentation in the project etc.* Rate Mr. Masor as leader on a scale of 1 to 5* Rate his approach on the Quality principles* Explain why?ANS: Rating level - 3He has decided to document the processes. Estimation for the current projects will bebased on the success of previous projects. Projects could be easily planned and trackedwhich results in stabilityA separate department has been set up to test the software the developers could spendmore time on development.
35. In order to bring about improvement in the testing process and help your teammembers come up with guidelines on ( 2 steps each)
a) How to stop testing?
8/3/2019 Subjective CSQA
39/46
b) How to test with constraint on resources Test with valid data, the mostimportant functionality36. A Helpdesk has been instituted to collect the problems from the customer. How willIT department solve the problems to keep the customers?ANS: Find out the frequently occurring problems.
Brainstorm with the development team as to what could be the root causes for theproblemsImplement the solutions along with logs so that the problems could be tracked easilyDo an adequate in house testing, users may also be asked to test the productWhen the QC team faces time constraints ask them to assign priority to the test that areimportant to be performed and only those test cases will be performed. Usually these testcases will be testing important functionality of the product or the high risk requirementswith valid data.
37. Your organization has planned to purchase a third party tool for timesheet entry. Butthere is opposition from the project leaders that there are people with skills to develop the
product in-house. Your boss asked for your advice. AsQuality analyst how will youdecide on whether to purchase or develop in-houseANS: Find out why the organization has chosen to outsource the development. Generallyproducts are outsourced for the reason of problems in the organization is not adequatelyaddressed. If the problems could be overcome easily then advice the management todevelop the product in house. Tell him that outsourced products will not be supported bythe organization and hence make its implementation difficult.If the problems cannot be solved and there is a time constraint on the product to bedeveloped then advice the developers about the problems that are existing and get theirconsent before outsourcing the product
38. Zero defects- do you agree. Substantiate with reasons?Ans- Explain Philip Crossby 10-14 principles.
Step 1: Management Commitment
Action. Discuss the need for quality improvement with management, emphasisizing theneed for defect prevention. Do not confuse communication with motivation. Theresults of communication are real and long-lasting; the results of motivation are shallowand short-lived. Prepare a quality policy that states each individual isexpected to perform exactly like the requirement or cause the requirement to beofficially changed to what we and the customer really need. Agree that qualityimprovement is a practical way to profit improvement. Accomplishment. Helpingmanagement recognize it must be personally committed to participating inthe program raises the level of visibility for quality and ensures everyones cooperationso long asthere is progress.
Step 2: Quality Improvement Team
Action. Bring together representatives of each department to form the qualityimprovement
8/3/2019 Subjective CSQA
40/46
team. These should be people who can speak for their departments to commit operationsto actions. Preferably, the department heads should participate at least on the first goaround. Orient the team members as to the content and purpose of the program. Explaintheir roleswhich are to cause the necessary actions to take place in their departmentsand the company. Accomplishment. All the tools necessary to do the
job are now together in one team. It works well to appoint one of the members as thechair of the team for this phase
Step 3: Quality Measurement
Action. It is necessary to determine the status of quality throughout the company. Qualitymeasurements for each area of activity must be established where they dont exist andreviewed where they do. Record quality status to show where improvement is possibleand where corrective action is necessary and to document actual improvement later.Nonmanufacturing measurements, which are sometimes difficult to establish
Step 4: Cost of Quality EvaluationAction. Initial estimates are likely to be shaky (although low), and so it is necessary atthis point to get more accurate figures. The comptrollers office must do this. Theyshould be provided with detailed information on what constitutes COQ. COQ is not anabsolute performance measurement; it is an indication of where corrective action will beprofitable for a company. The higher the cost, the more corrective action that needs to betaken. Accomplishment. Having the comptroller establish COQ removes any suspectedbias from the calculation. More important, a measurement of quality managementperformance has been established in the companys system.
Step 5: Quality Awareness
Action. It is time now to share with employees the measurements of what nonquality iscosting. This is done by training supervisors to orient employees and by providing visibleevidence of the concern for quality improvement through communication material suchas booklets, films and posters. Dont confuse this with some getmotivated- quick scheme.It is a sharing process and does not involve manipulating people. This is an importantstep. It may be the most important step of all. Service and administrative peopleshould be included just like everybody else. Accomplishment. The real benefit ofcommunication is that it gets supervisors and employees in the habit of talking positivelyabout quality. It aids the process of changing, or perhaps clarifying, existing attitudestoward quality. And it sets the basis for the corrective action and error cause removalsteps.
Step 6: Corrective Action
Action. As people are encouraged to talk about their problems, opportunities forcorrection come to light, involving not just the defects found by inspection, audit or self-evaluation, but also less obvious problemsas seen by the working people themselves
8/3/2019 Subjective CSQA
41/46
that require attention. These problems must be brought to the supervision meetings ateach level. Those that cannot be resolved are formally passed up to the next level ofsupervision for review at their regular meeting. If a specific functional area does nothold such meetings, the team should take action to establish them in that department.Accomplishment. Individuals soon see the problems brought to light are being faced and
resolved on a regular basis. The habit of identifying problems and correcting them is thebeginning.
Step 7: Establish an Ad Hoc Committee for the Zero Defects Program
Action. Select three or four members of the team to investigate the zero defects conceptand ways to implement the program. The quality manager must be clear, right from thestart, that zero defects is not a motivation program. Its purpose is to communicate to allemployees the literal meaning of the words zero defects and the thought that everyoneshould do things right the first time. This must be transmitted to every member of theteam. In particular, the ad hoc group should seek ways to match the program to the
companys personality. Accomplishment. Improvement comes with eachstep of the overall program. By the t ime zero defects day is reached, as much as a yearmay have gone by and the initial improvement will be flattening out. At that point, thenew commitment to a specific goal takes over, and the improvement begins. Setting upthe ad hoc committee to study and prepare the implementation ensures the goals of theprogram will be firmly supported by the companys thought leaders.
Step 8: Supervisor Training
Action. Conduct a formal orientation with all levelsof management prior toimplementation of all the steps. All managers must understand each step well enough toexplain it to their people. The proof of understanding is the ability to explain it.Accomplishment. Eventually all supervisors will be tuned into the program and realize itsvalue for themselves. Then they will concentrate their actions on the program.
Step 9: Zero Defects Day
Action. Establishment of zero defects as the performance standard of the company shouldbe done in one day. That way, everyone understands it the same way. Supervisors shouldexplain the program to their people and do something different in the facility so everyonewill recognize it is a new attitude day. Accomplishment. Making a day of the zerodefects commitment provides an emphasis and a memory that will be long lasting.
Step 10: Goal Setting
Action. During meetings with employees, each supervisor requests they establish thegoals they would like to strive for. Usually, there should be 30-, 60- and 90-day goals. Allshould be specific and measurable. Accomplishment. This phase helps people learn tothink in terms of meeting goals and accomplishing specific tasks as a team.Step 11: Error Cause Removal
Action. Ask individuals to describe any problem that keeps them from performing errorfree work on a simple, one-page form. This is not a suggestion system. All they have to
8/3/2019 Subjective CSQA
42/46
list is the problem; the appropriate functional group (for example, industrial engineering)will develop the answer. It is important that any problems listed be acknowledgedwithin 24 hours. Typical inputs might be: This tool is not long enough to work right with all the parts. The sales department makes too many errors on their order entry forms.
We make a lot of changes in response to telephone calls, and many of them end uphaving to be done all over again. I dont have any place to put my pocketbook. Accomplishment. People now know theirproblems can be heard and answered. Once employees learn to trust this communication,the program can go on forever.
Step 12: Recognition
Action. Establish award programs to recognize those who meet their goals or performoutstanding acts. It is wise not to attach relative values to the identification of problems.Problems identified during the error cause removal stage should all betreated the sameway because they are not suggestions. The prizes or awards should not be financial.
Recognition is what is important. Accomplishment. Genuine recognition of performanceis something people really appreciate. They will continue to support the program whetheror not they, as individuals, participate in the awards.
Step 13: Quality Councils
Action. Bring the quality professionals and team chairpersons together regularly tocommunicate with each other and determine actions necessary to upgrade and improvethe solid quality program being installed. Accomplishment. These councils are the bestsource of information on the status of programs and ideas for action. They also bring theprofessionals together on a regular basis.
Step 14: Do It Over Again
Action. The typical program takes a year to 18 months. By that time, turnover andchanging situations will have wiped out most of the education effort. Therefore, it isnecessary to set up a new team of representatives and begin again. For instance, markzero defects day as an anniversary. Or give a special lunch for all employees. Thepoint is that the program is never over. Accomplishment. Repetition makes the programperpetual and, thus, part of the woodwork. If quality isnt ingrained in the organization,
it will never happen.
Subjective Questions-Quality principles
1.Is it possible to implement too much quality control in an organization? Yes / No?Explain.
Ans: It is possible to implement too much quality control Wherein QA processes are set properly If the cost, resources and time are not prohibitive If u get the involvement of top management, implementing too muchQuality control becomes easier as Philp Crossby says Quality is free. Quality must be built-in a product not tested in.
Or
8/3/2019 Subjective CSQA
43/46
Too much QA is not required if Standards are developed properly Processes are well defined
Quality controls are installed at logical points in the process to minimizethe defects based on following:o Risk severityo Cost, effort and cycle time impacto Availability of appropriate resources/ people
2. Customer says, the programme developed is not good. But developer says, theprogram is good and the requirements given by the customer was not good. How will youtackle this situation as a QA Manager?As a QA manager , JAD (joint Application Development ) sessions will have to bearranged with which the customer can be involved from the beginning.- Every phase will be done with the acceptance of both the parties
- This is done with frequent meetings , freezing of requirements , reviews andtesting in the appropriate phases, signing-off at each stage.Points: Conduct JAD sessions Requirement Specification Sign off Change control procedure Service level agreement to be set up Customer to be involved in all phases V testing concept
3.If two organizations with same standards, one having 10 defects per 1000 KLOC and
other one having 12 defects per 1000 KLOC can be compared? Yes / No? Explain.Ans 3- No. two organizations can be compared. Every organization has its own processand standards. Two organizations can be compared on the basis of b. Complexity of the projectc. Languaged. Process capabilitye. History of defectsf. Common causes
4. a. Explain Drive out fear.Ans- 4a. Drive out Fear- One related aspect of fear is the inability to serve the best
interest of the company through necessity to satisfy specified rules, or to satisfy aproduction quota, or to cut costs by some specified amount.Example: During Inspection, An inspector incorrectly records the results of an inspectionfor fear of exceeding the quota of allowable defects.
b. Eliminate numerical goals.Ans- 4b. Eliminate Numerical Goals- Numerical goals often have a negative effect
through frustration. These devices are management's lazy way out. They indicate
8/3/2019 Subjective CSQA
44/46
desperation and incompetence of management. It never helped anyone do a better job.There is a better way.
4. How Deming has elaborated the principle on that basis. Explain in brief?Ans. Explain Deming principles.
Deming has suggested 14 principles that can better overcome this By:1. Create Consistency ofPurpose in the Company2. Learn the New Philosophy3. Require Statistical Evidence ofInformation Technology Quality4. Reduce the Number of Vendors5. Use Statistical Methods to Find Sources ofTrouble6. Institute Modern Aids to Training on the Job7. Improve Supervision8. Drive Out Fear9. Break Down Barriers Between Departments10. Eliminate Numerical Goals, Slogans, Pictures, Posters Urging People to Increase
Productivity, Sign TheirWork as an Autograph, etc.11. Look Carefully at WorkStandards12. Institute a Massive Training Program for Employees in Simple but PowerfulStatistical Methods13. Institute a Vigorous Program for Retraining People in New Skills14. Create a Structure in Top Management that Will Push Every Day on the Above 13Points5. Zero defects- do you agree. Substantiate with reasons?Ans- Explain Philip Crossby 10-14 principles.
Ans 5a. Acc to Philip Crossby, Zero Defects is a revelation to all involved that they areembarking on a new way of corporate life. Working under this discipline requirespersonal commitments and understanding. Therefore, it is necessary that all members ofthe company participate in an experience that will make them aware of this change.He proposed 14 principles to achieve defect free and quality product by:1. Management Commitment2. The Quality Improvement Team3. Quality Measurement4. The Cost ofQuality5. Quality Awareness6. Corrective Action7. Zero Defects Planning8. SupervisorTraining9. ZD Day10. Goal Setting11. Error-Cause Removal12. Recognition13. Quality Councils14. Do it Over Again
8/3/2019 Subjective CSQA
45/46
Subjective Questions On Quality Leader Ship
1. ABC is a software company, focused on Software Services. Come outwith Vision, Mission, Goal and Values. (10 Marks)- refer content forKD-2
Ans 1: KD-2 content part
2. The user of the software is not only the customer. Apart from user give three othercustomers who use the software product. Explain How their perspectives are taken careduring SDLC (5 Marks)Ans 2: The other customers: IT Manager Project manager/ test manager QA Information resource manager/ internal control officer/ system security officer
SSS/ICS Tester
3. How do you measure Management Commitment towards Quality in yourorganization? ( 5 Marks)Explain the responsibilities of any 3: Project manager, IT manager , QA
4. One of the customers called the help desk and told that there is a problem in thesoftware and the system is not working. The help desk referred the problem to you. Howwill you go about handling it? Be specific about the time frame? (10 Marks)Ans-3, 4 , 5 KD2 Content part
5. YourIT function had a QA started in 1995 which was terminated in a cost cut-back in1997. At that time, the employees of the quality assurance function personally performedmost of the quality efforts, such as conduction reviews and writing standards. You wererecently appointed Quality Assurance Manager. You know that the tasks previouslyperformed by the quality assurance group should, in fact, be incorporated into the day-to-day work programs of the IT function. What approach would you like to incorporatequality practices into the software development processes? (10 Marks)
6. As a Quality Analyst you have been asked to prepare a Sample QA report. What wouldbe minimum content of such a report and what would be your approach in arriving such areport (10 Marks)
8/3/2019 Subjective CSQA
46/46