Professional Documents
Culture Documents
CTEC5163 (2021) Software Quality Assurance
CTEC5163 (2021) Software Quality Assurance
CTEC5163 (2021) Software Quality Assurance
@CyberTechnologyMSc
1
Motivation
2
MODULE INTRODUCTIONS
That’s me
Dr Feng Chen
Senior Lecturer, Deputy Faculty Head of Research Students
Coordinator of Doctoral Training Programme in Cyber Technology
Head of Context Intelligence and Interaction Research Group (CIIRG)
De Montfort University
5.32 Gateway House, Leicester, LE1 9BH, England
Phone: +44(0)116 257 7860
Email: fengchen@dmu.ac.uk
4
Dr Francois Siewe
8
Three rules for this module
9
What am I learning here?
Software Quality Assurance and Testing
Module Schedule
11
Module Sessions
S1: Module S5: CMM S9: Project S13: Structure- Coursework Spec
Introductions Evaluation based Techniques
&Estimation
S2: Quality and S6: Software S10: Quality S14: Formal Coursework Spec
Quality Project Assurance Method &
Assurance Management Techniques software Testing
12
Online Test
• You have 60min (40 questions) to complete this
test
• You must achieve 70% of the marks
• You must pass this before you can take the
academic coursework
• You can retake this up to 3 times
• It is “closed book”
• The Quiz at the end of each section prepare you
for this
13
Coursework
• If you are enrolled on the MSc CyberTech you will
have to complete a coursework
• On Thursday your Lecturer will give detailed
coursework instructions to you
• You can join in on Friday to discuss your approach
and timeline with your Lecturer
• You have three months to complete your
coursework
• It must be submitted before the deadline set in
the coursework
14
Aim
• The module aims to provide students with insight into the
effective testing methodologies for quality assurance in
software engineering process.
http://www.devtopics.com/20-famous-software-
disasters/
D1. Mariner Bugs Out (1962)
1. Cost: $18.5 million
2. Disaster: The Mariner 1 rocket with a space
probe headed for Venus diverted from its
intended flight path shortly after launch.
Mission Control destroyed the rocket 293
seconds after liftoff.
3. Cause: A programmer incorrectly
transcribed a handwritten formula into
computer code, missing a single superscript
bar. Without the smoothing function
indicated by the bar, the software treated
normal variations of velocity as if they were
serious, causing faulty corrections that sent
the rocket off course.
D2. Hartford Coliseum Collapse (1978)
1. Cost: $70 million, plus another $20 million
damage to the local economy
2. Disaster: Just hours after thousands of
fans had left the Hartford Coliseum, the
steel-latticed roof collapsed under the
weight of wet snow.
3. Cause: The programmer of the CAD
software used to design the coliseum
incorrectly assumed the steel roof supports
would only face pure compression. But when
one of the supports unexpectedly buckled
from the snow, it set off a chain reaction
that brought down the other roof sections
like dominoes.
D3. CIA Gives the Soviets Gas (1982)
1. Cost: Millions of dollars, significant damage
to Soviet economy
2. Disaster: Control software went haywire and
produced intense pressure in the Trans-
Siberian gas pipeline, resulting in the largest
man-made non-nuclear explosion in Earth’s
history.
3. Cause: CIA operatives allegedly planted a
bug in a Canadian computer system purchased
by the Soviets to control their gas pipelines.
The purchase was part of a strategic Soviet
plan to steal or covertly obtain sensitive U.S.
technology. When the CIA discovered the
purchase, they sabotaged the software so
that it would pass Soviet inspection but fail
in operation.
D4. World War III… Almost (1983)
1. Cost: Nearly all of humanity
2. Disaster: The Soviet early warning
system falsely indicated the United
States had launched five ballistic
missiles. Fortunately the Soviet duty
officer had a “funny feeling in my gut”
and reasoned if the U.S. was really
attacking they would launch more than
five missiles, so he reported the
apparent attack as a false alarm.
3. Cause: A bug in the Soviet software
failed to filter out false missile
detections caused by sunlight reflecting
off cloud-tops.
D5. Medical Machine Kills (1985)
1. Cost: Three people dead, three
people critically injured
2. Disaster: Canada’s Therac-25
radiation therapy machine
malfunctioned and delivered lethal
radiation doses to patients.
3. Cause: Because of a subtle bug
called a race condition, a technician
could accidentally configure Therac-
25 so the electron beam would fire
in high-power mode without the
proper patient shielding.
D6. Wall Street Crash (1987)
1. Cost: $500 billion in one day
2. Disaster: On “Black Monday” (October 19,
1987), the Dow Jones Industrial Average
plummeted 508 points, losing 22.6% of its
total value. The S&P 500 dropped 20.4%.
This was the greatest loss Wall Street ever
suffered in a single day.
3. Cause: A long bull market was halted by a
rash of SEC investigations of insider trading
and by other market forces. As investors
fled stocks in a mass exodus, computer
trading programs generated a flood of sell
orders, overwhelming the market, crashing
systems and leaving investors effectively
blind.
D7. AT&T Lines Go Dead (1990)
1. Cost: 75 million phone calls missed, 200
thousand airline reservations lost
2. Disaster: A single switch at one of AT&T’s
114 switching centers suffered a minor
mechanical problem and shut down the
center. When the center came back up, it
sent a message to other switching centers,
which in turn caused them to shut down and
brought down the entire AT&T network for 9
hours.
3. Cause: A single line of buggy code in a
complex software upgrade implemented to
speed up calling caused a ripple effect that
shut down the network.
D8. Patriot Fails Soldiers (1991)
1. Cost: 28 soldiers dead, 100 injured
2. Disaster: During the first Gulf War,
an American Patriot Missile system
in Saudi Arabia failed to intercept
an incoming Iraqi Scud missile. The
missile destroyed an American Army
barracks.
3. Cause: A software rounding error
incorrectly calculated the time,
causing the Patriot system to ignore
the incoming Scud missile.
D9. Pentium Fails Long Division (1993)
1. Cost: $475 million, corporate credibility
2. Disaster: Intel’s highly-promoted Pentium chip
occasionally made mistakes when dividing floating-
point numbers within a specific range. For
example, dividing 4195835.0/3145727.0 yielded
1.33374 instead of 1.33382, an error of 0.006%.
Although the bug affected few users, it become a
public relations nightmare. With an estimated 5
million defective chips in circulation, Intel
offered to replace Pentium chips only for
consumers who could prove they needed high
accuracy. Eventually Intel replaced the chips for
anyone who complained.
3. Cause: The divider in the Pentium floating point
unit had a flawed division table, missing about five
of a thousand entries and resulting in these
rounding errors.
D10. Ariane Rocket Goes Boom (1996)
1. Cost: $500 million
2. Disaster: Ariane 5, Europe’s newest
unmanned rocket, was intentionally destroyed
seconds after launch on its maiden flight.
Also destroyed was its cargo of four
scientific satellites to study how the Earth’s
magnetic field interacts with solar winds.
3. Cause: Shutdown occurred when the
guidance computer tried to convert the
sideways rocket velocity from 64-bits to a
16-bit format. The number was too big, and
an overflow error resulted. When the
guidance system shut down, control passed to
an identical redundant unit, which also failed
because it was running the same algorithm.
D11. Skynet Brings Judgement Day (1997)
1. Cost: 6 billion dead, near-total destruction of human
civilisation and animal ecosystems (fictional)
2. Disaster: Human operators attempt to shut off the
Skynet global computer network. Skynet responds by
firing U.S. nuclear missiles at Russia, initiating global
nuclear war on what became known as Judgement Day
(August 29, 1997).
3. Cause: Cyberdyne, the leading weapons manufacturer,
installed Skynet technology in all military hardware
including stealth bombers and missile defense systems.
The Skynet technology formed a seamless network and
effectively removed humans from strategic defense.
Eventually Skynet became sentient, was threatened
when the humans tried to take it offline, sought to
survive, and retaliated with nuclear war.
D12. Mars Climate Crasher (1998)
1. Cost: $125 million
2. Disaster: After a 286-day journey
from Earth, the Mars Climate Orbiter
fired its engines to push into orbit
around Mars. The engines fired, but
the spacecraft fell too far into the
planet’s atmosphere, likely causing it to
crash on Mars.
3. Cause: The software that controlled
the Orbiter thrusters used imperial
units (pounds of force), rather than
metric units (Newtons) as specified by
NASA.
D13. Disastrous Study (1999)
1. Cost: Scientific credibility
2. Disaster: In this ironic case,
software used to analyse disasters
had a disaster of its own. The New
England Journal of Medicine
reported increased suicide rates
after severe natural disasters.
Unfortunately, these results proved
to be incorrect.
3. Cause: A programming error caused
the number of suicides for one year
to be doubled, which was enough to
throw off the entire study.
D14. British Passports to Nowhere (1999)
1. Cost: £12.6 million, mass inconvenience
2. Disaster: The U.K. Passport Agency
implemented a new Siemens computer
system, which failed to issue passports on
time for a half million British citizens. The
Agency had to pay millions in compensation,
staff overtime and umbrellas for people
queuing in the rain for passports.
3. Cause: The Passport Agency rolled out its
new computer system without adequately
testing it or training its staff. At the same
time, a law change required all children under
16 traveling abroad to obtain a passport,
resulting in a huge spike in passport demand
that overwhelmed the buggy new computer
system. (more)
D15. Y2K (1999)
1. Cost: $500 billion
2. Disaster: One man’s disaster is another
man’s fortune, as demonstrated by the
infamous Y2K bug. Businesses spent billions
on programmers to fix a glitch in legacy
software. While no significant computer
failures occurred, preparation for the Y2K
bug had a significant cost and time impact on
all industries that use computer technology.
3. Cause: To save computer storage space,
legacy software often stored the year for
dates as two digit numbers, such as “99″ for
1999. The software also interpreted “00″ to
mean 1900 rather than 2000, so when the
year 2000 came along, bugs would result.
D16. Dot-Bomb Collapse (2000)
1. Cost: $5 trillion in market value, thousands
of companies failed
2. Disaster: A speculative bubble from 1995–
2001 fueled a rapid increase in venture
capital investments and stock market values
in the Internet and technology sectors. The
“dot-com bubble” began to collapse in early
2000, erasing trillions in stock market value,
wiping out thousands of companies and jobs,
and launching a global recession.
3. Cause: Companies and investors dismissed
standard business models, and instead
focused on increasing market share at the
expense of profits.
D17. Love Virus (2000)
1. Cost: $8.75 billion, millions of computers
infected, significant data loss
2. Disaster: The LoveLetter worm infected
millions of computers and caused more
damage than any other computer virus in
history. The worm deleted files, changed
home pages and messed with the Registry.
3. Cause: LoveLetter infected users via e-mail,
Internet chat and shared file systems. The
email had an executable file attachment and
subject line, “ILOVEYOU.” When the user
opened the attachment, the virus would
infect the user’s computer and send itself to
everyone in the address book.
D18. Cancer Treatment to Die For (2000)
1. Cost: Eight people dead, 20 critically
injured
2. Disaster: Radiation therapy software
by Multidata Systems International
miscalculated the proper dosage,
exposing patients to harmful and in
some cases fatal levels of radiation.
The physicians, who were legally
required to double-check the software’s
calculations, were indicted for murder.
3. Cause: The software calculated
radiation dosage based on the order in
which data was entered, sometimes
delivering a double dose of radiation.
D19. EDS Drops Child Support (2004)
1. Cost: £539 million and counting
2. Disaster: Business services giant EDS
developed a computer system for U.K.’s
Child Support Agency (CSA) that
accidentally overpaid 1.9 million people,
underpaid another 700,000, had £3.5
billion in uncollected child support
payments, a backlog of 239,000 cases,
36,000 new cases “stuck” in the system,
and still over 500 documented bugs.
3. Cause: EDS introduced a large, complex
IT system to the CSA while trying to
simultaneously restructure the agency.
D20. FBI’s Trilogy Terminated (2005)
1. Cost: $105 million, still no effective
case file solution
2. Disaster: The FBI scrapped its
computer systems overhaul after four
years of effort. The Virtual Case File
project was a massive, integrated
software system for agents to share
case files and other information.
3. Cause: Mismanagement, and an attempt
to build a long-term project on
technology that was outdated before
the project completed, resulted in a
complex and unusable system.
Latest: Boeing 737 Max 8
1. In October 2018, Lion Air Flight
610 crashed in Indonesia, killing
189 people.
2. In March 2019, Ethiopian Airlines
Flight 302 crashed in Bishoftu,
Ethiopia, killing 157 people.
3. Software problem; the automated
stall-prevention system was
malfunctioning.
SESSION 2: SOFTWARE QUALITY
AND QUALITY ASSURANCE
Overview
1. Quality Assurance
2. Software Quality
3. Quality factors and criteria
4. Quality Models
5. Software Quality Assurance
What is Quality?
• “degree of excellence”
• “fitness for purpose” (Juran)
• “zero defects” (Crosby)
• “all about reducing variation”(Deming)
ISO Definition – “ the totality of features and
characteristics of a product or service that bear
on its ability to satisfy specified or implied
needs”
Quality (Cont’d)
• Quality is not absolute
• Quality is multi-dimensional
• Quality is subject to constraints
• Quality is about acceptable compromises
• Quality criteria are not independent
What is Assurance?
• “promise, pledge, assertion made to
inspire confidence”
What is Quality Assurance?
• Quality assurance (QA) is a way of preventing
mistakes or defects in manufactured products
and avoiding problems when delivering
solutions or services to customers; which ISO
9000 defines as "part of quality
management focused on providing confidence
that quality requirements will be fulfilled".
– Objective: Assure conformance with requirements.
– Focus on fault prevention.
– Umbrella Activity.
– Applied over the whole process.
The Quality Revolution History (1)
• Started in Japan by Deming, Juran, and Ishikawa during
1940s
• In 1950s, Deming introduced statistical quality control to
Japanese engineers
• Statistical quality control (SQC) is a discipline based on
measurement and statistics
– SQC methods use seven basic quality management tool
• Pareto analysis, Trend Chart, Flow chart, Histogram,
Scatter diagram, Control chart, Cause and effect
diagram
• “Lean principle” was developed by Taiichi Ohno of Toyota
“A systematic approach to identifying and eliminating waste
through continuous improvement, flowing the product at
the pull of the customer in pursuit of perfection.”
The Quality Revolution History(2)
49
The Quality Revolution History (3)
• In 1954, Juran spurred the move from SQC to TQC (Total Quality Control)
• Key Elements of TQC:
– Quality comes first, not short-term profits
– The customer comes first, not the producer
– Decisions are based on facts and data
– Management is participatory and respectful of all employees
– Management is driven by cross-functional committees
• An innovative methodology developed by Ishikawa called cause-and-effect
diagram
53
Transcendental view
• Quality is something that can be recognized
through experience, but not defined in some
tractable form.
• A good quality object stands out, and it is
easily recognized.
54
User view
• Quality concerns the extent to which a product
meets user needs and expectations.
• Is a product fit for use?
• This view is highly personalized.
– A product is of good quality if it satisfies a
large number of users.
– It is useful to identify the product attributes
which the users consider to be important.
• This view may encompass many subject
elements, such as usability, reliability, and
efficiency.
55
Manufacturing view
• This view has its genesis in the manufacturing industry – auto and
electronics.
• Key idea: Does a product satisfy the requirements?
– Any deviation from the requirements is seen as reducing the
quality of the product.
• The concept of process plays a key role.
• Products are manufactured “right the first time” so that the cost is
reduced
– Development cost
– Maintenance cost
• Conformance to requirements leads to uniformity in products.
• Some argue that such uniformity does not guarantee quality.
• Product quality can be incrementally improved by improving the
process.
– The CMM and ISO 9001 models are based on the manufacturing
view.
56
Product view
• Hypothesis: If a product is manufactured with
good internal properties, then it will have good
external properties.
• One can explore the causal relationship
between internal properties and external
qualities.
• Example: Modularity enables testability.
57
Value-based view
• This represents the merger of two concepts:
excellence and worth.
• Quality is a measure of excellence, and value is
a measure of worth.
• Central idea
– How much a customer is willing to pay for
a certain level of quality.
– Quality is meaningless if a product does not
make economic sense.
– The value-based view makes a trade-off
between cost and quality.
58
Quality Models
• Such general definitions of software quality
are not sufficient in practice
• Thus, software quality is described by specific
quality models
• Causal relationship from intangible quality
views to tangible software measures
• Standard Models:
– McCall
– ISO/IEC 9126
59
Reasons for quantitative view
• Reasons for developing a quantitative view of
quality
– Measurement allows us to establish
baselines for qualities.
– Measurement is key to process
improvement.
– The needs for improvements can be
investigated after performing measurements.
60
Measurement of user’s view
• User’s View:
– Reliability (number of failures over time)
– Availability
– Usability etc.
– Often directly measurable
• Apply Gilb’s technique.
– The quality concept is broken down into component parts
until each can be stated in terms of directly measurable
qualities.
– Example: Usability can be broken down into
• Learnability
• Understandability
• Operability
61
Measurement of manufacturer’s view
• Manufacturers are interested in defect count and rework cost.
• Defect count: The total number of defects detected during development and
operation.
– It is a measure of the quality of the work produced.
– One can analyze the defects as follows.
• For each defect, identify the development phase in which it was
introduced.
• Categorize the defects, say, based on modules.
• Normalize defect count by product size.
– Defect density: Number of defects per 1000 lines of code.
• Separate the defects found during operation from those found
during development.
• Rework cost: How much does it cost to fix the known defects?
– Development rework cost: This is the rework cost incurred before a
product is released. This is a measure of development efficiency.
– Operation rework cost: This is the rework cost incurred when a product
is in operation. This is a measure of the delivered quality.
62
Overview
1. Quality Assurance
2. Software Quality
3. Quality factors and criteria
4. Quality Models
5. Software Quality Assurance
Quality Factors
• Quality Factors(User)
– McCall, Richards, and Walters studied the concept of software
quality in terms of two key concepts as follows:
• quality factors, and
• quality criteria.
– A quality factor represents the behavioral characteristic of a
system.
• Examples: correctness, reliability, efficiency, testability,
portability, …
– A quality criterion (developer) is an attribute of a quality factor
that is related to software development.
• Example:
– Modularity is an attribute of the architecture of a
software system.
– A highly modular software allows designers to put
cohesive components in one module, thereby increasing
the maintainability of the system.
64
McCall’s Quality Factors
McCall et al. identified 11 quality factors
65
Categorization of McCall’s quality factors
• The 11 quality factors have been grouped into
three broad categories
– Product operation
– Product revision
– Product transition
66
Quality Criteria
• Quality Criteria (developer)
– A quality criterion is an attribute of a quality
factor that is related to software development.
– Example:
• Modularity is an attribute of the architecture
of a software system.
• A highly modular software allows designers
to put cohesive components in one module,
thereby increasing the maintainability of the
system.
67
McCall’s 23 Quality Criteria
68
Quality Factors and Criteria
• Relationship Between Quality Factors and Quality
Criteria
– Each quality factor is positively influenced by a set
of quality criteria, and the same quality criterion
impacts a number of quality factors.
• Example: Simplicity impacts reliability, usability,
and testability.
– If an effort is made to improve one quality factor,
another quality factor may be degraded.
• Portable code may be less efficient.
– Some quality factors positively impact others.
• An effort to improve the correctness of a system
will increase its reliability.
69
McCall’s Quality Factors and Criteria
70
The ISO 9126 Quality Characteristics
• The ISO 9126 document is the product of an international effort.
– ISO: International Organization for Standardization
• The document defines six broad quality characteristics.
• The document includes an example quality model that further
decomposes the quality characteristics into 20 subcharacteristics.
71
20 Quality Subcharacteristics
72
The ISO 9126 Quality Characteristics
73
Overview
1. Quality Assurance
2. Software Quality
3. Quality factors and criteria
4. Quality Models
5. Software Quality Assurance
Gilb approach
• Break high level concepts which cannot be measured
directly into lower level concepts which can.
• For example, usability:
– complexity of the interface (e.g. number of key-
strokes/dialogue-boxes required to perform simple
operations),
– amount of training required,
– response time,
– help and navigation aids available.
• This is a do-it-yourself approach to modelling quality
—analysis is tailored to the specific product.
75
McCall’s model (1977)
76
Boehm’s Model (1978)
77
COQUAMO (Kitchenham and Walker)
• The COnstructive QUAlity MOdel extended Gilb’s
approach and automated tool-support.
• It provides a set of Templates that specify for example:
– classification
– required level
– associated qualities
– definition
– measurement units
– measurement tool
– measurement conditions
– worst/planned/best/current
– justification and the consequences of failure.
78
ISO 9126 model
79
GQM model
80
Example
81
GQM Discussion
• Benefits :
– generates only those measures relevant to the goal
– Several measurements may be needed to answer a single
question.
– A single measurement may apply to more than one question.
– The goal provides the purpose for collecting the data.
• Not evident from the GQM
– The model needed to combine the measurement in a sensible
way so that the question can be answered.
– It must be supplemented by one or more models that express
the relationship among the metrics. (equation definition is not
clear)
• Disadvantages:
– Additional efforts to derive the goals and metrics
– Error prone compared to standard models
82
McCall’s model vs. ISO 9126 model
• McCall’s quality model vs. ISO 9126 model
– What is called quality factor in McCall’s model is called a quality subcharacteristic in the
ISO 9126 model.
– The following quality factors/characteristics are found in both the models.
• reliability, usability, efficiency, maintainability, and portability
– Differences between the two models
• The ISO 9126 model emphasizes on characteristics visible to the users, whereas the
McCall model considers internal qualities as well.
• In McCall’s model, one quality criterion can impact many quality factors, whereas in
the ISO 9126 model, one subcharacteristic impacts exactly one quality characteristic.
• A high-level quality factor, such as testability, in the McCall’s model is a low-level
subcharacteristic of maintainability in the ISO 9126 model.
• Concerns
– There is no consensus about what high-level quality factors are most important at the top
level. McCall, et al. define 11 high-level quality factors, whereas there are only six in the ISO
9126 document.
– There is no consensus regarding what is a top-level quality factor/ characteristic and what is a
more concrete quality criterion/ subcharacteristic.
83
4 parts of ISO9126
• quality model
• external metrics
• internal metrics
• quality in use metrics.
Metric
Seven Criteria for a Good Metric (Watts 1987)
• Objectivity – results free from subjectivity
• Reliability – results precise and repeatable
• Validity – measures the correct characteristics
• Standardisation – unambiguous and allows for
comparison
• Comparability – comparable with other
measures of the same criterion
• Economy – simpler and cheaper the better
• Usefulness – must address a need
Measurable Properties
Many metrics based on the same fundamental
measurable property. In practice, metrics are
often based on 7 distinct measurable properties
• Readability
• Error Prediction
• Error Detection
• Complexity
• Mean Time to Failure (MTTF)
• Modularity
• Testability
Examples of Metrics
• Readability as a Measure of Usability
– Fog Index (Gunning) for documentation
– Fog Index = 0.4a + b, Where “a” is number of words in a sentence and “b” is % of
words with more than 2 syllables
• Readability of Code as a Measure of Maintainability
– De Young and Kampen proposed measuring readability in terms of: Number of
statement lines; Average length of variable names; Total number of program
branches
• Error detection as a Measure of Correctness
– Remus and Zilles uses the number of detected errors and a measure of error
detection efficiency to predict the number of errors remaining undetected
– Assumes number of defects proportional to length of the program and that the
rate of error removal can be predicted
Overview
1. Quality Assurance
2. Software Quality
3. Quality factors and criteria
4. Quality Models
5. Software Quality Assurance
What is Software Quality Assurance (SQA)?
91
Software Quality Assurance
• Conformance to software requirements is the
foundation from which software quality is measured.
• Specified standards are used to define the
development criteria that are used to guide the
manner in which software is engineered.
• Software must conform to implicit requirements
(ease of use, maintainability, reliability, etc.) as well
as its explicit requirements.
92
Quality of Software developed in-house & COTS
components
• SQA processes apply when integrating
purchased or customer-supplied software
products into the developed product
• Question. How do you determine the “quality”
of COTS components?
– Current research problem
Process Assessment
• Use of standards and process models has a positive
impact on the quality of the software product
– Disciplined, controlled development process
• Examples include:
– ISO 9001
– CMM
• CMU SEI, 5 levels
– SPICE
• Developing a standard for software process assessment
• ISO joint committee, Europe, Australia
– IEEE 1074, IEEE 12207, …
Product Assessment
97
Session 2 Quiz
1. Ture or False?
Quality is absolute.
Quality is one-dimensional
Quality is subject to constraints
Quality is about acceptable compromises
Quality criteria are independent
2. TQC is an acronym for?
3. What are five views of software quality?
4. A quality factor represents _____________ characteristic of a system.
5. A quality criterion is an _____________ of a quality factor that is related to software development.
6. What are reasons for developing a quantitative view of quality?
7. Manufacturers are interested in _____________ and _____________ .
8. McCall, et al. define _____________ high-level quality factors, whereas there are only _____________ in the ISO 9126 document.
9 . McCall, et al. define _____________ quality criteria, whereas there are _____________ quality subcharacteristics in the ISO 9126
document.
Session 2 Quiz Answers
1. Ture or False?
Quality is absolute. F
Quality is one-dimensional F
Quality is subject to constraints
Quality is about acceptable compromises
Quality criteria are independent F
2. TQC is an acronym for? Total Quality Control
3. What are five views of software quality? Transcendental, User, Manufacturing, Product, Value-based
4. A quality factor represents _behavioral____ characteristic of a system.
5. A quality criterion is an ___attribute__________ of a quality factor that is related to software development.
6. What are reasons for developing a quantitative view of quality? baselines for qualities, process improvement, improvements
investigation
7. Manufacturers are interested in ___defect count_____ and _rework cost_____ .
8. McCall, et al. define ___11__________ high-level quality factors, whereas there are only _____6________ in the ISO 9126 document.
9 . McCall, et al. define _____23________ quality criteria, whereas there are ____20_________ quality subcharacteristics in the ISO
9126 document.
SESSION 3: ISO 9000
Overview
1. ISO 9000 Family of Standards
2. Twenty Quality Elements in ISO 9000
3. Characteristics of an ISO 9000 Quality System
4. ISO 9000-3
5. ISO 9000:2000
6. Tick It
Standards
• ISO 9000 family of standards
– Ensures you have a documented quality
system, but does not check the quality of
your products
– "Tick It" is specifically designed for IT
companies wishing to register under the
ISO 9000 series
ISO 9000 Family of Standards
• A series of international quality standards
developed by the International Organization for
Standardization
• Originally developed for two-party contractual
situations, mainly for the manufacturing
environment
• Applies to the quality management system and
the process used to produce a product
• Ensures that the process can consistently
produce products that meet the expectation of
the customers
ISO 9000 Family of Standards
(cont’d)
• Provides a framework for improving business
processes
• Does NOT provide for leading-edge quality, but
does provide a strong quality foundation upon
which a company can build
• Provide a generic model of the quality process;
must be instantiated for each organization
• Describe what, at the minimum, must be done;
does NOT specify how things are to be done
ISO 9000 and Quality Management
ISO9000
quality models
is instantiated as
Organization
Organization quality process
Quality manuals
For assessment
Is used to develop
Project 1 Project 2 Project 3 Project quality
Quality plan
Quality plan Quality plan management
supports
Guidelines for selection and use of
the ISO 9000 standards
A standard
for manu-
ISO9000-1 facturing
Guidelines to
standards ISO9004 ISO9004-2 ISO9000-3
ISO 9000 Family of Standards
(cont’d)
• ISO 9000-1 is a general guideline which
gives background information about the
family of standards
• ISO 9001, ISO 9002, and ISO 9003 are
standards in the family, containing
requirements on a supplier
ISO 9000 Family of Standards
(cont’d)
• ISO 9002 and ISO 9003 are subsets of
ISO 9001
– ISO 9002 applies when there is no design
– ISO 9003 applies when there is neither
design nor production
ISO 9000 Family of Standards
(cont’d)
• ISO 9004 is a comprehensive guideline to the
use of the ISO 9000 standards
• For software development, ISO 9001 is the
standard to use
• ISO 9000-3 is a guideline on how to use ISO
9001 for software development
• ISO 9004-2 is a guideline for the application
of ISO 9001 to the supply of services
(including computer centers and other
suppliers of data services)
Relationship of ISO 9000 standards
ISO9001
Design and Servicing
ISO9002
Production and
Installation
ISO9003
Final Inspection
and Testing
Overview of ISO 9001
• The first version of ISO 9001 was published
in 1987
• Versions of ISO standards are defined by the
year of publications (e.g. ISO 9001:1994)
• Since software production is largely a
question of design, ISO 9001 is the standard
to use
• Its title is “Quality systems – Model for quality
assurance in design, development,
production, installation, and servicing”
Overview of ISO 9001 (cont’d)
• ISO 9001 focuses on management
instead of products
• Two basic requirements of ISO 9001
– All operations influencing quality shall be
under control
– This control shall be visible (i.e. it requires
that plans, procedures, and organization
be documented, and important activities be
recorded)
Overview of ISO 9001 (cont’d)
• ISO 9001 expects a fairly strict organization,
where managers have the responsibility and
authority to control the work of their
subordinates (hence, self-organizing groups
are difficult to fit into ISO 9001)
• Because ISO 9001 is written for the
manufacturing industry, some interpretation is
required to apply it to software development
Software Development vs
Manufacturing
Manufacturing Customer Product
Production
Inspection
Install
Maintenance
Process requirements development & test & service
ISO 9002
ISO 9001
Design Implementation
• 1. Management responsibility
– You must clearly define the general responsibilities
of a company’s management, in terms of: (i)
quality policy, (ii) organization, and (iii)
management review
• 2. Quality system
– You must establish, document, implement, and
maintain a quality system that conforms with ISO
9000
Twenty Quality Elements in ISO 9000
(cont’d)
• 3. Contract review
– You must have procedures for ensuring that what
is expected from you is adequately defined and
documented and that you have the capability to
satisfy the requirements
• 4. Design control
– You must have procedures for controlling and
verifying the design output to ensure that specified
requirements will be met
Twenty Quality Elements in ISO 9000
(cont’d)
• 5. Document control
– You must have defined procedures to control all
documents, including review, approval, and
change, and to ensure that the right level of
information is available to the right people at the
right time
– You must also maintain a master list of current
documents
Twenty Quality Elements in ISO 9000
(cont’d)
• 6. Purchasing
– You must ensure that parts, obtained from
elsewhere, used in the product or in the
production of the product, meet their specified
requirements
• 7. Customer-supplied products
– You must have procedures for verification, safe
storage, and maintenance of products, or parts,
provided by the customer to be included in the
product
Twenty Quality Elements in ISO 9000
(cont’d)
• 8. Product identification and traceability
– Where appropriate, you must have procedures for
identifying and tracing the product during all
stages of production, delivery, and installation
• 9. Process control
– You must carry out production under controlled
conditions, including monitoring progress,
approval of processes and equipment, etc.
Twenty Quality Elements in ISO 9000
(cont’d)
• 10. Inspection and testing
– You must have procedures for all levels of
inspection and testing that you have identified as
being required
– You are also required to maintain records of test
activity
• 11. Inspection, measuring, and test
equipment
– You must control, calibrate, and maintain
inspection, measuring, and test equipment
Twenty Quality Elements in ISO 9000
(cont’d)
• 12. Inspection and test status
– You must be able to identify the test status of the
product throughout the process
• 13. Control of nonconforming products
– You must have procedures for controlling a
product that does not conform to its specified
requirements
Twenty Quality Elements in ISO 9000
(cont’d)
• 14. Corrective action
– You must have procedures for investigating the
causes for nonconforming products and ensuring
corrective actions to prevent recurrences
• 15. Handling, storage, packaging, and
delivery
– You must have a good system for storing and
controlling the various parts that will compose your
product during product development and through
product delivery
Twenty Quality Elements in ISO 9000
(cont’d)
• 16. Quality records
– You must identify and keep records to
demonstrate achievement of product quality and
effective operation of your quality system
• 17. Internal quality audits
– You must plan and carry out internal quality audits,
by qualified individuals, to verify you are doing
what you say you are doing and to determine the
effectiveness of your quality system
Twenty Quality Elements in ISO 9000
(cont’d)
• 18. Training
– You must identify the training needs of your
people, provide the required training, and keep
records of the training
• 19. Servicing
– You must have procedures for servicing your
product when this requirement is specified in the
contract
• 20. Statistical techniques
– You must show that any statistical techniques that
you use are correct
Overview
1. ISO 9000 Family of Standards
2. Twenty Quality Elements in ISO 9000
3. Characteristics of an ISO 9000 Quality System
4. ISO 9000-3
5. ISO 9000:2000
6. Tick It
Characteristics of an ISO 9000
Quality System
• Quality objectives
– The company should have a quality policy that
states its quality goals and objectives and the
strategy it will use to achieve them
• Commitment, involvement, and attitude
– All employees and managers must be committed
to the quality objectives and involved in achieving
the objectives
Characteristics of an ISO 9000
Quality System (cont’d)
• Controlled
– Every aspect of what is done during the
development process must controlled
• Effective
– It is the means by which you measure whether
your quality system is really working for you
• Auditable
– ISO 9000 requires that systematic internal audits
of your quality system be conducted
Characteristics of an ISO 9000
Quality System (cont’d)
• Documented quality system
– Your quality system, including your processes and
procedures, should be documented to the extent
that, if you had to replace all of your employees,
you could do it and still continue your business
• Continual improvement
– ISO 9000 requires that your quality system be
continually monitored and reviewed for
weaknesses and that improvements be identified
and implemented
Satisfying ISO 9000
• Quality policy
– You must have a quality policy in written form
• Quality manager
– You must assign a management representative,
reporting at a high level, to be responsible for your
quality system and for assuring ISO 9000
conformance
• Quality manual
– ISO 9000 requires that your quality system be
documented
Satisfying ISO 9000 (cont’d)
• Documented processes and procedures
– You should document all procedures that would be
needed to continue your operation if all of your
people were replaced
• Project plan
– For software development, this means planning
the steps and activities that will be performed in
transforming the product requirements into a final
product
Satisfying ISO 9000 (cont’d)
• Build plan
– It should specify what parts have to come together
to create the total product, in what order, when,
and it should specify their interdependencies
• Test plan
– Every project should have a test plan that is
established at the beginning of the project and
updated as the project progresses
Satisfying ISO 9000 (cont’d)
• Service plan
– Every product should have a service plan stating
the planned maintenance activities that will be
performed after the product is delivered and who
will perform the activities
• Quality records
– Quality records are kept so that you can show that
you have done what you said you were going to
do
Satisfying ISO 9000 (cont’d)
• Training records
– ISO 9000 requires that you are able to show that
you assign qualified people to various tasks and
that you identify and provide required training to
your employees
• Internal quality system audits
– Periodic planned internal audits of your quality
system should be conducted by qualified
personnel for the purpose of determining the
effectiveness of your quality system and ensuring
that planned activities and procedures are being
followed
Satisfying ISO 9000 (cont’d)
• Library control system
– ISO 9000 requires proper and safe storage of the
parts being developed
– The library control system should also be used to
store and control project and quality system
documentation, including documented processes
and procedures
Essentials Vs Standards Elements
ISO 9000 Standards Elements
Essentials to conformance 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Quality objectives X X
Commitment, involvement, and
attitude X X
Controlled X X X X X X X X X
Effective X X X
Auditable X X X X X X X X X X
Documented quality system X X
Continual improvement X X
Quality policy X
Quality manager X X
Quality manual X X
Essentials Vs Standards Elements
(cont’d)
ISO 9000 Standards Elements
Essentials to conformance 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Project plan X X
Build plan X X X X X
Test plan X X X X X X
Service plan X X X X
Quality records X X X X X X X X X X X X X X X X
Training records X X X X X
Internal quality system audits X X X
Library control system X X X X X
Overview
1. ISO 9000 Family of Standards
2. Twenty Quality Elements in ISO 9000
3. Characteristics of an ISO 9000 Quality System
4. ISO 9000-3
5. ISO 9000:2000
6. Tick It
ISO9000 Conforming Quality System for
Software Development
Quality System
Quality
Must be: Support items manual Project items
•Quality policy & •Requirements Must be controlled
•Documented objectives •Project plan Should demonstrated:
•Effective •Processes •Design output
•Control
•Controlled •Procedures •Test plan
•Internal quality system •Service plan •Effectiveness
•Continually Procedure
improved audits •Quality records •Auditability
•Library control system handbook •Build plan
Formality, paperwork
Overview
1. ISO 9000 Family of Standards
2. Twenty Quality Elements in ISO 9000
3. Characteristics of an ISO 9000 Quality System
4. ISO 9000-3
5. ISO 9000:2000
6. Tick It
ISO 9000:2000 Software Quality Standard
• The international organization ISO has developed a series
of standards for quality assurance and quality management,
collectively known as the ISO 9000.
• The ISO 9000 standards are reviewed and updated once
every 5-8 years. The standards released in the year 2000 are
known as ISO 9000:2000.
• There are three components of the ISO 9000:2000 standard.
– ISO 9000: Fundamentals and vocabulary
– ISO 9001: Requirements
– ISO 9004: Guidelines for performance improvements
153
ISO 9000:2000 Fundamentals:
• This is based on eight principles.
– Principle 1: Customer focus
– Principle 2: Leadership
– Principle 3: Involvement of people
– Principle 4: Process approach
– Principle 5: System approach to management
– Principle 6: Continual improvement
– Principle 7: Factual approach to decision making
– Principle 8: Mutually beneficial supplier relationships
154
ISO 9001:2000 Requirements
• The five major parts of this document are as
follows.
– Part 4. Systemic requirements
– Part 5. Management requirements
– Part 6. Resource requirements
– Part 7. Realization requirements
– Part 8. Remedial requirements
155
ISO 9001:2000 Requirements
• Part 4. Systemic requirements (partial)
– Document the organizational policies and goals. Publish a vision
document.
– Document all quality processes and their interrelationship.
– Implement a mechanism to approve documents before those are
distributed.
• Part 5: Management requirements (partial)
– Generate an awareness for quality to meet a variety of
requirements, such as customer, regulatory, and statutory.
– Focus on customers by identifying and meeting their
requirements in order to satisfy them.
– Develop a quality policy to meet the customer’s needs.
– Clearly define individual responsibilities and authorities
concerning the implementation of quality policies.
156
ISO 9001:2000 Requirements
• Part 6. Resource requirements (partial)
– Identify and provide resources required to support the
organizational quality policy in order to realize the quality
objectives.
– Allocate quality personnel resource to projects.
– Put in place a mechanism to enhance the quality level of
personnel.
• Part 7: Realization requirements (partial)
– Develop a plan to realize a product from its requirements.
– Interact with customers to gather their requirements. Classify
those requirements.
– Review the requirements.
– Follow a defined purchasing process by evaluating potential
suppliers based on a number of factors, such as ability to meet
requirements and price.
157
ISO 9001:2000 Requirements
• Part 8. Remedial requirements (partial)
– Measure and track the customer’s
satisfaction level.
– Perform internal audit.
• Example: Find out whether or not
personnel with adequate education,
experience, and skill have been assigned
to a project.
– Monitor processes by using a set of key
performance indicators.
158
Overview
1. ISO 9000 Family of Standards
2. Twenty Quality Elements in ISO 9000
3. Characteristics of an ISO 9000 Quality System
4. ISO 9000-3
5. ISO 9000:2000
6. Tick It
TickIT Initiative
• A system for certifying software
development organizations to ISO 9001
• Led by the TickIT project office of the
UK Department of Trade and Industry,
and supported by the British Computer
Society
TickIT Initiative (cont’d)
• Objectives of TickIT:
– To ensure that the ISO 9000 series of
standards is applied appropriately to
software
– To ensure consistency of certification within
the IT industry
– To enable mutual recognition of registration
across the IT industry
TickIT Initiative (cont’d)
• TickIT scheme requires auditors to use the
TickIT Guide (which is based on ISO 9000-3)
• The TickIT Guide tends to suggest more of
how to implement an ISO 9000 conforming
quality system than do the standards
• Under the TickIT scheme, auditors are
required to pass a rigid set of criteria to
become TickIT accredited
TickIT Initiative (cont’d)
• TickIT auditors use ISO 9000-3 as a
guide to check the quality system
implemented in an organization
• If any discrepancy between the quality
system and ISO 9000-3 is found, then
these auditors will require explanations
as to how the standards are being
satisfied
Summary
• ISO 9000 provides an internationally mandated attempt to
define and provide for (software) product quality in the
customer-supplier relationship
• Three important things about ISO 9000:
– It is a tool for buyers as well as builders
– It is about what, not how
– It provides necessary, but not sufficient, direction
• ISO 9000:2000
– ISO 9000: Fundamentals
– ISO 9001: Requirements
– ISO 9004: Performance improvements
• TICKIT
Session 3 Quiz
1. Ture or False?
ISO 9000 family of standards does not check the quality of your products.
"Tick It" is specifically designed for IT companies wishing to register under the ISO 9000
series
ISO 9000 family of standards describes what, at the minimum, must be done; does NOT
specify how things are to be done
ISO 9000-1 is a general guideline
ISO 9001, ISO 9002, and ISO 9003 are standards in the family, containing requirements
on a supplier
ISO 9000-3 is a guideline on how to use ISO 9001 for software development
Self-organizing groups are difficult to fit into ISO 9001
ISO 9000:2000 is based on eight principles.
design
code
testing
implement
Waterfall Model
Requirements
Analysis
System
Design
Coding
Testing
Maintenance
Waterfall Model (cont’d)
• The Waterfall Model:
– The “traditional” SDLC
– developed/described by Royce in 1970.
– model is sequential
– phases are signed off, eg. once the
requirements phase is completed, the
process moves on to the Design phase.
– relies heavily on upfront planning
Waterfall Model (cont’d)
• classical
• one-shot approach
• effective control
• limited scope of iteration
• long cycle time
• not suitable for system of high
uncertainty
Waterfall Model (cont’d)
• QA throughout process
– defect prevention in early phases
– focused defect removal in testing phase
– defect containment in late phases
– phase transitions: inspection/review/etc.
V Model Maintenance
Requirements
User Acceptance Testing
Analysis
Unit and
Program Design
Integration Testing
Coding
V Model (cont’d)
• is an extension to the Waterfall model
• still a phased model
• includes Quality Assurance Techniques
• emphasis is on Validation Activities
• test-execution is delayed until the product is
developed
• test-plans and test-cases are designed in
concurrence
• Acceptance Tests can already be defined
based on the requirements.
Spiral Model (adapted from Boehm 1987)
Cumulative cost
Progress through steps
Determine objectives, Evaluate alternatives;
alternatives and Risk
identify and resolve
constraints analysis risks
Risk
analysis
Risk
analysis Prototype
Prototype
Prototype
Requirements Concept of Software System Detailed
plan operation requirements product design
design
Development Requirements
plan validation Coding
Integration and
Test plan Design
validation Unit
testing Develop and verify
Plan next phases Integration next-level product
Acceptance and Test
test
Spiral Model (cont’d)
The Spiral Model (Boehm 1988) is
• iterative development approach
• emphasises the involvement of stakeholders
• phases are similar to those in the waterfall model
• strong emphasis on the management of risk
• each iteration
– 1 identifies objectives
– 2 identifies alternatives
– 3 identifies constraints
– 4 followed by a risk-driven evaluation.
– 5 development and verification commences,
– 6 resulting in an increment of functionality.
– 7 plan for the next iteration of development.
• The spiral starts in the centre!
• Four major activities
– Planning
– Risk analysis
– Engineering
– Evaluation
Prototyping Model
YES
User
Build prototype
satisfaction
NO
User feedback
Prototyping Sequences
• Requirements gathering
• Quick design
• Prototype construction
• Customer evaluation
• Refinement
• Loop back to quick design for fine tuning
• Product engineering
Prototyping Model
• Goals
– meet (some) user requirements at an early
stage
– reduce risk and uncertainty
– verify a design or implementation approach
• Should always answer specific
questions; goals must be identified
Classification of Prototype
• Throw-away
– After users agree the requirements of the
system, the prototype will be discarded.
• Evolutionary
– Modifications are based on the existing
prototype.
• Incremental
– Functions will be arranged and built
accordingly.
Forms of Prototypes
• Mock-ups
• Simulated interaction
• Partial working model
Benefits of Prototyping
• Learning by doing
• Improved communication
• Improved user involvement
• Clarification of partially-known requirements
• Demonstration of the consistency and
completeness of a specification
• Reduced need for documentation
• Reduced maintenance costs
• Feature constraint
• Production of expected results for testing real
system
Drawbacks of Prototyping
• Users sometimes misunderstand the
role of the prototype
• Lack of project standards possible
• Lack of control
• Additional expense
• Machine efficiency
• Close proximity of developers
Phased Development
• Reduce cycle time
• Two parallel systems:
– operational system (Release n)
– development system (Release n+1)
• Two approaches
– incremental
– iterative
Incremental Model
• Break system into small components
• Implement and deliver small
components in sequence
• Every delivered component provides
extra functionality to user
Incremental Model (cont’d)
Arrange
Requirements Design and develop
requirements in
Analysis increment
increments
NO
YES
Iterative Model
• Deliver full system in the beginning
• Enhance functionality in new releases
Iterative Model (cont’d)
YES
Combined Incremental and Iterative
Model
• Every new release includes
– extra functionality
– enhancement of existing functionality
• Popularly used in software industry
Ranking the Increments
• Rank by value to cost ratio
• V = value to customer (score 1 -10)
• C = cost (score 1- 10)
• Value to cost ratio = V/C
Advantages of Phased Development
• Early feedback
• Less possible requirement changes
• Early benefits for users
• Improved cash flow
• Easier to control and manage
• Capture early market
• Facilitate early training
• Can be temporarily abandoned
• Increase job satisfaction
Disadvantages of Phased
Development
• ‘Software breakage’
• Reduced productivity
Agile Systems Development
Ancestry in Rapid Application Development
Held up as antithesis of traditional software development.
Focus on:
• Early delivery priority business requirements.
• Dealing with partial knowledge
• Reduced documentation
• Small groups of programmers
• Iteration
• Continuous testing
• Integral customer involvement
Agile Software Development
Approaches
• Crystal technologies
• Atern (formerly DSDM-Dynamic System
Development Method)
• Feature-driven development
• Scrum
• Extreme Programming (XP)
Core Values
• Individuals and interaction over
processes and tools
• Working together over comprehensive
documentation
• Customer collaboration over contract
negotiation
• Responding to change over following a
plan
Dynamic Systems Development
Method
• Attempt to develop industry-standard
RAD method
• Consortium first met in Jan 1994
• Founding members include
– IBM
– ICL
– LBMS
– British Airways
Dynamic Systems Development
Method
• The consortium’s mission: “ to develop
and continuously evolve a public domain
method for RAD”
• the published manual includes framework
for all project activities
• the method has 4 phases:-
– feasibility
– functional prototype iteration
– design prototype iteration
– implementation
Overview
1. Software Development Life-Cycle Models
2. Integration of software quality assurance into the life cycle
Integrate QA into Life Cycle Phases
produce
Phases Artifacts
monitor
has
end with
focus Iterations Release
Engineers
Use
Workflows
Key PA Infrastructure/
Process Activities
organized by
Capability
Common
Features describe
address
Implementation contain
Key
Practices
Maturity Level
Level 1: Initial
Level 2: Repeatable
Level 3: Defined
Level 4: Managed
Level 5: Optimising
Key Process Area
• Each maturity level is composed of key process
areas.
• Each key process area identifies a cluster of related
activities that, when performed collectively, achieve a
set of goals considered important for establishing
process capability at that maturity level.
• The key process areas have been defined to reside
at a single maturity level.
• For example, one of the key process areas for Level
2 is Software Project Planning.
Level 1 - Key Process Areas
• None that can be observed
Level 2 - Key Process Areas
• Software configuration management
• Software quality assurance
• Software subcontract management
• Software project tracking and oversight
• Software project planning
• Requirements management
Level 3 - Key Process Areas
• Peer reviews
• Inter-group coordination
• Software product engineering
• Integrated software management
• Training program
• Organization process definition
• Organization process focus
Level 4 - Key Process Areas
• Quality management
• Process measurement
• Software quality management
• Quantitative process management
Level 5 - Key Process Areas
• Process change management
• Technology change management
• Defect prevention
Goals
• The goals:
– Summarize the key practices of a key process area
– Can be used to determine whether an organization or
project has effectively implemented the key process
area
– Signify the scope, boundaries, and intent of each key
process area
• E.g. : a goal from the Software Project Planning
key process area :
– "Software estimates are documented for use in
planning and tracking the software project."
Common Features
• The common features are attributes that indicate
whether the implementation and institutionalization of
a key process area is effective, repeatable, and
lasting.
• The key practices are divided among five Common
Features sections:
– Activities Performed (Describes Implementation Activities)
– Commitment to Perform (Organizational culture)
– Ability to Perform (Institutionalization factor)
– Measurement and Analysis (Organization culture)
– Verifying Implementation (Institutionalization factor).
Key Practices
• Each key process area is described in terms of key
practices that, when implemented, help to satisfy the
goals of that key process area.
• The key practices describe the infrastructure and
activities that contribute most to the effective
implementation and institutionalization of the key
process area.
• For example, one of the practices from the Software
Project Planning key process area is "The project's
software development plan is developed according to
a documented procedure."
Overview
1. Process based Quality
2. What is Capability Maturity Model (CMM)
3. Structure of CMM
4. Use of CMM
Uses of the CMMI
• Within an organization:
– assess the current capabilities of the software process,
– identify strengths and weaknesses,
– a first step in a software process improvement programme,
– use as Appraisal for Internal Process Improvement.
• By an external agency:
– assess the software process of the organization, perhaps on
behalf of a customer (e.g. defence procurement),
– Software Capability Evaluation (SCE).
1342 organizations [SEMA 2003]
Time Required to Progress
to the Next CMM Level
Project resources distribution
by CMM capability level
ISO 9001 Vs CMM
• Almost all concerns raised by ISO 9001 are
encompassed by CMM.
• ISO 9001 describes the minimum criteria for
adequate quality management systems - rather than
process improvement. CMM address process
improvement as well as provides a clear path to
achieving it.
• CMM provides more detailed guidance and greater
breadth provided to software organizations.
• Building competitive advantage should be focused on
improvement, not on achieving a score (which is the
primary focus of ISO 9001).
ISO 9001 Certification Vs CMM
Levels
• An ISO 9001-compliant organization would
not necessarily satisfy all of the level 2 key
process areas, it would satisfy most of the
level 2 goals and many of the level 3 goals
• It is possible (in theory) for a level 1
organization to receive ISO 9001 registration
• A level 3 organization would have little
difficulty in obtaining ISO 9001 certification
• A level 2 organization would have significant
advantages in obtaining certification.
Summary
• The quality of a developed product is influenced by the quality of
the production process. Improvements in process will improve
quality
• Quantitative management methods increases the organization's
capability to control the quality and improve the productivity.
• Software process performance focuses on the results achieved,
while software process capability focuses on results expected.
• CMM expresses the maturity of a software process in terms of
five levels
• Each maturity level is composed of several key process areas
(except Level 1). Each key process area is organized into five
sections called common features. The common features specify
the key practices that accomplish the goals of the key process
area.
• CMM address process improvement as well as provides a clear
path to achieving it.
Session 5 Quiz
1. Ture or False?
The quality of a developed product is influenced by the quality of the production
process.
Improvements in process will improve quality
Quantitative management methods increases the organization's capability to control the
quality and improve the productivity
CMM expresses the maturity of a software process in terms of five levels
Software process performance focuses on the results achieved, while software process
capability focuses on results expected.
Almost all concerns raised by ISO 9001 are encompassed by CMM.
CMM provides more detailed guidance and greater breadth provided to software
organizations.
CMM address process improvement as well as provides a clear path to achieving it.
2. ____________ describes the minimum criteria for adequate quality management systems -
rather than process improvement. ____________ address process improvement as well as
provides a clear path to achieving it.
SOFTWARE
• Greater Uncertainty
• …
Common problems with software
projects
• Lack of quality standards and measures
• Lack of measurable milestones
• Difficult to make the progress visible
• Poor communications
• Poor documentation
• Frequent changes of requirements
• Over budget and late delivery of software
• …
What is Management?
Management may involve:
planning — deciding what is to be done
organising — making arrangement
staffing — selecting the right people
directing — giving instructions
monitoring — checking on progress
controlling — taking action to remedy hold-ups
innovating — coming up with new solutions
representing — liaising with users
Major issues of software project
management to be covered
• Software development models
• Software size and cost estimation
• Software project planning
• Software risk management
• Resource allocation
• Standards: ISO 9000 and CMM
• Performance tracking and reporting
• Software project configuration management
• Software project team management
What Management Practices
should be in place?
• Project Planning, Control and Tracking
Methods
• Software Quality Management
• Software Configuration Management
• Training
Major Processes in Developing a Software
Project
• Feasibility study
• Project planning
• Project execution
Project Activities
Is it worth doing?
How do we do it?
feasibility study
Do it!
planning
Project execution
B D
3
3
1 G
A 2
2 E
C
4
1 2 3 4 5 6 7 8 9 10
30
05
10 20
Network Diagrams
• AOA consists of
• Circles representing Events
– Such as ‘start’ or ‘end’ of a given task
• Lines representing Tasks
– Thing being done ‘Build UI’
• a.k.a. Arrow Diagramming Method (ADM)
• AON
• Tasks on Nodes
– Nodes can be circles or rectangles (usually latter)
– Task information written on node
• Arrows are dependencies between tasks
• a.k.a. Precedence Diagramming Method (PDM)
Mathematical Analysis
• PERT
– Program Evaluation and Review Technique
• CPM
– Critical Path Method
• Sometimes treated synonymously
• All are models using network diagrams
MS-Project Example
Critical Path
• “The specific set of sequential tasks upon
which the project completion date depends”
– or “the longest full path”
• All projects have a Critical Path
• Accelerating non-critical tasks do not directly
shorten the schedule
Critical Path Method (CPM)
• Critical Path Method
– The process for determining and optimising the
critical path
• Non-CP tasks can start earlier or later w/o
impacting completion date
• Note: Critical Path may change to another as
you shorten the current
• Should be done in conjunction with the you &
the functional manager
Critical Path Method (cont’d)
• Primary objectives:
– Planning the project so that it can be
completed as quickly as possible
– Identifying those activities where their
delays is likely to affect the overall project
completion date
• Developed by Du Pont Chemical
Company and published in 1958
Critical Path Method (cont’d)
• Capture the activities and their inter-relationships
using a graph
– Lines are used to represent the activities
– Nodes are used to represent the start and stop of
activities
• Adding time dimension
– The forward pass
• calculate the earliest start dates of the activities
• To calculate the project completion date
– The backward pass
• calculate the latest start dates for activities
• identify the critical path from the graph
Critical Path Method (cont’d)
• Start-to-Start (SS)
– B cannot start till A starts
– A: Pour foundation; B: Level concrete
• Finish-to-Finish (FF)
– B cannot finish till A finishes
– A: Add wiring; B: Inspect electrical
• Start-to-Finish (SF)
– B cannot finish till A starts (rare)
Example Step 1
Forward Pass
• To determine early start (ES) and early finish (EF) times for
each task
• Work from left to right
• Adding times in each path
• Rule: when several tasks converge, the ES for the next task
is the largest of preceding EF times
Example Step 2
Backward Pass
• To determine the last finish (LF) and last start (LS) times
• Start at the end node
• Compute the bottom pair of numbers
• Subtract duration from connecting node’s earliest start time
Example Step 3
Example Step 4
Example to construct a CPM
Id. Activity Name Duration (weeks) Precedents
A Hardware selection 7
B Software design 4
C Hardware Installation 6 A
D Coding 4 B
E Data Preparation 5 B
F User Documentation 9
G User Training 5 E,F
H System Installation 3 C,D
Example to construct a CPM (cont’d)
Event Number
3
Earliest start date 1 7 Latest start date
6
Slack
Example to construct a CPM (cont’d)
2
7 7
0 C=6
A=7
F=9 5 G=5
9 11
2
Significance of critical path
• During planning stage
– Shortening the critical path will reduce the
overall project duration
• During management stage
– Pay more attention to those activities which
fall in the critical path
Network Diagrams
• Advantages
– Show precedence well
– Reveal interdependencies not shown in other techniques
– Ability to calculate critical path
– Ability to perform “what if” exercises
• Disadvantages
– Default model assumes resources are unlimited
• You need to incorporate this yourself (Resource Dependencies)
when determining the “real” Critical Path
– Difficult to follow on large projects
PERT
• Program Evaluation and Review Technique
• Based on idea that estimates are uncertain
– Therefore uses duration ranges
– And the probability of falling to a given range
• Uses an “expected value” (or weighted
average) to determine durations
• Use the following methods to calculate the
expected durations, then use as input to your
network diagram
PERT
• Start with 3 estimates
– Optimistic
• Would likely occur 1 time in 20
– Most likely
• Modal value of the distribution
– Pessimistic
• Would be exceeded only one time in 20
PERT Formula
• Combined to estimate a task duration
PERT Formula
• Confidence Interval can be determined
• Based on a standard deviation of the
expected time
• Using a bell curve (normal distribution)
331
Scope of Quality Management
• Quality management is particularly important for
large, complex systems. The quality
documentation is a record of progress and
supports continuity of development as the
development team changes.
• For smaller systems, quality management needs
less documentation and should focus on
establishing a quality culture.
[Sommerville2004]
332
Quality Management Activities
• Quality assurance
– Establish organisational procedures and standards for quality.
• Quality planning
– Select applicable procedures and standards for a particular project
and modify these as required.
• Quality control
– Ensure that procedures and standards are followed by the
software development team.
[Sommerville2004]
333
Quality Planning
• Quality planning is the process of assessing the
requirements of the procedure and of the product
and the context in which these must be observed.
• Quality assurance plan is the central aid for planning
and checking the quality assurance.
[Pressman2004]
334
Quality Assurance Plan
• A quality assurance plan sets out the desired
product qualities and how these are assessed and
defines the most significant quality attributes.
• The quality assurance plan should define the
quality assessment process.
• It should set out which organisational standards
should be applied and, where necessary, define
new standards to be used.
[Sommerville2004]
335
Quality Plan
• Quality planning should begin at an early stage in the
software process.
– The result of the quality planning process is the
project quality plan.
• The quality plan should be as short as possible.
– Due to the wide range of quality attributes, in
general it is not possible to handle all quality
attributes. Hence, the plan should identify among
all the potential quality attributes, the most critical
ones, and focus on how to achieve them.
– The quality plan should also define the quality
assessment process.
336
Quality Assurance Plan Structure
• Product introduction: description of the product, its intended
market and quality expectations.
• Product plans: critical release dates and responsibilities for the
product along with plans for distribution and product servicing.
• Process descriptions: development and service processes which
should be used for product development and management.
• Quality goals: quality goals and plans for the product, including
an identification and justification of critical product quality
attributes.
• Risk and risk management: key risks which might affect product
quality and the actions to address these risks.
[Sommerville2004]
337
SQA Plan
• Management section
– describes the place of SQA in the structure of the
organization
• Documentation section
– describes each work product produced as part of the
software process
• Standards, practices, and conventions section
– lists all applicable standards/practices applied during the
software process and any metrics to be collected as part of
the software engineering work
338
SQA Plan (Con’t)
• Reviews and audits section
– provides an overview of the approach used in the
reviews and audits to be conducted during the
project
• Test section
– references the test plan and procedure document
and defines test record keeping requirements
• Problem reporting and corrective action section
– defines procedures for reporting, tracking, and
resolving errors or defects, identifies organizational
responsibilities for these activities
• Other
– tools, SQA methods, change control, record keeping,
training, and risk management
339
SQA Plan Example
340
Quality Control
Quality Control [ISO 9000]:
The operational techniques and activities that are used
to fulfil requirements for quality
• Quality Control is the series of inspections, reviews and tests
used throughout the development cycle to ensure that each
work product meets the requirements placed upon
it.[Pressman2004]
• This involves checking the software development process to
ensure that procedures and standards are being followed.
• There are two approaches to quality control
– Quality reviews;
– Automated software assessment and software
measurement.
341
Quality Control
• Objective:
– minimize the produced defects
– increase the product quality
• Implementation approaches:
– Fully automated
– Entirely manual
– Combination of automated tools and human
interactions
342
Quality Control
Measures you can take to reduce the occurrence of
errors:
• creating a quality policy, and ensuring staff
understand the procedures they must follow (the
quality system)
• adopting an analysis and design method, and a
project management method
• implementing standards for software and
documents
• independent checking and testing
• using automated software testing tools
• monitoring errors (metrics), tracing their cause,
improving the processes that regularly cause errors
General recommendations
• Quality cannot be "added in" by the quality
control process. Good quality products are
made that way from the start, not improved by
testing at the end of a project
• Some individuals consistently produce work of
high quality (and others consistently poor
quality), so choose a good team
• Make everyone in the organisation responsible
for the quality of the final product(s). This is the
basis of "Total quality management" or TQM
Encourage a quality culture in the organisation
Quality Control & Assurance
• In the ISO 9000 standard, clause 3.2.10 defines Quality
Control as:
“A part of quality management focused on fulfilling
quality requirements”
Clause 3.2.11 defines Quality Assurance as:
“A part of quality management focused on providing
confidence that quality requirements will be fulfilled”
– QA and QC are closely related concepts, and are
both aspects of quality management
– Quality Assurance focuses on the process of
quality, while Quality Control focuses on the
quality of output.
345
Quality Control & Assurance
• Quality Assurance is process oriented and focuses on
defect prevention, while quality control is product
oriented and focuses on defect identification.
– QA is the process of managing for quality.
– QC is used to verify the quality of the output;
– QA: a Strategy of Prevention
– QC: a Strategy of Detection
– QA is a managerial tool
– QC is a corrective tool
– Verification is an example of QA
– Validation/Software Testing is an example of QC
346
Summary
• Quality Management Activities
– Quality assurance
– Quality planning
– Quality control
For smaller systems, quality management needs less documentation and should focus
on establishing a quality culture.
QA and QC are closely related concepts, and are both aspects of quality management.
• Risk:
– Risks are potential problems that may affect
successful completion of a software project.
– Risks involve uncertainty and potential losses (The
possibility of suffering harm or loss, danger).
– Risk analysis and management are intended to help
a software team understand and manage
uncertainty during the development process.
Risk is not bad
[Van Scoy, Roger L. Software Development Risk:
Opportunity, Not Problem. Software Engineering Institute,
CMU/SEI-92-TR-30, ADA 258743, September 1992]
• Risk in itself is not bad; risk is essential to
progress, and failure is often a key part of
learning. But we must learn to balance the
possible negative consequences of risk against the
potential benefits of its associated opportunity."
Risk Strategies
• Reactive strategies
– very common, also known as fire fighting
– project team sets resources aside to deal with
problems
– team does nothing until a risk becomes a problem
• Proactive strategies
– risk management begins long before technical
work starts, risks are identified and prioritised by
importance
– team builds a plan to avoid risks if they can or to
minimize risks if they turn into problems
Nature of Project Risks
• Planning assumptions
• Estimation errors
• Eventualities
Planning Assumptions
• Why assumptions
– Uncertainties in early stage of the project
• Common assumption:
– “Everything will go smoothly”
• Environment is reliable and fixed
• Design will be perfect first time
• Coding will be ‘nearly perfect’
• Guidelines
– List all the assumptions
– Identify the effects of these assumptions on the
project if they are no longer valid
Estimation Errors
• Difficult to have accurate size or time estimations
– Lack of experience of similar tasks
– Lack of historical data
– Nature of the task
• Estimation can be improved by analyzing historic
data for similar tasks and similar projects
– Keep historic data of your estimation and the actual
performance
– Compare your estimation and the actual value
– Classify the tasks that are easy or difficult to give
accurate estimation
Eventualities
• Unexpected and unimaginable events
• Common unexpected events
– Hardware cannot be delivered on time
– Requirements specification needs to be
rewritten
– Staffing problem
A loss associated with the event
• Loss of time, quality, control,
understanding
– e.g. Requirements change
– Loss of key staff
– Optimistic Estimates
• Risk Impact (often expressed in £ or $?)
• Cause - Effect
Overview
1. What is Risk Management?
2. Risk Identification
3. Risk Estimation
4. Risk Engineering
Risk Identification
• Identify the hazards that might affect the
duration or resource costs of the project
Hazard Problem Risk
• A hazard is an event that might occur
and will create a problem for the
successful completion of the project, if it
does occur
Hazard, Problem, and Risk
• Hazard: Mary’s baby may be born early
• Problem: Modules P and Q will have no
coder
• Risk: Milestone 7 will be delayed, or
extra budget will be needed to hire
another coder
Type of risks
• Generic risk (common to all projects)
– Standard checklist can be modified based on the risk analysis of
previous projects
• Specific risk (only applies to individual projects)
– More difficult to find
– Need to involve project team members
– Need an environment that encourages risk assessment
• Involuntary (e.g. size of system)
• Voluntary (accepting tight delivery date)
• Known risks
– predictable from careful evaluation of current project plan and those
extrapolated from past project experience
• Unknown risks
– some problems will simply occur without warning
Software Risks
• Project risks
– threaten the project plan
• Technical risks
– threaten product quality and the timeliness of the
schedule
• Business risks
– threaten the viability of the software to be built
(market risks, strategic risks, management risks,
budget risks)
Risk Identification Methods
exposure = £7.5k
Risk Estimation Techniques
• Risk likelihood: The probability that a hazard
is going to occur
– Rank from Low, Medium to High
– Rank from 1 (least likely) to 10 (most likely)
• Risk Impact: The effect of the problem
caused by the hazard
– Rank from 1 to 10
Risk Impact
• Risk components
– performance
– cost
– support
– schedule
• Risk impact
– negligible
– marginal
– critical
– catastrophic
Risk Table Construction
• List all risks in the first column of the table
• Classify each risk and enter the category label in
column two
• Determine a probability for each risk and enter it into
column three
• Enter the severity of each risk (negligible, marginal,
critical, catastrophic) in column four.
• Sort the table by probability and impact value
• Determine the criteria for deciding where the sorted
table will be divided into the first priority concerns and
the second priority concerns
• First priority concerns must be managed.
Risk Estimation (cont’d)
• Advantages
– The only way to compare or rank the risks
– To have a good quantitative estimate, the
extra effort can provide a better
understanding of the problem
• Disadvantages
– Estimation is difficult, subjective, time-
consuming and costly
Risk Evaluation
• Ranking the risks
• Determining the corresponding risk
reduction strategies
Ranking Risks
• Ranking the risks based on their risk
exposures
• Ranking shows the order of importance
• In practice, also consider factors like
– Confidence of the risk assessment
– Compound risk
– The number of risks
– Cost of action
Risk Prioritisation
• Risk Exposure
Risk Risk
Analysis Management
Risk Control
Risk Monitoring and Control
• Risk monitoring
– Determine who is responsible for monitoring
– How are risks monitored?
• Project tracking, resources, quality, etc
– Communicating the status of identified risks
• Reviews and Audits
• Once a risk is identified as occurring
– Communicate
– Take action
Risk Monitoring
• It is an ongoing activity throughout the
whole project to monitor
– the likelihood of a hazard; and
– the impact of the problem caused.
Risk Control
• Minimizing and reacting to problems
arising from risks throughout the project
Risk Directing and Staffing
• These concerns with the day-to-day
management of risk.
• Risk aversion strategies and problem
solving strategies frequently involve the
use of additional staff and this must be
planned for and should be considered.
Risk Resolution
• Risk mitigation
• Risk reassessment
Risk Mitigation Example
Risk: loss of key team members
• Determine causes of job turnover.
• Eliminate causes before project starts.
• After project starts, assume turnover is going to occur
and work to ensure continuity.
• Make sure teams are organized and distribute
information widely.
• Define documentation standards and be sure
documents are produced in a timely manner.
• Conduct peer review of all work.
• Define backup staff.
RMMM
• Risk mitigation
– proactive planning for risk avoidance
• Risk monitoring
– assessing whether predicted risks occur or not
– ensuring risk aversion steps are being properly applied
– collect information for future risk analysis
– determining which risks caused which problems
• Risk Management
– contingency planning
– actions to be taken in the event that mitigation steps
have failed and the risk has become a live problem
Risk Reduction
• Hazard Prevention
• Likelihood reduction
• Risk reduction leverage
• Costs
– Development costs
– Setup costs
– Operational costs
• Benefits
– Direct benefits
– Assessable indirect benefits
– Intangible benefits
EA – Cash Flow Forecasting
• What?
– Estimation of the cash flow over time
• Why?
– An excess of estimated benefits over the
estimated costs is not sufficient
– Need detailed estimation of benefits and
costs versus time
EA – Cash Flow Forecasting (Cont’d)
Income
Expenditure
EA – Cash Flow Forecasting (Cont’d)
• Net profit
= Total income – Total costs
• Payback period
= Time taken to break even
• Return on Investment (ROI)
average annual profit
= ×100%
total investment
Cost-benefit Evaluation Techniques
Example
Year Project 1 Project 2 Project 3 Project 4
0 -100,000 -1,000,000 -100,000 -120,000
1 10,000 200,000 30,000 30,000
2 10,000 200,000 30,000 30,000
3 20,000 200,000 30,000 30,000
4 20,000 200,000 20,000 25,000
5 100,000 350,000 20,000 50,000
Net Profit 60,000 150,000 30,000 45,000
Payback 5 5 4 5
ROI 12% 3% 6% 7.5%
Cost-benefit Evaluation Techniques –
NPV
Net present value (NPV)
• It is the sum of the present values of all future
amounts.
• Present value is the value which a future
amount is worth at present
• It takes into account the profitability of a project
and the timing of the cash flows
• Discount rate is the annual rate by which we
discount future earning
– e.g. If discount rate is 10% and the return of an
investment in a year is $110, the present value of
the investment is $100.
Cost-benefit Evaluation Techniques –
NPV (cont’d)
• Let n be the number of year and r be
the discount rate, the present value
(PV) is given by
value in year n
PV =
(1 + r ) n
Cost-benefit Evaluation Techniques –
NPV (cont’d)
• Issues in NPV
– Choosing an appropriate discount rate is difficult
– Ensuring that the rankings of projects are not
sensitive to small changes in discount rate
• Guidelines:
– Use the standard rate prescribed by the
organisation
– Use interest rate + premium rate
– Use a target rate of return
– Rank the projects using various discount rates
Cost-benefit Evaluation Techniques –
IRR
• Internal Rate of Return (IRR)
– The percentage discount rate that would
produce a NPV of zero
– A relative measure
Cost-benefit Evaluation Techniques –
IRR (cont’d)
Net Present Value($)
9000
6000
• Nature of software
• Novel application of software
• Fast changing technology
• Lack of homogeneity of project
experience
• Subjective nature of estimation
• Political implications within the
organization
Function Point Analysis (FPA)
• Developed by A. Albrecht in IBM
• Aim: To estimate the LOC of a system
LOC of system
= FP of system × LOC-per-FP of the
language
Function Point Analysis (cont’d)
• Idea: Software system consists of five
major components (or, external user
types)
– External input types
– External output types
– Logical internal file types
– External interface file types
– External inquiry types
Function Point Analysis - Steps
• Identify each instance of each external
user type in the proposed system
• Classify each instance as having high,
medium or low complexity
• Assign the FP of each instance
• FP of the system = sum of FP of
individual components
Function Point Analysis
Number of FPs Complexity
External user type Low Average High
External input type 3 4 6
External output type 4 5 7
Logical internal file type 7 10 15
External interface file type 5 7 10
External inquiry type 3 4 6
Function Point Analysis - Example
• A component of an inventory system
consisting of ‘Add a record’, ‘Delete a record’,
‘Display a record’, ‘Edit a record’, and ‘Print a
record’ will have
– 3 external input types
– 1 external output type
– 1 external inquiry type
Then, assign FPs based on the complexity of
each type
Function Point Analysis-Issues
• The assignment of level of complexity is
rather subjective
• International FP User Group (IFPUG)
imposes rules on assigning the level of
complexity to individual external user
types
Object Point Analysis
• Similar to function point analysis
• Used on 4GL development projects
• Takes account of features that may be
more readily identifiable if the system is
built on high-level application building
tools
Object Point Analysis – Steps
• Identify the number of screens, reports and 3GL
components
• Classify each object as Simple, Medium and Difficult
• Assign the weight accordingly
• Calculate the total object points
Total OP = sum of individual OP × weighting
• Deduct the reused objects (r% reused)
NOP = OP × (1 – r%)
• Identify the productivity rate of both developer and
CASE
• Productivity rate = average of the two PRs
• Calculate the effort
Effort = NOP / Productivity Rate
Object Point Analysis – Screens
Number and source of data tables
Screen 1 2 3
Report 2 5 8
Developer’s
experience 4 7 13 25 50
and capability
CASE
maturity and 4 7 13 25 50
capability
Object Point Analysis – Issues
• Adopted in Boehm’s COCOMO II in the
application composition stage
Constructive Cost Model II
(COCOMO II - Empirical Model )
• A parametric cost model
– Important aspects of software projects are
characterized by variables (or parameters)
– Once the value of the parameters are
determined, the cost can be computed
from an equation
• Recognises different approaches to
software development
– Prototyping, Incremental development etc.
COCOMO II
• A family of models
– Uses different models in 3 different stages of the project
• 3 stages: application composition, early design and post architecture
– Supports estimation early in the process
– Allows further detailed estimation after the system architecture has been defined
• The basic model equation
Effort = Constant × (Size)scale factor
× Effort Multiplier
– Effort in terms of person-months
– Constant: 2.45 in 1998
– Size: Estimated Size in KSLOC
– Scale Factor: combined process factors
– Effort Multiplier (EM): combined effort factors
COCOMO II (cont’d)
• Advantages • Disadvantages
– Good improvement – Still immature,
over COCOMO diverse projects in
– Good match for database
iterative – Hard to believe
development,
that it will be any
modern technology,
and management
more reliable than
process the original
COCOMO model
Summary
• Project Evaluation
– Strategic assessment
– Technical assessment
– Economic assessment
• Economic Assessment
– Cost-benefit analysis
– Cash flow forecasting
– Cost-benefit evaluation techniques
• Estimation Approaches
– Expert judgement
– Estimation by analogy
– Pricing to win
• Size Estimation
– Function Point Analysis (FPA)
– Object Point Analysis
Session 9 Quiz
1. Ture or False?
Project Evaluation is a high level assessment of the project.
Strategic Assessment Used to assess whether a project fits in the long-term goal of the
organisation.
Strategic Assessment usually carried out by senior management.
Unrealistic expectations based on inaccurate estimates are the single largest cause of
software failure.
It is difficult to make accurate estimation.
There is not a simple relationship between the development cost and the price charged
to the customer.
Most commonly used product attribute for cost estimation is LOC (code size).
Productivity may generally be increased at the cost of quality.
• Validation
– Evaluation of software system that help in
determining whether the product meets its intended
use
• Building the correct product
501
Static and Dynamic Techniques
• With dynamic methods, software is executed using
a set of input values and its output is then
examined and compared to what is expected.
• With static methods, software work products are
examined manually, or with a set of tools, but not
executed. As a consequence, dynamic methods can
only be applied to software code.
• Dynamic and static methods are complementary
methods, as they tend to find different types of
defects effectively and efficiently.
Static Techniques
1. Static techniques is used to find errors
before software is actually executed.
2. The earlier we catch an error, the cheaper it
is, usually, to correct.
3. Some techniques are applied to
documentation (e.g. walkthroughs, reviews and
Inspections) and some are used to analyse the
physical code (e.g. compilers, data flow
analysers).
This is a huge subject and we can only hope to
give an introduction.
Review
1. Basically a review is any of a variety of activities involving
evaluation of technical matter by a group of people working
together.
2. The objective of any review is to obtain reliable information,
usually as to status and/or work quality.
3. There are many different types of reviews throughout the
development life cycle. This includes, requirements documents,
designs, database specifications, designs, data models, code,
test plans, test scripts, test documentation and so on.
4. Reviews are the only testing technique that is available to us in
the early stages of testing.
5. Reviews share similarities to test activities in that they must
be planned (what are we testing), what are the criteria for
success (expected results) and who will do the work
(responsibilities).
Why do peer reviews?
• To improve quality.
• Catches 80% of all errors if done properly.
• Catches both coding errors and design errors.
• Enforce the spirit of any organization
standards.
• Training and insurance.
505
Roles and responsibilities
1. The moderator (or review leader)
2. The author
3. The scribe (or recorder)
4. The reviewers (checkers or inspectors)
5. The manager
Review Guidelines
• Keep it short (< 30 minutes).
• Don’t schedule two in a row.
• Don’t review product fragments.
• Use standards to avoid style disagreements.
• Let the coordinator run the meeting and
maintain order.
507
Rules for Review
• A structured approach must be for the
review process.
• Be sure to know what is being reviewed
• Checklists must be used.
• Reports must be produced.
• Quality must be specified in terms of:
Adherence to standards; Reliability required;
Robustness required; Modularity; Accuracy;
Ability to handle errors.
Formality and Timing
• Formal review presentations
– resemble conference presentations.
• Informal presentations
– less detailed, but equally correct.
• Early
– tend to be informal
– may not have enough information
• Later
– tend to be more formal
– Feedback may come too late to avoid rework
509
When
• Analysis is complete.
• Design is complete.
• After first compilation.
• After first test run.
• After all test runs.
• Any time you complete an activity that
produce a complete work product.
510
Review procedure for documents
1. Establishing standards and format for document.
2. Check contents list.
3. Check appendix list.
4. Follow up references outside documents.
5. Cross check references inside document.
6. Check for correct and required outputs.
7. Review each screen layout against appropriate standard, data
dictionary, processing rules and files/data base access.
8. Review each report layout against appropriate standard, data
dictionary, processing rules and files/data base access.
9. Review comments and reports on work and reviews done prior to this
review.
10. Documents reviewed will range from whole reports such as
Specification of Requirements to pages from output that system is
to produce. All documents will need careful scrutiny.
Types of Review
1. Walk-through
2. Informal reviews
3. Technical reviews
4. Inspections