"Where Information Technology Is Purely Business & Engineering"

      Home Employment Contents                              Stamford, CT (203) 329-7013

Quality Assurance Reviews 
Up Quality Assurance Reviews Sarbanes-Oxley Act Services

 

 

 

Professor Rino Nori's Fairfield University School of Engineering graduate school home page

Quality Assurance (QA) reviews are only conducted by our principals.  We are experts at performing QA reviews of IT projects and at reviewing and evaluating IT department  processes, practices, methodologies and systems.

 

Our QA Review can be a one time engagement, for a "one time assessment of your project, i.e. there is no obligation to engage us for further reviews or subsequent follow up.  It is a pragmatic approach to an expert  second opinion for an internal or externally run project.

 

 Our QA project review approach is inclusive of  V&V Services (Software & Project Management Verification & Validation Services) for projects, reviews based upon the client specified standards such as the IEEE Standard 1012-2004, CMMI and others.   As with our standard QA reviews, these reviews are periodic snapshots at predetermined project points;   The V&V reviews provide independent verification of project deliverables, processes, metrics, progress and activities (in our standard QA reviews, which take lesser time,  these items are discussed with the project team and sporadically verified).  Based upon the exact nature of the project and the client (or governmental agency), the V&V reviews may encompass the following project related matters: Procurement, Project Management, Project Design inclusive of BPR & Workflow activities, Quality Management, Training, Requirements Management, Operating Environment, Development Environment, Software Development, Systems and Acceptance Testing, Data Management, Production Turnover and Operations Oversight/Management.   The V&V reviews can also be designed to include verification of stakeholder approval and involvement, verification of budgetary and cost analysis, risk assessment, validation of performance metrics and progress.

 

 In addition to IT Project QA Reviews, we perform business process compliance reviews, i.e. measuring the quality and effectiveness of  (non IT) business processes and their compliance with corporate and governmental guidelines, procedures, practices and policies.  Typically this is also a normal byproduct of our BPI (Business Process Improvement) studies.

 

Below is an overview of our standard IT related QA Review, within which proprietary SDLC methodology checklists are used as a guideline in performing the review.  

 

IT Quality Assurance (QA) and Software Verification & Validation (V&V) Reviews of a Project

Objective of the IT Quality Assurance (QA) and V&V Review:

Within our practice, and within our terminology, QA reviews are performed at specific points of an IT project, normally at three check points during the lifetime of each project.  The purpose of the reviews is to obtain an independent assessment of the project direction, progress and overall quality, and a perfunctory validation of the interim and final project deliverables.  The reviews require the full and active cooperation of the internal and external (vendor) project team, complete honesty and total access to all project interim material and deliverables.  The reviews aid the project team by providing an unbiased perspective and an added level of expertise to the project, and they aid the project sponsor by providing the assurance that an objective third party has validated the work being performed on their behalf.

Based upon the client requirement, we will tune our review approach to support adherence to various industry standards, such as the IEEE standard on independent Verification and Validation, 1012  revised 2004.  Our practices will support the review of projects requiring strict adherence to specific Industry and governmental guidelines and regulations on Verification & Validation.   As described by the IEEE standard 1012-2004:

" The verification process provides objective evidence whether the software and its associated products and processes:

  1. ⎯ Conform to requirements (e.g., for correctness, completeness, consistency, accuracy) for all life cycle activities during each life cycle process (acquisition, supply, development, operation, and maintenance)
  2. ⎯ Satisfy standards, practices, and conventions during life cycle processes
  3. ⎯ Successfully complete each life cycle activity and satisfy all the criteria for initiating succeeding life cycle activities (e.g., building the software correctly)

    The validation process provides evidence whether the software and its associated products and processes

  1. ⎯ Satisfy system requirements allocated to software at the end of each life cycle activity
  2. ⎯ Solve the right problem (e.g., correctly model physical laws, implement business rules, use the proper system assumptions)
  3. ⎯ Satisfy intended use and user needs

    The verification process and the validation process are interrelated and complementary processes."

 

Functions of the IT Quality Assurance (QA) and V&V Review:

A QA review is in many ways similar to a financial audit, i.e. it relies upon complete access and honesty and attests that (based upon a sample review) the proper steps and practices are being followed.  We use engagement tailored proprietary systems development checklists as an aid in conducting each project’s three QA reviews, for V&V engagements the number of reviews varies.  The checklists are our guide and outline during the conduct of the review.  If any items are found to be lacking, we delve into the matter at a far greater level of detail, hence the overall knowledge and expertise of the reviewer is critical.  These reviews are not “surprise visits”, the project team is made aware of the timing and scope of each review, and is encouraged to work with the reviewer in a collegial atmosphere.

For V&V the approach is in many ways similar, except that the scope is defined, at a minimum by regulations and normally much of the status requires verification, i.e. compliance testing is required.

Cost, Effort & Deliverables of the IT Quality Assurance (QA) and V&V Review:

QA reviews are conducted only by our principals and are billed at a pre-agreed fixed cost plus travel. For planning purposes we estimate each QA review as one to two (maximum of three) work days of effort depending upon the complexity of the system and other matters.  This estimate includes a half to one day for the technical QA review with the project team and the remainder for: reviewing background project material in advance of the review, analyzing the results, discussing the findings and recommendations with the project team, and issuing a QA Summary Document of our findings and recommendations to the project sponsor.  For planning purposes you may assume the cost of a review at a fixed $5K plus expenses, however this quote is adjustable based upon the size and scope of the project, the number of project locations and the size and number of project teams.  A small one location project can be reviewed for about $2k whereas a massive ERP implementation may cost several times the planning cost assumption.

V&V reviews are conducted only by our principals.  Unlike a "one time  QA review", V&V reviews are by definition a collection of reviews at predefined project points.  For V&V reviews the cost is dependant upon the scope of the review, the standards being followed, and the nature of the project.  V&V reviews are priced on an hourly basis.

Requesting an IT Quality Assurance (QA)  Review:

Telephone or visit our office and describe the nature of your project and of your concerns.  Initially we will normally suggest a one time review, and based upon that review we may make further recommendations.  We will schedule the on site visit and request background material for our review.  Billing for the one time review will be a fixed cost and at completion.

 

Requesting a Verification & Validation (V&V) Review:

These engagements normally specify a program of periodic visits across agencies, locations, systems and projects and the specific standards to be adhered to.  Please email us your RFP and we will analyze it; if appropriate we will submit a proposal.

 

For general information and  inquiries eMail to:                                                                                                                                                                                             Copyright © 1999-2011 Nori & Associates
Last modified: November 09, 2010