PO11 Process Description

PO11: Quality Management

1. Description

Implementing and maintaining quality management standards and systems by providing for distinct development phases, clear deliverables and explicit responsibilities.

2. Control Objectives

Quality Plan - develop and regularly maintain an overall quality plan based on the organizational and information technology long-range plans
Quality Assurance - Management should establish a standard approach regarding quality assurance which covers both general and project-specific quality assurance activities. The approach should prescribe the type(s) of quality assurance activities (such as review, audits, inspections, etc.) to be performed to achieve the objectives of the general quality plan. It should also require specific quality assurance review
Quality Assurance Planning - Management should implement a quality assurance planning process to determine the scope and timing of the quality assurance activities
The Quality Assurance Review of Adherence to the Information Services Function’s Standards and Procedures - Management should ensure that the responsibilities assigned to the quality assurance personnel include a review of general adherence to the information services function’s standards and procedures
System Development Life Cycle Methodology - The organisation’s senior management should define and implement information systems standards and adopt a system development life cycle methodology governing the process of developing, acquiring, implementing and maintaining computerized information systems and related technology. The chosen system development life cycle methodology should be appropriate for the systems to be developed, acquired, implemented and maintained
System Development Life Cycle Methodology for Major Changes to Existing Technology - In the event of major changes to existing technology, management should ensure that a system development life cycle methodology is observed, as in the case of the acquisition of new technology
Updating of the System Development Life Cycle Methodology - Senior management should implement a periodic review of its system development life cycle methodology to ensure that its provisions reflect current generally accepted techniques and procedures
Coordination and Communication - Management should establish a process for ensuring close coordination and communication between customers of the information services function and system implementors. This process should entail structured methods using the system development life cycle methodology to ensure the provision of quality information technology solutions which meet the business demands. Management should promote an organisation which is characterized by close cooperation and communication throughout the system development life cycle
Acquisition and Maintenance Framework for the Technology Infrastructure - A general framework should be in place regarding the acquisition and maintenance of the technology infrastructure. The different steps to be followed regarding the technology infrastructure (such as acquiring; programming, documenting, and testing; parameter setting; maintaining and applying fixes) should be governed by, and in line with, the acquisition and maintenance framework for the technology infrastructure
Third-Party Implementor Relationships - Management should implement a process to ensure good working relationships with third-party implementors. Such a process should provide that the user and implementor agree to acceptance criteria, handling of changes, problems during development, user roles, facilities, tools, software, standards and procedures
Program Documentation Standards - The organisation’s system development life cycle methodology should incorporate standards for program documentation which have been communicated to the concerned staff and enforced. The methodology should ensure that the documentation created during information system development or modification projects conforms to these standard
Program Testing Standards - The organisation’s system development life cycle methodology should provide standards covering test requirements, verification, documentation and retention for testing individual software programs created as part of every information system development or modification project
System Testing Standards - The organisation’s system development life cycle methodology should provide standards covering test requirements, verification, documentation, and retention for the testing of the total system as a part of every information system development or modification project
Parallel/Pilot Testing - The organisation’s system development life cycle methodology should define the circumstances under which parallel or pilot testing of new and/or existing systems will be conducted
System Testing Documentation - The organisation’s system development life cycle methodology should provide, as part of every information system development, implementation, or modification project, that the documented results of testing the system are retained
Quality Assurance Evaluation of Adherence to Development Standards - The organisation’s quality assurance approach should require that a post-implementation review of an operational information system assess whether the project team adhered to the provisions of the system development life cycle methodology
The Quality Assurance Review of the Achievement of the Information Services Function’s Objectives - The quality assurance approach should include a review of the extent to which particular systems and application development activities have achieved the objectives of the information services function
Quality Metrics - Management should define and use metrics to measure the results of activities, thus assessing whether quality goals have been achieved
Reports of Quality Assurance Reviews - Reports of quality assurance reviews should be prepared and submitted to management of user departments and the information services function.

3. Key Goal Indicators

Number of IT processes and projects that satisfy stakeholder requirements
Increased rating for customer satisfaction with services rendered
Number of IT processes and projects formally signed off by quality assurance without significant rework
Decreased number of quality defects
Decreased number of non-compliance reports against quality standards

4. Key Performance Indicators

Number of IT processes and projects with active quality assurance management participation
Number of documented quality assurance monitoring and testing activities
Number of quality assurance peer reviews
Number of IT processes and projects that have been benchmarked
Number of meetings between stakeholders and developers
Average number of training days in quality management
Number of projects with documented and measured quality criteria

5. Critical Success Factors

A clearly defined and agreed upon development process has been created to perform quality assurance
Quality is defined by the organisation with clear roles for the quality assurance processes and quality control procedures
A quality assurance program has been implemented with well defined, measurable quality standards and quality control processes have been defined, resourced and aligned
There is continuous improvement and a defined knowledge base for processes and metrics
There is a quality education and training programme
Stakeholders are involved in the quality assurance programme
A positive quality culture is consistently promoted by all layers of management
Awareness exists that quality standards should equally apply to processes and projects where reliance is placed on third parties
Every delivery process needs to have proper quality assurance criteria
Emphasis is provided on training IT and end user staff in testing methods and techniques

6. Service Maturity Variations

0 Non-existent	The organization lacks a quality assurance planning process and a system development life cycle methodology. Senior management and IT staff do not recognise that a quality program is necessary. Projects and operations are never reviewed for quality.
1 (Initial/Ad Hoc)	There is a management awareness of the need for quality assurance. Individual expertise drives quality assurance, when it occurs. Quality assurance activities that do occur are focused on IT project and process-oriented initiatives, not on organisation-wide processes. IT projects and operations are not generally measured for quality, but management makes informal judgements on quality.
2 (Repeatable but Intuitive)	Senior management has gained and communicated an awareness of the need for IT project management. The organisation is in the process of learning and repeating certain techniques and methods from project to project. IT projects have informally defined business and technical objectives. There is limited stakeholder involvement in IT project management. Some guidelines have been developed for most aspects of project management, but their application is left to the discretion of the individual project manager.
3 (Defined Process)	IT management is building a knowledge base for quality metrics. There is a defined quality assurance process that has been communicated by management and involves both IT and end-user management. An education and training program has been instituted to teach all levels of the organisation about quality. Quality awareness is high throughout the organisation. Tools and practices are being standardised and root cause analysis is occasionally applied. A standardised program for measuring quality is in place and well structured. Quality satisfaction surveys are consistently conducted.
4 (Managed and Measurable)	The organisation continuously and consistently measures quality of processes, services, products and projects. Quality assurance is addressed in all processes, including those processes with reliance on third parties. A standardised knowledge base is being established for quality metrics. Quality satisfaction surveying is an ongoing process and leads to root cause analysis. Cost/benefit analysis methods are used to justify quality assurance initiatives. Responsibilities and accountability are increasingly being defined for organisation-wide business processes and not only for IT processes. Benchmarking against industry and competitor norms is increasingly being performed.
5 Optimized	Quality awareness is very high within the whole organisation. Quality assurance is integrated and enforced in all IT activities. Quality assurance processes are flexible and adaptable to changes in the IT environment. All quality problems are analysed for root causes. Quality satisfaction surveys are an essential part of a continuous improvement process. The knowledge base is enhanced with external best practices. Benchmarking against external standards is routinely being performed. The quality assurance of IT processes is fully integrated with the assurance over business processes to ensure that the products and services of the entire organisation have a competitive advantage.