csqa table of contents

8/6/2019 CSQA Table of Contents

1/16


2/16

Introduction to the CSQA Program Intro-1Software Certification Overview Intro-2Contact Us Intro-3Program History Intro-3Why Become Certified? Intro-3

Benefits of Becoming a CSQA Intro-3Value Provided to the Profession Intro-4Value Provided to the Individual Intro-4Value Provided to the Employer Intro-5Increased Confidence by IT Users and Customers Intro-5Improved Processes to Build/Acquire/Maintain, Operate and Measure Software Intro-5Independent Assessment of Quality Assurance Competencies Intro-5Quality Assurance Competencies Maintained Through Recertification Intro-6Value Provided to Co-Workers Intro-6Mentoring the Staff Intro-6Testing Resource to IT Staff Intro-6Role Model for Quality Assurance Practitioners Intro-6How to Improve Quality Assurance Effectiveness Through

CSQA Certification Intro-6

Meeting the CSQA Qualifications Intro-8Prerequisites for Candidacy Intro-8Educational and Professional Prerequisites Intro-8Non-U.S. Prerequisites Intro-8Expectations of the CSQA Intro-9Professional Skill Proficiency Responsibilities Intro-9Develop a Lifetime Learning Habit Intro-10Code of Ethics Intro-10Purpose Intro-10Responsibility Intro-11Professional Code of Conduct Intro-11Grounds for Decertification Intro-12Submitting the Initial Application Intro-12Correcting Application Errors Intro-14Submitting Application Changes Intro-14

Examination Requirements Intro-15Filing a Retake Application Intro-15Arranging to Sit and Take the Examination Intro-15Scheduling to Take the Examination Intro-16Rescheduling the Examination Sitting Intro-17Receiving the Confirmation Letter Intro-17Checking Examination Arrangements Intro-17

Arriving at the Examination Site Intro-17No-shows Intro-17

How to Maintain Competency and Improve Value Intro-18Continuing Professional Education Intro-18Advanced CSQA Designations Intro-18What is the Certification Competency Emphasis? Intro19


3/16

Preparing for the CSQA Examination Intro-21Assess Your CSQA CBOK Competency Intro-22Complete the CSQA Skill Assessment Worksheet Intro-22Calculate Your CSQA CBOK Competency Rating Intro-24Understand the Key Principles Incorporated Into the Examination Intro-26Review the List of References Intro-27

Initiate a Self-Study Program Intro-28Take the Sample Examination Intro-29

CSQA Skill Assessment Worksheet Eval-1Assess Your Skills against the CSQA CBOK Eval-1Skill Category 1 Quality Principles and Concepts Eval-2Skill Category 2 Quality Leadership Eval-3Skill Category 3 Quality Baselines Eval-4Skill Category 4 Quality Assurance Eval-5Skill Category 5 Quality Planning Eval-6Skill Category 6 Define, Build, Implement and Improve Work Processes Eval-7Skill Category 7 Quality Control Practices Eval-8Skill Category 8 Metrics and Measurement Eval-9

Skill Category 9 Internal Control and Security Eval-10Skill Category 10 Outsourcing, COTS, and Contracting Quality Eval-11CSQA CBOK Competency Rating Table Eval-12

Skill Category 1

Quality Principles 1-1Vocabulary of Quality 1-1The Different Views of Quality 1-4The Two Quality Gaps 1-5Quality Attributes for an Information System 1-6Quality Concepts and Practices 1-8

PDCA Cycle 1-9Cost of Quality 1-11The Three Key Principles of Quality 1-14The Quality Solution 1-14Best Practices 1-15Six Sigma Quality 1-15Baselining and Benchmarking 1-16Earned Value 1-16Quality Control and Quality Assurance 1-17Quality Control 1-17Quality Assurance 1-18Differentiating Between Quality Control and Quality Assurance 1-18Understanding and Using the Just-In-Time (JIT) Technique 1-19

Quality Pioneers Approach to Quality 1-22Dr. W. Edwards Deming 1-22Philip Crosby 1-25Dr. Joseph Juran 1-28Total Quality Management 1-29A Managerial Philosophy Based on the Work of the Pioneers 1-29


4/16

Skill Category 2

Quality Leadership 2-1Leadership Concepts 2-1

Executive and Middle Management Commitment 2-2Executive Management Commitment 2-4Middle Management Commitment 2-4Quality Champion 2-5New Behaviors for Management 2-5Traditional Management versus Quality Management 2-5Leadership 2-7The Importance of Establishing Mentoring Relationships 2-10Establishing Trust 2-11Competition to Cooperation 2-11Awareness Training 2-11Nurturing New Behaviors 2-13Empowerment of Employees 2-14

Quality Management Infrastructure 2-15Quality Council 2-16Management Committees 2-17Teams and Work Groups 2-17Understanding Team Development Phases 2-18Establishing Group Compatibility 2-19Consensus 2-21Controlling Meetings 2-21Using Task Forces Effectively 2-22Personal Persuasion 2-23Conformity Behavior of Individuals in a Group 2-24Resolving Customer Complaints 2-25Written Reports 2-27

Process Improvement Teams 2-29Quality Environment 2-30The Six Attributes of an Effective Quality Environment 2-30The Core Values and Concepts Included in the Malcolm Baldrige National QualityAward Model 2-33Core Values and Concepts 2-34Visionary Leadership 2-34Customer-Driven Excellence 2-35Organizational and Personal Learning 2-35Valuing Employees and Partners 2-36Agility 2-37Focus on the Future 2-38Managing for Innovation 2-38

Management by Fact 2-38Social Responsibility 2-39Focus on Results and Creating Value 2-40Systems Perspective 2-40Setting the Proper Tone at the Top 2-40Code of Ethics and Conduct 2-41Open Communications 2-41Guidelines for Effective Communications 2-42Providing Constructive Criticism 2-42Achieving Effective Listening 2-44The 3-Step Listening Process 2-45


5/16

Implementing a Mission, Vision, Goals, Values, and Quality Policy 2-48Mission 2-48Vision 2-49Goals 2-49Values 2-51Quality Policy 2-52

Monitoring Compliance to Organizational Policies and Procedures 2-53Four Types of Monitoring 2-54Monitoring the Tone at the Top 2-54Monitoring by Individuals 2-55Ongoing Monitoring 2-55Independent Monitoring 2-56Enforcement of Organizational Policies and Procedures 2-57Types of Enforcements 2-58Automated Enforcement 2-58Self-Enforcement 2-58Supervisory Enforcement 2-59

Skill Category 3

Quality Baselines 3-1Quality Baseline Concepts 3-1Baselines Defined 3-1Types of Baselines 3-2Conducting Baseline Studies 3-2Conducting Objective Baseline Studies 3-4Conducting Subjective Baseline Studies 3-5Planning 3-6Internal analysis 3-6Benchmarking 3-6Methods Used for Establishing Baselines 3-7

Customer Surveys 3-7Benchmarking to Establish a Baseline Goal 3-7Assessments against Management Established Criteria 3-10Assessments against Industry Models 3-12Model and Assessment Fundamentals 3-12Purpose of a Model 3-12Types of Models (Staged and Continuous) 3-13Staged models 3-13Continuous models 3-14Model Selection Process 3-14Using Models for Assessment and Baselines 3-15Assessments versus Audits 3-15Industry Quality Models 3-16

Software Engineering Institute Capability Maturity ModelIntegration (CMMI) 3-16Maturity Levels 3-17Level 1: Initial 3-18Level 2: Managed 3-18Level 3: Defined 3-18Level 4: Quantitatively Managed 3-19Level 5: Optimizing 3-19Components of the Maturity Levels 3-20


6/16

Skipping Maturity Levels 3-20Malcolm Baldrige National Quality Award (MBNQA) 3-21National Institute of Standards and Technology 3-21Board of Overseers 3-21Board of Examiners 3-21Award Recipients 3-21

2005 Award Criteria 3-221 Leadership 3-222 Strategic Planning 3-223 Customer and Market Focus 3-224 Information and Analysis 3-235 Human Resources 3-236 Process Management 3-237 Business Results 3-232005 Award Scoring System 3-23Process 3-24The Application Review Process 3-25Other National and Regional Awards 3-25ISO 9001:2000 3-25

Model Overview 3-26Management Responsibility 3-27Resource Management 3-28Product Realization 3-28Measurement, Analysis and Improvement 3-29ISO/IEC 12207: Information Technology Software Life Cycle Processes 3-29Model Overview 3-29Target Audience 3-32Views of Software Development 3-32Relationship to Other Standards 3-33ISO/IEC System and Software Standards 3-33IEEE/EIA 12207 3-33ISO/IEC 15504: Process Assessment

(Formerly Known as Software Improvement and Capability Determination (SPICE) 3-34Model Overview 3-34Reference Models 3-37Process Dimension 3-37Process Capability Dimension 3-39The Assessment Process 3-40Relationship to other International Standards 3-42Post-Implementation Audits 3-42

Skill Category 4

Quality Assurance 4-1

Establishing a Function to Promote and Manage Quality 4-1The Challenges of Implementing a Quality Function 4-3How the Quality Function Matures Over Time 4-5Three Phases of Quality Function Maturation 4-5Initial Phase 4-5Intermediate Phase 4-5Final Phase 4-6Drivers that Change the Role of the QA Analyst 4-7Management Philosophy 4-7Personal Belief System of Managers 4-8


7/16

Quality Function Recommendations 4-8Support in Corporate Quality Management Environment 4-9Support of Corporate Quality Management with Repository of Quality Information 4-9IT Management Responsibilities in Corporate Quality Management Environment 4-9Implementing an IT Quality Function 4-10Step 1: Develop a Charter 4-10

Step 2: Identify the Quality Manager 4-12Step 3: Locate Organizationally the IT Quality Function 4-13Step 4: Build Support for Quality 4-14Step 5: Staff and Train the Quality Function 4-16Step 6: Build and Deploy the Quality Toolbox 4-18Step 7: Drive the Implementation of the Quality Management Environment 4-19IT Quality Plan 4-19Long-Term Actions 4-20Short-Term Actions 4-21Quality Tools 4-23Management Tools 4-24Brainstorming 4-25Affinity Diagram 4-25

Nominal Group Technique 4-26Cause-and-Effect Diagram 4-27Force Field Analysis 4-29Flowchart and Process Map 4-30Benchmarking 4-31Planning Phase 4-32Analysis Phase 4-33Integration Phase 4-33Action Phase 4-33Matrix 4-34Quality Function Deployment 4-35Fundamental Deployments 4-37Horizontal Deployments 4-38

Vertical Deployments 4-38Playscript 4-39Statistical Tools 4-40Check Sheet 4-40Histogram 4-41Pareto Chart 4-43Run Chart 4-44Control Chart 4-45Scatter Plot 4-47Presentation Tools 4-49Table 4-49Line Chart 4-49Bar Chart 4-50

Pie Chart 4-51Stem-and-Leaf Chart 4-52Process Deployment 4-53Getting Buy-In for Change through Marketing 4-53Step 1: Identify Customer Needs 4-54Step 2: Present Solution in Terms of Customer Needs 4-54Step 3: Identify Barriers and Obstacles 4-55Step 4: Address Barriers and Obstacles 4-55Step 5: Obtain Approval 4-56The Formula for Effective Behavior Change 4-56The Deployment Process 4-56


8/16

Deployment Phase 1: Assessment 4-57Deployment Phase 2: Strategic 4-57Deployment Phase 3: Tactical 4-60Critical Success Factors for Deployment 4-64Internal Auditing and Quality Assurance 4-66Types of Internal Audits 4-66

Differences in Responsibilities 4-67

Skill Category 5

Quality Planning 5-1Planning Concepts -1The Management Cycle 5-2The Planning Cycle 5-4Integrating Business and Quality Planning 5-6The Fallacy of Having Two Separate Planning Processes 5-6Planning Should be a Single IT Activity 5-6

Prerequisites to Quality Planning 5-8The Planning Process 5-9Planning Process Overview 5-9The Six Basic Planning Questions 5-11The Common Activities in the Planning Process 5-13Business or Activity Planning 5-13Environment Planning 5-13Capabilities and Opportunities Planning 5-13Assumptions/Potential Planning 5-14Objectives/Goals Planning 5-14Policies/Procedures Planning 5-14Strategy/Tactics Planning 5-15Priorities/Schedules Planning 5-15

Organization/Delegation Planning 5-15Budget/Resources Planning 5-16Planning Activities for Outsourced Work 5 -16Planning to Mature IT Work Processes 5-17QAI Model and Approach to Mature IT Work Processes 5-17Why Six Process Categories Were Chosen 5-19Manage by Process, a Tactical View of Process Maturity 5-19Tactics for Maturing the Management Processes 5-20Level 1 -- Product Focus 5-22Level 2 -- Process Focus 5-23Level 3 -- End User Focus 5-23Level 4 -- Team Focus 5-23Level 5 World-Class Focus 5-23

Tactics for Maturing the People Management Processes 5-26Level 1 Unpredictable 5-28Level 2 Process Skills 5-29Level 3 Integration 5-30Level 4 Quantitative Management 5-31Level 5 Innovate 5-31Tactics for Maturing the Deliverables Processes 5-32Level 1 Constraint Requirements 5-34Level 2 Business Requirements 5-35Level 3 Relational Requirements 5-35


9/16

Level 4 Quality Requirements 5-35Level 5 Reliability Requirements 5-36Tactics for Maturing the Technology Processes 5-36Level 1 Assessment/Pilot 5-38Level 2 Operational 5-39Level 3 Predictable 5-39

Level 4 Technology Optimization 5-39Level 5 People Optimization 5-39Tactics for Maturing the Quality Assurance Processes 5-39Level 1 Controlling 5-42Level 2 -- Defining 5-42Level 3 -- Aligning 5-43Level 4 -- Adapting 5-43Level 5 -- Champion 5-44Tactics for Maturing the Quality Control Management Processes 5-45Level 1 Validation 5-46Level 2 Verification 5-47Level 3 -- Defect Management 5-47Level 4 -- Statistical Process Control 5-47

Level 5 - Preventive Management 5-47How to Plan the Sequence for Implementing Process Maturity 5-48Relationship between People Skills and Process Definitions 5-48Relationship of Do and Check Procedures 5-49Relationship of Individuals' Assessment of How They are Evaluated to WorkPerformed 5-50Relationship of What Management Relies on for Success 5-51Relationship of Maturity Level to Cost to Do Work 5-52Relationship of Process Maturity to Defect Rates 5-53Relationship of Process Maturity and Cycle Time 5-54Relationship of Process Maturity and End User Satisfaction 5-54Relationship of Process Maturity and Staff Job Satisfaction 5-55Relationship of Process Maturity to an Organization's Willingness to

Embrace Change 5-56Relationship of Tools to Process Maturity 5-56Relationship of the Control and Test Process Category to Quick Paybacks 5-56Strategy for Moving to Higher Maturity Levels 5-57Skipping Levels and Reverting Back to Lower Levels 5-57

Skill Category 6

Define, Build, Implement, and Improve Work Processes 6-1Process Management Concepts 6-1Definition of a Process 6-2

Why Processes Are Needed 6-2Process Workbench and Components 6-3Process Categories 6-5The Process Maturity Continuum 6-7Product and Services Continuum 6-7Work Process Continuum 6-8Check Processes Continuum 6-8Customer Involvement Continuum 6-9How Processes Are Managed 6-9Process Template 6-10Process Management Processes 6-11


10/16

Planning Processes 6-12Process Inventory 6-12Process Mapping 6-13Process Planning 6-14Do Processes 6-15Process Definition 6-15

Check Processes 6-19Identify Control Points 6-19Automatic 6-21Self-Checking 6-21Peer Reviews 6-22Supervisory 6-22Third Party 6-22Process Measurement 6-22Testing 6-23Act Processes 6-23Process Improvement Teams 6-25Process Improvement Process 6-26Identify and Understand the Process 6-26

Improve the Process 6-29

Skill Category 7

Quality Control Practices 7-1Testing Concepts 7-1The Testers Workbench 7-2Test Stages 7-2Integration Testing 7-3System Testing 7-3User Acceptance Testing 7-3Independent Testing 7-3Static versus Dynamic Testing 7-5Verification versus Validation 7-5Computer System Verification and Validation Examples 7-5The V Testing Concept Example 7-7Stress versus Volume versus Performance 7-9Test Objectives 7-9Reviews and Inspections 7-10Review Formats 7-10Informal Review 7-10Semiformal Review (or Walkthrough) 7-10Formal Review (or Inspection) 7-10In-Process Reviews 7-11

Checkpoint Reviews 7-11Phase-End Reviews 7-11Software Requirements Review 7-12Critical Design Review 7-12Test Readiness Review 7-12Post-Implementation Reviews 7-12Inspections 7-12Developing Testing Methodologies 7-14Acquire and Study the Test Strategy 7-14Determine the Type of Development Project 7-14


11/16

Determine the Type of Software System 7-15Determine the Project Scope 7-16Identify the Tactical Risks 7-17Determine When Testing Should Occur 7-18Build the System Test Plan 7-19Build the Unit Test Plans 7-19

Verification and Validation Methods 7-20Management of Verification and Validation 7-20Verification Techniques 7-20Feasibility Reviews 7-21Requirements Reviews 7-21Design Reviews 7-21Code Walkthroughs 7-21Code Inspections or Structured Walkthroughs 7-21Requirements Tracing 7-21Validation Techniques 7-22White-Box 7-22Black-Box 7-23Equivalence Partitioning 7-23

Boundary Analysis 7-23Error Guessing 7-23Incremental 7-23Top-Down 7-24Bottom-Up 7-24Thread 7-24Regression 7-24Unit Regression Testing 7-25Regional Regression Testing 7-25Full Regression Testing 7 -25Structural and Functional Testing 7-25Structural Testing 7-26Functional Testing 7-26

Software Change Control 7-27Software Configuration Management 7-27Change Control Procedures 7-28Defect Management 7-29Defect Management Process 7-29Defect Reporting 7-29Severity versus Priority 7-31A Sample Defect Tracking Process 7-31Using Defects for Process Improvement 7-33

Skill Category 8

Metrics and Measurement 8-1Measurement Concepts 8-1Standard Units of Measure 8-2Metrics 8-2Objective and Subjective Measurement 8-2Types of Measurement Data 8-3Nominal Data 8-3Ordinal Data 8-4Interval Data 8-4Ratio Data 8-4Measures of Central Tendency 8-4Attributes of Good Measurement 8-5


12/16

Reliability 8-5Validity 8-5Ease of Use and Simplicity 8-5Timeliness 8-5Calibration 8-6Using Quantitative Data to Manage an IT Function 8-6

Measurement Dashboards 8-6Statistical Process Control 8-7Key Indicators 8-7Measurement in Software 8-8Product Measurement 8-9Size 8-9Lines of Code 8-9Function Points 8-9Complexity 8-10Cyclomatic Complexity -- v(G) 8-10Knots 8-10Quality 8-10Correctness 8-10

Reliability 8-11Maintainability 8-11Customer Perception of Product Quality 8-11Process Measurement 8-11Variation and Process Capability 8-13The Measurement Program 8-13Installing the Measurement Program 8-15Common and Special Causes of Variation 8-18Common Causes of Variation 8-18Special Causes of Variation 8-19Variation and Process Improvement 8-20Process Capability 8-21Risk Management 8-22

Defining Risk 8-22Characterizing Risk 8-22Situational 8-22Time-Based 8-23Interdependent 8-23Magnitude Dependent 8-23Value-Based 8-23Managing Risk 8-23Risk Identification 8-24Risk Analysis 8-25Risk Prioritization. 8-28Risk Response Planning 8-29Risk Resolution 8-29

Risk Monitoring 8-30Software Risk Management 8-30Risks of Integrating New Technology 8-31Implementing a Measurement Program 8-33The Need for Measurement 8-33Prerequisites 8-34


13/16

Skill Category 9

Internal Control and Security 9-1Principles and Concepts of Internal Control 9-2Internal Control and Security Vocabulary and Concepts 9-2

Internal Control Responsibilities 9-3The Internal Auditors Internal Control Responsibilities 9-3Risk versus Control 9-5Environmental versus Transaction Processing Controls 9-5Environmental or General Controls 9-6Transaction Processing Controls 9-8Preventive, Detective and Corrective Controls 9-9Preventive Controls 9-9Source-Data Authorization 9-10Data Input 9-11Source-Data Preparation 9-11Turn-Around Document 9-11Pre-Numbered Forms 9-11

Input Validation 9-11Computer Updating of Files 9-13Controls over Processing 9-13Detective Controls 9-15Data Transmission 9-15Control Register 9-16Control Totals 9-16Documentation and Testing 9-16Output Checks 9-16Corrective Controls 9-17Error Detection and Resubmission 9-17Audit Trails 9-18Cost versus Benefit of Controls 9-18

The Quality Professionals Responsibility for Internal Control and Security 9-19Risk and Internal Control Models 9-20COSO Enterprise Risk Management (ERM) Model 9-20The ERM Process 9-20ERM Components 9-20COSO Internal Control Framework Model 9-22Example of a Transaction Processing Internal Control System 9-24CobiT Model 9-25Building Internal Controls 9-27Perform Risk Assessment 9-27Model for Building Transaction Processing Controls 9-28Transaction Origination 9-29Transaction Entry 9-29

Transaction Communications 9-29Transaction Processing 9-30Database Storage and Retrieval 9-30Transaction Output 9 -30Building Adequate Security 9-31Where Vulnerabilities in Security Occur 9-31Functional Vulnerabilities 9-31IT Areas Where Security is Penetrated 9-33Accidental versus Intentional Losses 9-35Establishing a Security Baseline 9-36


14/16

Creating Baselines 9-36Step 1: Establish the Team 9-38Step 2: Set Requirements and Objectives 9-39Step 3: Design Data Collection Methods 9-41Step 4: Train Participants 9-43Step 5: Collect Data 9-44

Step 6: Analyze and Report Security Status 9-44Using Baselines 9-46Security Awareness Training 9-46Step 1 Create a Security Awareness Policy 9-47Step 2 Develop a Security Awareness Strategy 9-48Awareness 9-49Training 9-50Education 9-50Professional Development 9-50Step 3 Assign the Roles for Security Awareness 9-51IT Director/CIO 9-51Information Technology Security Program Manager 9-52IT Managers 9-52

Users 9-52Security Practices 9-53

Skill Category 10

Outsourcing, COTS and Contracting Quality 10-1Quality and Outside Software 10-1Purchased COTS software 10-2Evaluation versus Assessment 10-2Outsourced Software 10-3Additional differences if the contract is with an offshore organization 10-3Quality Professionals Responsibility for Outside Software 10-4

Selecting COTS Software 10-6Assure Completeness of Needs Requirements 10-6Define Critical Success Factor 10-7Determine Compatibility with Hardware, Operating System, and Other COTS Software 10-8Hardware Compatibility 10-9Operating Systems Compatibility 10-9Program Compatibility 10-10Data Compatibility 10-10Assure the Software can be Integrated into Your Business System Work Flow 10-10Demonstrate the Software in Operation 10-11Evaluate People Fit 10-13Acceptance Test the Software Process 10-14Selecting Software Developed by Outside Organizations 10-15

Contracting Life Cycle 10-15Selecting an Outside Organization 10-16Feasibility Study 10-16Selection of an Outside Organization 10-18Assure That Requirements and Contract Criteria are Testable 10-19Assure That the Contractor Has an Adequate Software Development Process 10-19Assure That the Contractor Has an Effective Test Process 10-19Define Acceptance Testing Criteria 10-20Contractors Status Reporting 10-20Ensure Knowledge Transfer Occurs 10-20


15/16

Ensure Protection of Intellectual Property Rights of Both Organizations 10-21Developing Selection Criteria 10-21Contracting for Software Developed by Outside Organizations 10-22What Contracts Should Contain 10-22Contract Negotiations 10-23

Operating for Software Developed by Outside Organizations 10-28Acceptance Testing 10-28Acceptance Testing Concerns 10-28Operation and Maintenance of the Software 10-29Operation and Maintenance Concerns 10-30Contractual Relations 10-31Contractual Relation Concerns 10-32

Appendix AVocabulary A-1

Appendix B

References B-1How to Take the CSQA Examination C-1CSQA Examination Overview C-1Quality Assurance Theory C-1Quality Assurance Practice C-2Guidelines to Answer Questions C-2Sample CSQA Examination C-5Part 1 and Part 3 Multiple-Choice Questions C-5Part 1 and Part 3 Multiple-Choice Answers C-11Part 2 and Part 4 Essay Questions and Answers C-12Part 2 Quality Assurance Theory Essay Questions C-12Part 2 Quality Assurance Theory Essay Questions C-15Part 4 Quality Assurance Practice Essay Questions C-18

Part 4 Quality Assurance Practice Essay Answers C-22


16/16

csqa table of contents

Documents