Unit 32 Quality Systems in IT Assignment

Program	Diploma in CSD
Unit Number and Title	Unit 32 Quality Systems in IT Assignment
QFC Level	Level 5

Introduction

Jack & Jill Plc. primarily deal in hardware and network products with their customer base primarily being in the UK and the European Union. Their major business processes include Purchase Management, Sales management, Customer relationship management, Human resource management and Finance management. Each of these business processes of Jack & Jill Plc. manages their own standalone computer systems comprising of various programs. Most of these programs are incompatible with each other making it very hard for the company to have an effective decision making and security mechanism. The company observed this as a failure of their IT systems in understanding the importance of quality assurance in implementing their IT solutions. They also observed that there has been almost no standardization in the processes of project management and quality management leading to the failure of the IT systems of the company in producing accurate reports causing the management to not be able to make effective decisions. This report aims to recognize the necessity of quality assurance systems for the IT systems in Jack & Jill Plc. This report will also observe various principles available in the field of Quality management and project management and will make commendations of the tools and techniques based on these principles.

Task 1: Understand the need for quality assurance in IT systems

1.1 Discuss appropriate standards such as ISO 3000- risk management, ISO – 9000 for best practise, for the development of management Information System to Jack & Jill plc

Standards for the management of Risk: Various norms have been created worldwide to assist organisations actualize risk administration efficiently and adequately. These models look to create a typical view on systems, techniques and practice, and are for the most part set by perceived universal measures bodies or by industry standards. Risk administration is a quick moving discipline and benchmarks are frequently supplemented and upgraded (Association for Project Management, 2004).

The distinctive measures reflect the diverse inspirations and specialized focus of their designers, and are suitable for diverse organisations and circumstances. Measures are typically deliberate, despite the fact that adherence to a benchmark may be needed by regulators.

The standard used across the world includes:

• ISO 31000: 2009: This defined the common principle to assess the risk and the guidelines to meet the risks.
• In United Kingdom the IRM/Alarm/AIRMIC 2002 is used as Risk assessment standard.
• ISO/IEC 31010:2009 is also a standard assessing the risk and the guidelines to meet the risks.
• COSO 2004 is a standard used for managing the risks at enterprise level. ISO 31000: 2009

ISO 31000:2009 – Risk Management: ISO 31000 is based on AS/NZS 4360 with commitments from countries like Switzerland, Brazil and France. The wording was revived in the ISO 73:2009. These two benchmarks ought to be viewed as together for execution purposes. ISO/IEC 31010 Risk Assessment Techniques gives a scope of apparatuses to diverse sorts of risk appraisals (International Standards Organization (ISO), 2009).

ISO 31000 is organized into standards (11 qualities of risk administration), a five-section system (command, plan, execution, checks and change), and methodology (correspondence and discussion, connection, risk evaluation, treatment and checking). It is not intended to give affirmation around controls. It concentrates on the moves made on distinguished risks to cost viably enhance the association's execution. It starts again from scratch of disciplined choice making around risks versus remuneration and of helping associations accomplish their normal results. It is not particular to any one industry, sort or size of association (British Standards Institute, 2002).

ISO 31000 purposefully adjusts risk practices to worldwide principles to compel efficiencies globally from an outer point of view and particularly inside an organization’s administration frameworks and settings. It heads associations to quantify deviations from expected results. As it were, if the association's target is to make esteem, the estimation of risk turns into the deviation from the normal quality made. Particularly ISO 31000 is a widespread standard that can be customized to the particular needs and structures of a firm and characterizes risks as "impact of vulnerability on targets." So what does this mean for practitioners mitigating risks? The greatest change is moving an association's risk centre from a back window perspective to "a worldwide positioning introduction." notwithstanding concentrating on anticipating or relieving known dangers, what is the association confronting out and about up ahead that may impede accomplishing its targets? Relief and control exercises, including protection measures, are still paramount. ISO 31000's does not supplant what risk administration as of now brings to a company. It stretches the esteem that risk managers can include. The major authoritative need identified with this movement is to expand risk administration abilities from receptive to proactive over the organization. Considering risk in a prescient and vital way not just secures the estimation of the organization, it proactively serves to make esteem.

ISO 9000 Standards for Quality best practices: ISO 9000 rules deal with different parts of quality administration and enclose a number of ISO's best acknowledged benchmarks. The models give direction and devices to organizations and associations who need to guarantee that their items and services reliably meet client's necessities, and that quality is reliably moved forward (Canadian Standards Association, 2010).

Following are the list of standards include in the set of ISO 9000:

• ISO 9001:2008 – This defines the prerequisites of a quality administration framework
• ISO 9000:2005 - This defines the fundamental ideas and dialect.
• ISO 9004:2009 - concentrates on how to define a quality administration framework more proficient and successful.
• ISO19011:2011 - This guides the direction on inside and outer reviews of quality administration frameworks.

ISO 9001:2008: ISO 9001:2008 defines the principles for a quality administration framework and is the main framework in the family that can be confirmed to (despite the fact that this is not a prerequisite). It can be utilized by any association, big or small, paying little mind to its field of action. ISO 9001:2008 is executed by in excess of one million organizations and associations in excess of one hundred seventy countries nations. This standard is focused around various quality administration standards including a strong focus on the customer satisfaction, the inspiration and ramifications of top level administration, the procedure approach and persistent change. Utilizing ISO 9001:2008 aides guarantee that clients get reliable, great quality items and services, which thus brings numerous business advantages (International Standards Organization (ISO), 2009).

ISO 9001:2008 survey the dangers, for example, finance, lawful and characteristic catastrophes, connected with a project.

1.2 Assessment of risks associated with the development of Management Information System for Jack & Jill plc

Risk Assessment happens at each phase of the project management procedure, starting with selection of the project and proceeding to client handoff and conclusion. For the purpose of development of MIS system at Jack & Jill Plc., this section will highlight apparatuses that are particularly helpful amid the planning stage. Risk evaluation at this phase is prone to lead a group to change or stretch the starting WBS to get ready for newfound potential outcomes. Any task, paying little respect to its size, requires vulnerability investigation (Chapman and Ward, 2002).

The members of the MIS project team ought to consider risk measurements to guarantee they have thrown a wide enough net amid the appraisal stage. The classification of risks can help measure the project team the sources, outcomes and probability of the risks.

Classification of risks:

• Financial: The organizations’ financial position has a major impact upon the success of the project.  If the financial condition is poor than it could lead to abrupt termination of the project.
• Technical: In some projects there may be a situation which requires dealing with a   technical challenge and could lead to delay in completion of the project. A probable technical advance can similarly affect the project in a positive manner.
• Business Environment: The market forces can also impact a project. For instance a change in government regulation can certainly impact the project completion.
• Social factors: There are many social factors like the intervention of stakeholder which can have a major impact upon the project success. If the stakeholders are positive about the project than there is more probability of successful completion of a project.
• External/Natural Environment: Natures call can certainly have an impact on the project. Impact of nature is negative like floods, earthquakes, spreading of an epidemic etc.

In order to avoid the occurrences of these risks, the MIS project team needs to have Quality Assurance practices in place which could prevent these risks or at least can minimize their impact.

1.3 Quality Assurance Practices at various stages of development

Quality Assurance is ensuring a defect free product, solution or service to customers. As defined by ISO 9000, quality assurance is a part of quality management which focuses on fulfilling quality requirements of the solutions or services. During QA measures are taken to ensure that the product being built will meet all the specifications for a physical product and for a software it is ensured by the means of quality assurance practices by testing the code to see whether the software functionality is meeting specified business objective and the code is bug free before it goes to the customer. Quality Assurance practices needs to be employed at all the stages of development of an IT solution right from the inception of a development project till its completion (Project Management Institute, 2004).

The overall QA process comprises of a number of different phases. Each phase has its own activities which need to be performed by a specific group generally the QA team which is independent of the software developers. The QA team members are the guys who are responsible for planning, analysing and executing and reporting about the QA activities (Paulk.et. al., 1993). Following are some of the Quality Assurance activities which need to be performed at every stage of SDLC by the QA team being engaged during the course of development of the MIS system.

• Software Project Planning - Finalize the QA plan as soon as the software project planning takes place so that there is enough time available for the QA team to execute the plan during the course of development.
• Requirement Gathering – Perform thorough review of the business requirements so as to ensure that established standards are being adhered and the solution being designed will conform to the user needs.
• Design – Perform reviews of the solution designs to ensure that the design proposed is meeting the requirements and approved methodologies are being followed.
• Code Review – Perform code reviews to ensure that the code being written adheres to the industry best practices and the guidelines established by the organisations.
• Prepare Test plans and perform integration testing – While the unit testing can be done by the software developers, the QA team needs to come up with a test plan and perform software integration testing based on that test plan so as to ensure the software meets the overall requirements.
• Post Implementation Audits – Perform periodic QA audits to ensure the necessary quality control over the system.

Task 2: Be able to employ standard quality control documentation

2.1 Quality control document for each stage of the development of Management Information Systems for Jack & Jill PLC

Quality control will need to be involved at each stage of system development. An early detection of bugs often proves to be less costly in fixing and doesn’t affect the budget. Some of the most prominent quality control activities include the following:

• Definition and classification of bugs and their severity
• Inspection of project related documents and code
• Testing of the software
• Recording and logging of bugs
• Setting up quality control boundaries
• Performing boundary tests and corrective actions

Each activity in the quality control process require their own documentation to be created and reserved for ensuring proper planning, execution and control of the processes (Weinberg, 1991). ISO 9001:2008 specifically mentions the documents such as a Quality Policy, Quality Objectives, and a Quality Manual. However, several other documents can be prepared by the MIS project team at Jack & Jill Plc. for ensuring the quality of the system at each stage of the system development. These documents include:

Requirements Review Document: Once the requirements have been gathered by the MIS project team from business, a quality review of the SRS needs to be carried out. The template which can be followed for this purpose can be the following:

Reviewer:                                                                   Reviewer: Requirements Review Checklist Organization   Does the SRS follow the prescribed template?   Have the requirements been properly prioritized?   Have the requirements been properly cross-referenced? Completeness   Have the requirements been properly detailed?   Are all the users or system needs identified in the SRS?   Missing information identified?   Error conditions documented? Correctness   Duplication of requirements identified?   Is the language concise and understandable? Non-functional Specifications   Are all performance, security and safety considerations appropriately identified?   Quality attributes documented properly with acceptable adjustments?

Project Plan Review Documents: The project plan review checklist is to be used by the system owners, project managers and is intended to ascertain whether all the necessary standards have been following while preparing a project plan. A very elementary project plan review checklist is given below which can be used by the MIS development team:

Project Name: <<Name of Project>>                                    Program Project ID#: <<Project #>>   Reviewer: _____________________                                   Date: ___________________

Content   Project plan adheres to the prescribed template?  Document management procedures being followed?   Stakeholders appropriately identified?   Scope, boundaries and assumptions are clearly mentioned?  Work breakdown structure prepared?  Key Milestones, tasks and resources have been identified?   Milestones have been assigned a target date?  Resources have been allocated to each task?   Schedule buffer has been considered?   Budget   Estimates of project efforts and budget are included?   Buffer for project cost has been considered?   <<More sections can be added as and when required>>

Design Review Checklist: The template for the design review checklist is the following:

Project Name: <<Name of Project>>                                    Program Project ID#: <<Project #>>   Reviewer: _____________________                                   Date: ___________________

Design methodology has been selected based on the finalized requirements?   Software architecture has been identified?   Input, output and other entities have been identified?   A User interface approved by the business owner has been designed?  A Data model has been identified and designed?  Function design document has been created and reviewed?   Physical data model has been designed?  Appropriate Error handling mechanisms have been identified?                   The system design is approved along with the system architecture?

Code Review Checklist:

Following is the template for code review checklist:

Project Name: <<Name of Project>>                                    Program Project ID#: <<Project #>>   Reviewer: _____________________                                   Date: ___________________

Does the code totally and appropriately comply with the design? Does the code adhere to any appropriate coding best practices? Is the code well-formatted, stable in style, and properly organized? Is there any untraceable code block or any unnecessary procedure written in the code? Does the code contain any discarded stubs? Is there a possibility to replace a code block by calling a library function or external component? Are there any repeated procedures which can be merged in a single class? Is memory management and garbage collection properly handled? Are the variables clearly defined and adhere to the established naming conventions? Is the code appropriately documented with proper commenting?

Test Documents:

• Test Approach Document: A test approach document is created out of the SRS and project plan defining the overall approach while testing the software. This document needs to be reviewed by the product manager, Dev. Lead, Business contact, and other stakeholders before signing off.
• Test Plan: A test plan document is created based on the test approach document and is required to identify the features of software to be tested and procedures to be following while testing those features. Test plan also identifies the tools, resources, contact persons, risks, bug management steps etc.

Task 3: Be able to use project management tools

3.1 Project planning and management tools for MIS system development For Jack & Jill Plc

Project Management Tools: Project Management is the procedure of characterizing, planning, sorting out, leading and controlling the progress of a Project. The objective of Project Management is to convey an Information System that is satisfactory to Users and is produced on time and inside plan.

There are various tools available for project management; some of them are discussed below: Gantt chart: It is a graphical illustration of a Project that demonstrates each individual task as a bar in horizontal direction. The length of the bar is corresponding to ideal time for culmination. A Gantt chart is an even bar graph that outlines a Project plan. In the Gantt chart Time is shown on the horizontal direction while the activities are orchestrated vertically (start to finish), in place of their dates of initiation. A definite Gantt chart for a vast project may be truly intricate and difficult to understand (Project Management Institute, 2004). To improve the outline, project administrator can join related exercises into one Task. Gantt chart doesn’t demonstrate how assignments must be requested (priority) however basically indicate when an assignment ought to start and ought to end. Gantt chart is more valuable to for delineating moderately straightforward ventures or sub activities of an expansive project, the exercises of a solitary worker, or for observing the advancement of exercises contrasted with planned fulfilment dates.

Pert/CPM: Pert and CPM falls under the category of network diagrams. Network diagrams are graphical portrayal of Project activities and their between connections. The recognizing peculiarity of a Network Diagram is that the requesting of Tasks is indicated by associating with its ancestor and successor activities. Network Diagramming in the technical terms is considered as a technique for scheduling the use of assets. This results in better use of resources. PERT stands for program evaluation review technique. It is among the most troublesome and most error inclined exercises when developing a Project Schedule. This involves the estimation of the time for each activity. Each activity is defined following a Work Breakdown Structure.  Pert is a strategy used to compute the probable time for completion of an activity. Pert is a strategy that is based on Optimistic Pessimistic and Realistic Time assessments to compute the probable time completion for an activity (Marciniak, 1994).  Optimistic time is the least conceivable time required for the completion of an activity while Pessimistic time is the maximum conceivable time required for the completion of an activity. The third term Realistic time denotes the likely time in which the activity will finish.

Critical Path Scheduling (CPS): A planning strategy where the request and term of a succession of task activities straightforwardly influence the completion of the project.

Following are the advantages of Network Diagram in project management:

• These show a well-defined starting and end point
• Is independent of rest of the project activities
• Shows the tasks in an ordered manner

3.2 Suitability of tools used to manage the development of MIS system for Jack & Jill Plc

As discussed above, Jack & Jill Plc. can utilize either PERT/CPM or Gantt Charts to manage the development of their MIS system. This section throws light on the strengths and weaknesses of the respective management tools to ascertain their suitability

Pert/cpm: Program Evaluation and Review Technique (PERT) and Critical Path Method (CPM) assist the supervisors to plot the scheduling of projects comprising consecutive actions. PERT/CPM charts recognize the time essential to complete the actions in a project, and the sequence of the steps. Each action is allotted an earliest and latest start time and end time. Actions with no slack time are said to lie beside the critical path–the path that must stay on time for the project to be on schedule.

Predicted Accomplishment Time: A strong point of PERT/CPM charts is their capability to analyse accurately how much time the project will be taking. PERT/CPM offers administrators with a variety of time in which the project should be finished,  on the basis of the  total of all minimum and maximum time limits for all actions. This provides the firms numerous of benefits, like the capacity to communicate clients precisely when their orders will be complete, or to know accurately when to demand new deliveries (Abdel-Hamid and Tarek, 1991). The projected accomplishment time of the project is grounded on ideal conditions and does not take into account the chance of unexpected proceedings. The probable finishing  time of all following activities and the project all together can become slanted when things go wrong, which can cause complications if the company has made plans that depend on  the on time accomplishment of the project. Additional loop hole of PERT/CPM is that the method depends on previous data and experience to frame accomplishment time estimates. New companies may not have any previous experience to rely on, positioning them at a disadvantage.

Critical Path: The critical path recognized in a PERT/CPM chart displays the most time consuming actions of the supervisors. This permits them to emphasis on procedure enhancements on the jobs that are most dynamic for the timely accomplishment of the assigned task. More slack time can be produced by dropping the dealing out time at critical points in the project, or the project agenda can be squeezed up for a faster improvement (Bach, 1995). Nevertheless the supervisors may lay more stress on activities alongside the critical path. A loophole of CPM is that it stresses principally on the time feature of activities and ignores other concerns like quality or excellence and budget control. Concentrating a lot on the critical path can result in the supervisor’s less attention towards the probable production progresses in further activities.

Gantt Charts: For setting up of Gantt chart, one needs to concentrate on each and every task involved in the project. Being a part of this procedure, one will need to do some sort of homework regarding which task should be performed by whom, also time limit will be to be decided for each activity, the supervisor will be also required to make a thorough study of the expected issues which may occur during the whole process. An in-depth thoughtfulness can help the team as well as the supervisor to ensure that the plan is feasible, each task has been handed over to the appropriate person and also that they have made a thorough study regarding the prospective problems before beginning the task or project (Project Management Institute, 2004). As a final point, the charts can be if great use for updating the team as well as the promoters or sponsors regarding the progress in the project. The supervisor will also specific need keep a timely update in the chart regarding any changes in the schedule, its implications and the completion as well.

Conclusion

Jack & Jill Plc. had been facing a number of issues because of their disintegrated and non-standardised computer systems being used by the different business practices in the company. Haphazard decision making and lacklustre reporting led the management to rethink their IT strategy and shifted their focus towards Quality Assurance practices, effective risk management and Standardisation of their processes. This report tried to showcase the importance of Quality control mechanisms while developing an MIS system for Jack & Jill Plc. and looked into aspects of Risk management and associated standards defined by ISO in this regards. Additionally the report also talked about the Quality Assurance practices at each stage of the system development and provided document templates for quality control at each stage. Based on the points put forward in this report Jack & Jill Plc. would be recommended for going for ISO 31000:2009 standards for risk management and ISO9001:2008 for quality control best practices. For managing the project at various stages, the company may opt for project management tools such as Gantt Charts or PERT/CPM. These tools generally come along with project management software such as Microsoft Project Server.

References

Abdel-Hamid, Tarek K (1991), Software Project Dynamics: an Integrated Approach, Prentice-Hall, 1991
Association for Project Management (2004) Project Risk Analysis & Management (PRAM) Guide. 2nd edn. High Wycombe: APM.
Bach, J (1995), Enough about Process: What We Need are Heroes, IEEE Software, March 1995.
British Standards Institute (2000a) BS6079-3:2000: Project Management. Part 3: Guide to the Management Business -related Project Risk. London: BSI.
British Standards Institute (2002) ISO/IEC Guide 73:2002: Risk Management. Vocabulary Guidelines for Use in Standards, London: BSI.
Canadian Standards Association (2010) CAN/CSA-Q850-97: Risk Management: Guideline for Decision makers. Mississauga, Ont: Canadian Standards Association.
Chapman, C.B. and Ward, S.C. (2002) Managing Project Risk and Uncertainty. Chichester: Wiley.
International Organization for Standardization, ISO/IEC 9126:1991(E) Quality Characteristics and Guidelines for Their Use, ISO/IEC, 1991
International Standards Organisation (ISO) (2009) ISO/IEC New Work Item Proposal: General Guidelines for Principles and Implementation of Risk Management, London: BSI.
Japanese Standards Association (2001) JIS Q2001:2001(E): Guidelines for Development and Implementation of Risk Management System. Tokyo: JSA.
Marciniak, J (1994) Encyclopaedia of Software Engineering, v. 1, pp 958-969, John Wiley & Sons,