Difference between Software Quality Assurance and Quality Control
This article considers the difference between Quality Assurance and Quality Control. The concepts are investigated by looking for guidance from key industry players.
It is important for an organisation to agree on what is meant by QA, and what is meant by QC. Both form an integral part of the organisation’s overall quality management plan, and the effectiveness of delivery teams relies on the differences being well understood by all stakeholders, including management.
Effective quality systems can contribute enormously to the success of projects, but the counterpoint is that, when poorly understood, the quality systems are likely to be weak, and ineffective in ensuring that the delivered system satisfies the customer’s requirements, is delivered on time, and built by the team within their allocated budget.
How many times has it struck you that many practitioners involved in the ICT field lack an understanding of the difference between Quality Assurance and Quality Control? Often you will hear someone talk about ‘QA’, when what they actually mean is ‘QC’.
As a business analyst this consistently throws up problems, since having ambiguity is a sure way of undermining a project. The ambiguity tends to lead to strained conversations, and reaching consensus becomes difficult. Projects are negatively affected.
Although QA and QC are closely related concepts, and are both aspects of quality management, they are fundamentally different in their focus:
- QA is all about the process of managing for quality;
- QC is all about verifying the quality of the output.
Achieving success in a project requires both QA and QC. If we only apply QA, then we have a set of processes that can be applied to ensure great quality in our delivered solution, but the delivered solution itself is never actually quality-checked. Likewise, if we only focus on QC then we are simply conducting tests without any clear vision for making our tests repeatable, for understanding and eliminating problems in testing, and for generally driving improvement into the means we use to deliver our ICT solutions.
In either case, the delivered solution is unlikely to meet the customer expectation, or to satisfy the business needs that gave rise to the project in the first place.
Understanding the difference between Quality Assurance and Quality Control?
So, what exactly is the difference between Quality Assurance (QA) and Quality Control (QC)?
A good point of reference for understanding the difference is the ISO 9000 family of standards. These standards relate to quality management systems and are designed to help organisations meet the needs of customers and other stakeholders.
In terms of this standard, a quality management system is comprised of quality planning and quality improvement activities, the establishment of a set of quality policies and objectives that will act as guidelines within an organisation and QA and QC.
The ISO 9000 standard defines Quality Control as:
“A part of quality management focused on fulfilling quality requirements”
The standard goes on to define Quality Assurance as:
“A part of quality management focused on providing confidence that quality requirements will be fulfilled”
These definitions lay a superb foundation, but they are a bit too broad and vague to be useful. NASA, one of the most rigorous software engineering firms in the world, has provided us with the following definitions:
Software Quality Control
"The function of software quality that checks that the project follows its standards, processes, and procedures, and that the project produces the required internal and external (deliverable) products"
Software Quality Assurance
"The function of software quality that assures that the standards, processes, and procedures are appropriate for the project and are correctly implemented"
Simply put, Quality Assurance focuses on the process of quality, while Quality Control focuses on the quality of output.
Quality Assurance: a Strategy of Prevention
Leading off from the definitions above, we understand that QA is focused on planning, documenting and agreeing on a set of guidelines that are necessary to assure quality. QA planning is undertaken at the beginning of a project, and draws on both software specifications and industry or company standards. The typical outcomes of the QA planning activities are quality plans, inspection and test plans, the selection of defect tracking tools and the training of staff in the selected methods and processes.
The purpose of QA is to prevent defects from entering into the solution in the first place. In other words, QA is a pro-active management practice that is used to assure a stated level of quality for an IT initiative.
Undertaking QA at the beginning of a project is a key tool to mitigate the risks that have been identified during the specification phases. Communication plays a pivotal role in managing project risk, and is crucial for realising effective QA. Part of any risk mitigation strategy is the clear communication of both the risks, and their associated remedies to the team or teams involved in the project.
Quality Control: a Strategy of Detection
Quality Control on the other hand includes all activities that are designed to determine the level of quality of the delivered ICT solutions. QC is a reactive means by which quality is gauged and monitored, and QC includes all operational techniques and activities used to fulfil requirements for quality. These techniques and activities are agreed with customers and/or stakeholders before project work is commenced.
QC involves verification of output conformance to desired quality levels. This means that the ICT solution is checked against customer requirements, with various checks being conducted at planned points in the development lifecycle. Teams will use, amongst other techniques, structured walkthroughs, testing and code inspections to ensure that the solution meets the agreed set of requirements.
Benefits of Quality Management
The benefits of a structured approach to quality management cannot be ignored.
Quality control is used, in conjunction with the quality improvement activity, to isolate and feedback on the causes of quality problems. By using this approach consistently, across projects, the feedback mechanism works towards identifying root-cause problems, and then developing strategies to eliminating these problems. Using this holistic approach ensures that teams achieve ever higher levels of quality.
As a consequence of formulating, and executing, a quality management plan the company can expect:
- Greater levels of customer satisfaction, which will very likely result in both repeat business, as well as referral business;
- A motivated team that not only understand the policy objectives of the quality management plan, but who also actively participate in executing the plan;
- Elimination of waste by eliminating rework arising from either the need to address bugs, or to address gaps in the solution’s ability to meet customer requirements;
- Higher levels of confidence in planning, since the tasks arising from unplanned rework will fall away;
- Financial rewards for the company, which are a consequence of new projects from existing and referral clients, as well as through the reduction of monies spent on rework tasks.
As the company’s quality management plan matures, the confidence of all stakeholders will grow. The company will be seen to be more effective and efficiency in delivering an agreed ICT solution will be demonstrated to clients.
The company stands to build a solid reputation for outstanding performance in the market place.
 ISO 9000 on Wikipedia: http://en.wikipedia.org/wiki/ISO_9000
 ISO 9000:2000, Clause 3.2.10
 ISO 9000:2000, Clause 3.2.11
More by this Author
In this article I discuss the problem of accounting for your hours in your Certified Business Analyst Professional (CBAP) online application form as required by the International Institute of Business Analysts. I supply...
Two models, the Capability Model, and the Value Stream, are emerging as powerful tools that are essential for building robust strategic views of the business. These architectural views speak to decision-makers in their...
The International Institute of Business Analysis (IIBA) have identified a set of competencies they consider necessary for a practicing business analyst to be effective at their job. This article builds a capability view...