Free Practice Questions for Software Certifications CSQA Exam

Subjective baseline studies will be the most commonly conducted studies in measuring quality and productivity. Subjective means that judgment is applied in making the measure. We noted in the discussion on objective measures that when the individual involved in recording time has the option of applying judgment, then the measure becomes subjective.

Baselines should be quantitative even if it is a subjective measure, but quantitatively subjective. For example, because quality conformance and nonconformance must be defined by people, we are looking for ways to put this information into a quantifiable format. This does not convey a lot of information, but it is indicative of a problem. However, if we develop a five-point scale for unresponsiveness, and ask your dissatisfied customer to complete that scale, we now have conveyed a lot more information. If our scale rates “1” as very poor service, and “5” as very good service, there is a great deal of difference between a “1” rating and a “3” rating for dissatisfaction.

Examples of products/services that can be measured subjectively for developing a baseline include:

Customer satisfaction

Effectiveness of standards/manuals

Helpfulness of methodologies to solve problems

Areas/activities causing the greatest impediments to quality/productivity

Causes for missed schedules/over-budget conditions

Understandability of training materials

Value of tools

Importance of activities/standards/methods/tools to individual activity

Baselines can be conducted for any one of the following three purposes:

Planning: To determine where detailed investigation/survey should be undertaken.

Internal analysis: To identify problems/areas for quality improvement. Once the problem/area has been identified, then no additional effort need be undertaken to formalize the results.

Benchmarking: Comparison against external organizations.

Process management is a PDCA cycle. Process management processes provide the framework from within which an organization can implement process management on a daily basis. The following figure shows how this set of practices can be viewed as a continuous improvement cycle.

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-12 at 7.58.25 PM.png

Most people on a job, and even in management positions, do not understand what the job is, or what is right versus wrong. Moreover, it is not clear to them how to find out.

Many of them are afraid to ask questions or to report trouble. The economic loss from fear is appalling. It is necessary, for better quality and productivity that people feel secure.

Another related aspect of fear is the inability to serve the best interest of the company through necessity to satisfy specified rules, or to satisfy a production quota, or to cut costs by some specified amount.

One common result of fear is seen in inspection. An inspector records incorrectly the result of an inspection for fear of overdrawing the quota of allowable defectives of the work force.

Reduce the Number of Vendors

Requiring statistical evidence of quality control in the purchase of hardware and software will mean, in most companies, drastic reduction in the number of vendors with whom they deal. Companies will have to consider the cost of having two or more vendors for the same item. A company will be lucky to find one vendor that can supply statistical evidence of quality. A second vendor, if they cannot furnish statistical evidence of their quality, will have higher costs than the one that can furnish the evidence, or they will have to chisel on their quality, or go out of business. A person that does not know his/her costs or whether today's distribution of quality can be repeated tomorrow is not a good business partner.

Use Statistical Methods to Find Sources of Trouble

Which are user faults? Which faults belong to IT? Put responsibility where it belongs. Do not rely on judgment because it always gives the wrong answer on the question of where the fault lies. Statistical methods make use of knowledge of the subject matter where it can be effective, but supplant it where it is a hazard.

Constantly improve the system. This obligation never ceases. Most people in management do not understand that the system (their responsibility) is everything not under the governance of a user.

Institute Modern Aids to Training on the Job

Training must be totally reconstructed. Statistical methods must be used to learn when training is finished, and when further training would be beneficial. A person once hired and trained and in statistical control of his/her own work, whether it be satisfactory or not, can do no better. Further training cannot help. If their work is not satisfactory, move them to another job, and provide better training there.

Force field analysis is a visual team tool used to determine and understand the forces that drive and restrain a change. Driving forces promote the change from the existing state to the desired goal. Opposing forces prevent or fight the change. Understanding the positive and negative barriers helps teams reach consensus faster.

The steps below show how a team uses force field analysis:

Establish a desired situation or goal statement.

Brainstorm and list all possible driving forces.

Brainstorm and list all possible restraining forces.

Determine the relative importance of reaching consensus on each force.

Draw a force field diagram that consists of two columns, driving forces on one side and restraining forces on the other.

Select the most significant forces that need to be acted upon using the nominal group technique to prioritize and reduce the number, if there are too many.

Proceed to a plan of action on the forces selected in the previous step

Independent monitoring are those monitoring activities, which are performed by individuals not employed by the organizational unit responsible for the work. Independent monitoring can be performed by:

An organizational unit established for the purpose of monitoring

For example, in health care units, an “HIPAA compliance group” might be established to monitor compliance to HIPAA requirements.

Internal auditors

An audit activity within the organization who is independent from the organization they monitor or audit, and generally independent from the management over the activity being monitored.

External auditors

Auditors engaged by the Board of Directors to evaluate the adequacy of the organization’s system of internal control and other activities governed by auditing standards.

The extensiveness of independent monitoring is normally determined by the adequacy of the organization’s system of internal controls. If those performing independent monitoring believe that the system of internal control is effective, the extent of their monitoring will decrease. On the other hand, if there’s significant weakness in the system of internal control, monitoring will be increased.

SEI CMM Model:

It is a staging model.

All processes have to be followed in order.

Designed specifically for software organizations.

It has 5 stages:

Initial – Level 1

Repeatable – Level 2

Defined – Level 3

Managed – Level 4

Optimizing – Level 5

ISO 9000:

It is a continuous model.

Processes can be followed independently.

Not specific to software organizations.

Automated Enforcementis normally viewed as the most fair of all methods of enforcement. It isnormally performed by a computer. The rules are included in the computer system, and whenthose rules are violated, enforcement is automatic.

Automated enforcement is a predetermined enforcement decision. The computer merely executes the action. For example, if you need a password to enter into a system and you do not enter a correct password, access is denied. If you are charging items on your credit card and you have exceeded your credit limit, the computer action is to disallow the purchase.

The checklist must contain the following items to determine necessary management security controls placed over online software systems:

Ensure that staff knows who does what relative to security—the security dos and do nots.

Ensure that staff has sufficient resources and skills to exercise its security responsibilities.

Ensure that security is considered in job performance appraisals and results in appropriate rewards and disciplinary measures.

Ensure awareness of the need to protect information; provide training to operate nformation systems securely and be responsive to security incidents.

Ensure that security is an integral part of the systems development life cycle process and explicitly addressed during each phase of the process.

Ensure that staff with sensitive roles has been vetted.

Ensure that the organization is not dependent on one individual for any key security task (i.e., appropriate segregation of duties).

Ensure that privacy and intellectual property rights, as well as other legal, regulatory, contractual and insurance requirements, have been identified with respect to security and processes in your area of responsibility.

Ensure that applicable security measures have been identified and implemented (e.g., effective backup, basic access control, virus detection and protection, firewalls, intrusion detection and adequate insurance coverage).

Ensure that a suitable technical environment is in place to support security measures

Answer is below in explanation.

Explanation

Exhibit:

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-12 at 12.54.11 AM.png

Plan (P): Devise a plan - Define the objective, expressing it numerically, if possible. Clearly describe the goals and policies needed to attain the objective at this stage. Determine the procedures and conditions for the means and methods that will be used to achieve the objective.

Do (D): Execute the plan - Create the conditions and perform the necessary teaching and training to ensure everyone understands the objectives and the plan. Teach workers the procedures and skills they need to fulfill the plan and thoroughly understand the job. Then perform the work according to these procedures.

Check (C): Check the results – As often as possible, check to determine whether work is progressing according to the plan and whether the expected results are obtained. Check for performance of the procedures, changes in conditions, or abnormalities that may appear.

Act (A): Take the necessary action - If the check reveals that the work is not being performed according to plan, or if results are not what were anticipated, devise measuresfor appropriate action. Look for the cause of the abnormality to prevent its recurrence. Sometimes workers may need to be retrained and procedures revised. The next plan should reflect these changes and define them in more detail.

The workbench transforms to the input to produce the output. The workbench is comprised of two procedures: Do and Check, which correspond to the Do and Check phases of the PDCA cycle. If the Check procedure determines that the standards for the output product are not met, the process engages in rework until the output products meet the standards, or management makes a decision to release a nonstandard product. People, skills, and tools support the Do and Check procedures. A process is defined by workbench and deliverable definitions. A process is written with the assumption that the process owners and other involved parties possess certain skill and knowledge levels (subject matter expertise).

Rahail HDD:Users:iMac:Desktop:Screen Shot 2015-01-13 at 2.13.25 AM.png

Organizations choose to adopt a model for any or all of the following reasons:

Satisfy business goals and objectives

If the current infrastructure and processes are not meeting business goals and directives, adopting a model can refocus the IT organization to meet those goals and objectives.

Requirements are imposed by customer(s)

In an effort to improve efficiency and effectiveness, key customers may direct the IT organization to adopt a model.

For competitive reasons

External customers may only do business with an IT organization that is in compliance with a model.

As a guide (roadmap) for continuous improvement

A model usually represents the combined learning of leading organizations, and, as such, provides a roadmap for improvement. This is particularly true of continuous models.

The steps below describe a sample defect tracking process. Depending on the size of the project or project team, this process may be substantially more complex.

1. Execute test and log any discrepancies.

The tester executes the test and compares the actual results to the documented expected results. If a discrepancy exists, the discrepancy is logged as a “defect” with a status of “open.” Supplementary documentation, such as screen prints or program traces, is attached if available.

2. Determine if discrepancy is a defect.

The Test Manager or tester reviews the defect log with an appropriate member of the development team to determine if the discrepancy is truly a defect, and is repeatable. If it is not adefect, or repeatable, the log should be closed with an explanatory comment.

3. Assign defect to developer.

If a defect exists it is assigned to a developer for correction. This may be handled automatically by the tool, or may be determined as a result of the discussion in step 2.

4. Defect resolution process.

When the developer has acknowledged the defect is valid, the resolution process begins.