Quality assurance

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Quality Assurance - Quality Control

Management should establish quality assurance procedures and update future planning with the quality assurance results.

These procedures may include:

  • Internal performance measures
  • Focus groups
  • Customer surveys


Management should conduct quality assurance reviews for all significant activities both internally and with another organization. The traditional goal of Quality Assurance (QA) activities is to ensure the product conforms to specifications, and is fit to use.

Quality Assurance asks three fundamental questions:

  • Does it work?
  • Does it do what it is designed to do?
  • Is it fit for use?


The purpose of quality Control (QC) activities is to identify weaknesses in work products and to avoid the resource drain and expense of redoing a task. While financial institutions will benefit from that perspective, they also have additional incentives to incorporate QA functions into their IT environment. QA functions can be effective in preventing internal fraud. For example, management can conduct quality assurance testing on a new system before implementation. The testing should be independent of any programming function (if developed in-house) and incorporate user acceptance testing programs (if off-the-shelf). The thorough testing of a new system can identify malicious code or poor functionality. QA reports are a valuable tool for management and help document the control process for the production environment.