Welcome » IT Booklets » Management » III IT Risk Management » III.D Monitoring and Reporting » III.D.6 Quality Assurance and Quality Control
Quality assurance (QA) is a process intended to ensure that a
product or service under development meets specified requirements.
Management should oversee the establishment of a QA process and
update future planning with the results. QA may include internal
performance measures, focus groups, and customer surveys.
Management should assess whether QA testing is conducted on new or
updated systems before implementation. Testing should be
independent of any programming function and should incorporate user
acceptance testing programs. The thorough QA testing of a new
system can identify vulnerabilities or poor functionality.
Quality control (QC) is a procedure intended to ensure that a
product or application adheres to a defined set of quality criteria
that meet the requirements of the end user. QC includes activities
that can be used to identify weaknesses or vulnerabilities in work
products and to avoid the resource drain and expense of repeating a
task. The traditional goal of QC activities is to ensure that a
product conforms to specifications and is fit to use. QC helps to
determine the following about a product:
QA and QC reports are valuable tools for management and help
document the control process for the production environment.