Welcome » IT Booklets » Management » IT Risk Management Process » Measure and Monitor » Quality Assurance/Quality Control
Management should establish quality assurance procedures and
update future planning with the quality assurance results. These
procedures may include internal performance measures, focus groups,
and customer surveys. Management should conduct quality assurance
reviews for all significant activities both internally and with
The traditional goal of Quality Assurance (QA) activities is to
ensure the product conforms to specifications, and is fit to use.
QA asks three fundamental questions: Does it work? Does it do what
it is designed to do? Is it fit for use? The purpose of quality
Control (QC) activities is to identify weaknesses in work products
and to avoid the resource drain and expense of redoing a task.
While financial institutions will benefit from that perspective,
they also have additional incentives to incorporate QA functions
into their IT environment. QA functions can be effective in
preventing internal fraud. For example, management can conduct
quality assurance testing on a new system before implementation.
The testing should be independent of any programming function (if
developed in-house) and incorporate user acceptance testing
programs (if off-the-shelf). The thorough testing of a new system
can identify malicious code or poor functionality. QA reports are a
valuable tool for management and help document the control process
for the production environment.