Docstoc

test

Document Sample
test Powered By Docstoc
					■ TEST FACTOR
■ Correctness. Assurance that the data entered, processed, and outputted by the
application system is accurate and complete. Accuracy and completeness are achieved
through controls over transactions and data elements, which should commence when a
transaction is originated and conclude when the transaction data has been used for its
intended purpose.
■■ File integrity. Assurance that the data entered into the application system will be
returned unaltered. The file integrity procedures ensure that the right file is used and that
the data on the file and the sequence in which the data is stored and retrieved is correct.
■■ Authorization. Assurance that data is processed in accordance with the intents of
management. In an application system, there is both general and specific authorization for
the processing of transactions. General authorization governs the authority to conduct
different types of business, whereas specific authorization provides the authority to
perform a specific act.
■■ Audit trail. The capability to substantiate the processing that has occurred. The
processing of data can be supported through the retention of sufficient evidential matter
to substantiate the accuracy, completeness, timeliness, and authorization of data. The
process of saving the supporting evidential matter is frequently called an audit trail.
■■ Continuity of processing. The ability to sustain processing in the event problems
occur. Continuity of processing ensures that the necessary procedures and backup
information are available to recover operations should integrity be lost. Continuity of
processing includes the timeliness of recovery operations and the ability to maintain
processing periods when the computer is inoperable.
■■ Service levels. Assurance that the desired results will be available within a time frame
acceptable to the user. To achieve the desired service level, it is necessary to match user
requirements with available resources. Resources include input/output capabilities,
communication facilities, processing, and systems software capabilities.
■■ Access control. Assurance that the application system resources will be protected
against accidental and intentional modification, destruction, misuse, and disclosure. The
security procedure is the totality of the steps taken to ensure the integrity of application
data and programs from unintentional and unauthorized acts.
■■ Compliance. Assurance that the system is designed in accordance with organizational
strategy, policies, procedures, and standards. These requirements need to be identified,
implemented, and maintained in conjunction with other application requirements.
■■ Reliability. Assurance that the application will perform its intended function with the
required precision over an extended period of time. The correctness of processing deals
with the ability of the system to process valid transactions correctly, while reliability
relates to the system’s being able to perform correctly over an extended period of time
when placed into production.
■■ Ease of use. The extent of effort required to learn, operate, prepare input for, and
interpret output from the system. This test factor deals with the usability of the system to
the people interfacing with the application system.
■■ Maintainability. The effort required to locate and fix an error in an operational
system. Error is used in the broad context to mean both a defect in the system and a
misinterpretation of user requirements.
■■ Portability. The effort required to transfer a program from one hardware configuration
and/or software system environment to another. The effort includes data conversion,
program changes, operating system, and documentation changes.
■■ Coupling. The effort required to interconnect components within an application
system and with all other application systems in their processing environment.
■■ Performance. The amount of computing resources and code a system requires to
perform its stated functions. Performance includes both the manual and automated
segments involved in fulfilling system functions.
■■ Ease of operation. The amount of effort required to integrate the system into the
operating environment and then to operate the application system. The procedures can be
both manual and automated.
TEST FACTOR EXAMPLE
Correctness Assurance that:
• Products are priced correctly on invoices
• Gross pay is properly calculated
• Inventory-on-hand balances are correctly accumulated Authorization Assurance that:
• Price overrides are authorized by management
• Credits for product returns have been approved by management
• Employee overtime pay is authorized by the employee’s supervisor
File integrity Assurance that:
• The amounts in the detail records of a file support the control totals
• Customer addresses are correct
• Employee pay rates are correct
  Audit trail Assurance that:
• Employee gross pay can be substantiated by supporting documentation
• Sales tax paid to a specific state can be substantiated by the supporting invoices
• Payments made to vendors can be substantiated should the vendor disavow receiving
the payment
Continuity of Assurance that:
processing • Banking transactions can continue if computer becomes in operational
• Recovery of an online system can occur within the predetermined tolerances
Service levels Assurance that:
• Response time in an online system is within the time span
tolerance
• Application workload can be completed in accordance with
the application schedule
• Changes to the system can be incorporated within the agreed
upon schedule
Access control Assurance that:
• Programmers will not be given access to data
• Access will be restricted to predetermined system resources
• Automated access mechanisms will be current
Compliance Assurance that:
• Information services standards are complied with
• System development strategy is followed
• System is developed in accordance with budgets and schedules
Reliability Assurance that:
• Users can enter the correct information on a day-to-day basis
• Errors can be correctly reprocessed
• Appropriate action will be taken on system reports
Ease of use Assurance that:
• Input forms minimize input errors
• Flow of work will be optimized in order to process work quickly
• Reporting procedures will be written in easy-to-understand
terminology
Maintainable Assurance that:
• Program documentation will be up-to-date
• Program segments will point to other segments that need to be changed concurrently
with that segment
• Segments of programs will be identified with appropriate
identifiers
Portable Assurance that:
• Computer program will only use common language features
• System will be hardware independent
• System will be independent of system software special
features
Coupling Assurance that:
• Segments in one application requiring concurrent changes in
other applications will be properly identified
• Common documentation will be up-to-date
• Changes will be coordinated
Performance Assurance that:
• System is completed within time and budget constraints
• System achieves performance acceptance criteria
• Hardware and software usage is optimized
Ease of Assurance that:
operations • Operation documentation is up-to-date
• Operators are trained in any special application operating
procedures
• Correct version of programs run in production
Figure 2-2 (continued)
■■ Correctness. Assurance that the data entered, processed, and outputted by the
application system is accurate and complete. Accuracy and completeness are achieved
through controls over transactions and data elements, which should commence when a
transaction is originated and conclude when the transaction data has been used for its
intended purpose.
■■ File integrity. Assurance that the data entered into the application system will be
returned unaltered. The file integrity procedures ensure that the right file is used and that
the data on the file and the sequence in which the data is stored and retrieved is correct.
■■ Authorization. Assurance that data is processed in accordance with the intents of
management. In an application system, there is both general and specific authorization for
the processing of transactions. General authorization governs the authority to conduct
different types of business, whereas specific authorization provides the authority to
perform a specific act.
■■ Audit trail. The capability to substantiate the processing that has occurred. The
processing of data can be supported through the retention of sufficient evidential matter
to substantiate the accuracy, completeness, timeliness, and authorization of data. The
process of saving the supporting evidential matter is frequently called an audit trail.

■■ Continuity of processing. The ability to sustain processing in the event problems
occur. Continuity of processing ensures that the necessary procedures and backup
information are available to recover operations should integrity be lost. Continuity of
processing includes the timeliness of recovery operations and the ability to maintain
processing periods when the computer is inoperable.
■■ Service levels. Assurance that the desired results will be available within a time frame
acceptable to the user. To achieve the desired service level, it is necessary to match user
requirements with available resources. Resources include input/output capabilities,
communication facilities, processing, and systems software capabilities.
■■ Access control. Assurance that the application system resources will be protected
against accidental and intentional modification, destruction, misuse, and disclosure. The
security procedure is the totality of the steps taken to ensure the integrity of application
data and programs from unintentional and unauthorized acts.
■■ Compliance. Assurance that the system is designed in accordance with organizational
strategy, policies, procedures, and standards. These requirements need to be identified,
implemented, and maintained in conjunction with other application requirements.
■■ Reliability. Assurance that the application will perform its intended function with the
required precision over an extended period of time. The correctness of processing deals
with the ability of the system to process valid transactions correctly, while reliability
relates to the system’s being able to perform correctly over an extended period of time
when placed into production.
■■ Ease of use. The extent of effort required to learn, operate, prepare input for, and
interpret output from the system. This test factor deals with the usability of the system to
the people interfacing with the application system.
■■ Maintainability. The effort required to locate and fix an error in an operational
system. Error is used in the broad context to mean both a defect in the system and a
misinterpretation of user requirements.
■■ Portability. The effort required to transfer a program from one hardware configuration
and/or software system environment to another. The effort includes data conversion,
program changes, operating system, and documentation changes.
■■ Coupling. The effort required to interconnect components within an application
system and with all other application systems in their processing environment.
■■ Performance. The amount of computing resources and code a system requires to
perform its stated functions. Performance includes both the manual and automated
segments involved in fulfilling system functions.
■■ Ease of operation. The amount of effort required to integrate the system into the
operating environment and then to operate the application system. The procedures can be
both manual and automated.
Creating an Environment Supportive of Software Testing
Developing a Role for Software Testers
Previously, this chapter recognized two customer dissatisfaction gaps, or two classes of
risk-associated implementing software. Also discussed were many of the specific risks
associated with these two gaps.
Management needs to evaluate these risks and determine their level of risk appetite. For
example, is management willing to accept the risk of unmaintainable software? If not,
management should take action to minimize that risk. An obvious action is to develop
maintenance standards. Another obvious action is to test the software to ensure its
maintainability. Implicit in this example is a definition of maintainability.
Does it mean that with unlimited effort, the software can be changed? Or, does it mean a
change to an internal table can be done within one hour, a minor specification change can
be done within four hours, and so forth?
The role of all software testing groups is to validate whether the documented speci-
fications have been implemented as specified. Additional roles that might be assigned
to software testers include the following:
■■ Testing for all or part of the test factors. When establishing the software testing role,
management will want to accept some test factors for incorporating into the software
tester’s role such as testing for ease of use, and exclude others such as operational
performance of the software. In other words, management may decide they can live with
inefficient software but cannot live with difficult to use processes.
■■ Ensuring that the documented specifications meet the true needs of the customer.
Testers can attempt to verify that the documented specifications are in fact the true needs
of the customer. For example, they might initiate a requirements review as a means of
verifying the completeness of the defined specifications.
■■ Improving the software testing process. Testers can use the analysis of their testing to
identify ways to improve testing.
■■ Improving the developmental test process. Testers can use their experience in testing
to make recommendations on how the software development process could be improved.
■■ Participating in acceptance testing. Testers can use their software testing expertise to
help the users of the software systems develop and implement acceptance testing plans
that will determine whether the completed software meets the operational needs of the
users.
■■ Recommending changes to the software system. In developing and conducting
software tests, testers may identify better ways of implementing the documented
specifications.
■■ Evaluating the adequacy of the system of controls within the software system. There
are two components of a software system: the component that does the specified work
and the component that checks that the specified work was performed correctly. The
latter component is referred to as the “system of internal control within the software
system.” Testers can evaluate whether those controls are adequate to reduce the risks for
which they were designed to minimize.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:10
posted:11/9/2010
language:English
pages:7