Presentation Activities that are necessary for managing quality and risks within the development of IT Systems. The discipline of Quality and Risk Management defines artefacts, activities and roles that are necessary for managing quality and risks within the development of IT Systems. This procedure describes the core principles of IT quality and risk management and defines in this context the responsibilities to be defined, the procedures to be performed and the artefacts to be created or maintained. During the session project preparation process which includes quality assurance preparation tasks will be described on a step-by-step basis. The aim of the session is to achieve clarity in how to achieve good quality by setting goals, balancing budget, improving effectiveness and outcomes, being proactive and preventive, managing documentation and doing reports.

1. MANAGING QUALITY AND RISKS
WITHIN THE DEVELOPMENT OF
IT SYSTEMS.
ALEKSANDR GRITSEVSKI, KUEHNE+NAGEL IT CENTER, ESTONIA

2. ABOUT THE SPEAKER
Lead Quality Manager, System Quality
Manager, System Risk Manager
Kuehne + Nagel Tallinn IT Center

3. ACTIVITIES THAT ARE NECESSARY FOR
MANAGING QUALITY AND RISKS WITHIN THE
DEVELOPMENT OF IT SYSTEMS.
• The discipline of Quality and Risk Management defines
artefacts, activities and roles that are necessary for managing
quality and risks within the development of IT Systems. This
procedure describes the core principles of IT quality and risk
management and defines in this context the responsibilities to
be defined, the procedures to be performed and the artefacts
to be created or maintained.

4. RESPONSIBILITIES

5. • System Development Lead
is operationally responsible that the system development for a
system or subsystem is progressing according to its objectives,
quality and schedule

6. • System Quality Manager
is responsible that Quality Goals and reasonable Quality
Assurance Measures are defined

7. • System Risk Manager
is responsible that risks are identified, assessed and managed in
terms of definition and monitoring of appropriate measures.

8. CORE PRINCIPLES
• Achieving adequate quality bases on defining quality goals.
• Quality must be adequate not maximum. It needs to be balanced with speed and budget.
• Quality can only be achieved, when all participants share the same goals and works towards them.
• Proactive/Preventive quality assurance measures are mostly more effective and efficient than analytic
ones.
• Risk Management is about dealing with risks and risk treatment instead of dealing with issues already
happened.
• There shall be an open culture for identifying and discussing risks.
• Risks shall be actively managed by documenting them and defining measures that are controlled.
• Reports shall inform management about risks and quality but also put them into the obligation to
work on frame conditions as needed.

9. QUALITY MANAGEMENT
• The System Development Quality Handbook serves as the
central place to define quality goals and criteria as well as the
quality management organisation, procedures and the quality
assurance measures of the specific development context.

10. DEFINE QUALITY GOALS AND CRITERIA
• Example:
“A business user in the role X is able to use the dialogs and use
cases of the system in component Y after 2-day training.”

11. DETERMINE RISK AND CRITICALITIES
• Identify the business risk associated with the parts or
components of the system and their potential influence on the
quality goals
• Example of usage:
the coverage and depth of concept creations, concept reviews,
code inspections or tests needs to be higher for components of
higher criticality than for those with a lower one.

12. DEFINE AND PLAN QUALITY MEASURES
• Define which artefacts (software, configuration, documentation) shall
be addressed by quality assurance measures.
• Define which quality assurance measures shall be applied per artefact
type.
• Define to which extent quality assurance measures shall be applied
to which system components and accompanying artefacts, based on
the identified criticality.
• Define by whom, in terms of role and function, quality assurance
measures shall be performed. This may include an approval of the
effective execution of quality assurance measures by the System
Quality Manager.

13. DEFINE AND PLAN QUALITY MEASURES
• Define when each quality assurance measure shall be
performed during system development.
• Define which dependencies exist between quality assurance
measures and other process steps
• Define how the execution of quality assurance measures shall
be documented.
• Define the criteria to judge whether an applied quality
assurance measure has qualified to be successful

14. DEFINE AND PLAN QUALITY MEASURES
Examples for proactive/preventive quality assurance measures are:
• training of people
• assignment of tasks based on knowledge and experience
• clarification/handover meetings at process interfaces
• definition of development processes, how-to documents and guidelines
• application of proven tools and patterns
• prototyping
• definition of templates

15. CONTROL AND MANAGE QUALITY
• If planned quality assurance measures are not executed fully as
planned …
• If risks to the quality goals arise in a degree that the System
Quality Manager judges as relevant…
• ….

16. REPORT QUALITY STATUS
• Quality Status
• Top Quality Risks
• …

17. RISK MANAGEMENT
• Set up Risk Management - define in a suitable detail, how risk
management is conducted in the given system development
context.
• Identify Risks and Define Countermeasures - identify and
assess risks which arise in system development context
• Control and Manage Risks
• Report Risk Status

18. CONTINUOUS IMPROVEMENT
• Continuous improvement is an integral part of system
development as well as of quality and risk management
• In iterative and agile system development contexts, continuous
improvement is a usually a core aspect of the system
development approach.
• The System Development Team should continuously look for
opportunities to improve their way of working, and the System
Quality Manager shall motivate the team to do so.

19. ARTEFACTS
• System Development Quality Handbook
• System Quality Report
• System Risk and Action List
• System Risk Report

20. Q&A