Many IT shops focus on the lowest possible granularity, which tests I call "validation" or "verification." The tests are focused primarily on just the functionality requested, and rarely consider negative (failure) test cases.
While organizations think they're helping themselves by keeping testing costs low, they are actually hurting themselves. Those negative test cases that aren't discovered during the product development phase will typically surface during support, dragging resources off the next project back onto the original project.
Test case granularity is definitely a function of the application, the project criticality, and the schedule. You may work on projects where only the most basic negative cases are required. You may also have projects where deep negative testing is required -- for instance, a simple content-only website versus a medical device or piece of medical record software. When in doubt, revert to the customer, provide them with concrete examples of the test granularity you're thinking of working to, and help them find the right level of granularity.
This was first published in March 2009