Determining the testing organization's place within a company

Software testing teams should have a defined place within a company's structure. Testing expert Mike Kelly and requirements expert Rob Apmann answer a reader's question about where testing fits. Asks the reader, "Where does the testing organization belong in the over all structure of a company? Should the organization be a sister to development or should it be a suborganization within your IT risk group? I am the sole QA person within my organization and I report to the IT risk manager whose focus is the Sarbanes-Oxley Act (SOX) and ITIL.

Mike Kelly's response:
Unfortunately, as much as this question excites me my initial response is that I don't have enough information about your specific situation. There is no universal model for structuring a testing organization (or any organization) and I couldn't provide you with any advice without understanding the other systems that your structure is influenced by.

Last year, as I looked to build my own testing organization, I read several Dean Meyer books on how to structure organizations. Much of Meyer's material is built on the framework of five organizational systems:

When you look at where testing should fit in your organization, you'll need to account for all five systems and the impact those systems have on the organization.

There is a lot o

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software Testing 10 steps to acing Web app security assessments Three software regression testing steps can perfect defect fixes Exploring mobile layout testing, emulators and goals Preparing for testing applications in the cloud Hack maliciously to boost your software's security Testing functionality, performance of mobile Web applications Testing mobile Web applications for usability and context Using SBTM for exploratory testing coverage problems Web 2.0, RIAs push load testing to the max Using session-based test management for exploratory testing Software testing and quality assurance (QA) fundamentals Spotting rich Internet application security flaws with WebGoat Adobe ColdFusion websites being compromised Configuration testing: QA pros discuss 10 things you may not know Five roles test managers play in agile development: Tutorial, part one Three software regression testing steps can perfect defect fixes Software Testing: Assessing risk and scope Software Testing: How to know you're ready to start testing Quality assurance (QA) and testing's role in requirements Test case preparation for a Web-based application The difference between functional testing and regression testing

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary build  (SearchSoftwareQuality.com) code review  (SearchSoftwareQuality.com) conformance testing  (SearchSoftwareQuality.com) error handling  (SearchSoftwareQuality.com) garbage in, garbage out  (SearchSoftwareQuality.com) load testing  (SearchSoftwareQuality.com) NUnit  (SearchSoftwareQuality.com) quality assurance  (SearchSoftwareQuality.com) stress testing  (SearchSoftwareQuality.com) white box  (SearchSoftwareQuality.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

f free content on the topic available on the NDMA website. If you prefer books to online content, I've read and recommend the following:

Rob Apmann's response:
In my experience the QA organization is typically one component of the development organization. This generally seems to be a successful approach, since close communication with development is often required to reconcile the requirements versus the working application. If QA and development were part of separate organizations I am not sure that required level of close communication would occur.

Requirements are going to come from two directions. The primary requirements defining what the system does will come from the business analyst or product managers, and some of the requirements should be driven by the IT risk group. A good BA / PM should incorporate the nonfunctional requirements; such as, supported Web servers and version numbers so that the application meets the requirements of the IT risk group. They should also incorporate requirements that will drive the test suite. There might be a requirement that all passwords remain encrypted at all times even when in memory. Development should know about this requirement and QA should be planning to test whether it was met. Determining how to test that example would probably be simplified if QA and development were working closely together and part of the same organization.