# 12A: Objectives of Software Quality Reviews

In this lecture we’ll discuss the key objectives of software quality reviews, some of the common problems organizations run into when they perform quality reviews, and we’ll define three common types of software quality reviews.

### What's a review?

<img src="ss/mod12/01.png" width=300>

There are many different types of reviews that can be conducted during the course of a software project. A review is basically some type of meeting; as you can see from this definition.

A meeting can take place face-to-face, or be virtual and be conducted over the Internet. It can be synchronous or asynchronuous.

### Common Review Objectives

<img src="ss/mod12/02.png" width=300>

Because the term “review” has a very generic meaning, it is very important to define and communicate the objectives of each type of review; or there is a good chance that the review will not be effective.

Here’s a list of common review objectives that I’ve compiled from working with my clients. This list is not all-inclusive. It just contains some of the objectives that come up most frequently. I’ve had a number of clients list all of these as objectives for a single review…and that is problematic. Those same clients also reported that their reviews were mostly ineffective. Let’s have a look at why.

### Common Review Problems

<img src="ss/mod12/03.png" width=300>

Let me start by listing some frequently occurring problems that my clients have experienced with reviews. Again…this is not intended to be a complete list of problems, but I’ll bet that if you’ve ever attended a review at work…or even a general meeting…there’s a significant probability that you’ve personally experienced at least one of these problems.

When these problems occur in software quality reviews, the reviews tend to become ineffective, and we risk adding to the cost and increasing the schedule. And when organizations experience quality reviews that add to the cost and increase the schedule, they often discontinue the entire quality review process.

### Software Quality Reviews

<img src="ss/mod12/04.png" width=300>

In this lecture, we are discussing software quality reviews. Exactly what kind of review is that? A software quality review is a type of review in which we examine a work product that is produced during the course of a project. The work product could be a project plan, a requirements document, a design document, code, a test plan, and so forth. The work product is a key component of a software quality review.

There should only be a few objectives for a software quality review…to identify any defects that exist in the work product, to remove the defects…preferably as early as possible in the life cycle, and to ensure the work product satisfies its requirements. That’s it. It shouldn’t be used to share information, to inform stakeholders about what our strategy and direction are, to challenge project scope, to talk about project schedules or project, or anything else.

Many organizations make the mistake of including too many objectives on the agenda…and more often than not objectives that don’t have anything to do with quality. And that’s a recipe for disaster.

### Three Quality Review Models

<img src="ss/mod12/05.png" width=300>

I’m going to introduce three different models that organizations in industry commonly use to implement software quality reviews. There are more…but these are very representative of the universe. 
- The first review model is what I like to refer to as a **round-robin review**.
- The second model is commonly called **a walkthrough**, and it’s generally an informal type of review. The walkthrough review model has many variations and is very common in industry.
- The third model is the **formal inspection model**. As its name implies, this is a more rigorous and formal model than the other two.

### Round Robin Review

<img src="ss/mod12/06.png" width=300>

Here’s a definition of what I refer to as a round-robin review. There are several variations, but this definition will suffice for our purposes.

A work product is circulated around to a team of reviewers. Each reviewer reviews the work product in isolation and makes comments…either by marking up the document or by attaching an external list of comments. Eventually, the document gets circulated back to the author. The work product may be emailed around or we may use the cloud.

The potential **advantages** of this review model are that reviewers can fit the review into their own schedule for the most part. They don’t have to show up on a particular date and time. It’s also easy to implement when reviewers are not co-located.

The **disadvantages** of this review model are several: there is often a lack of consistency and rigor. Some people will just go through the motions and rubber stamp the work product or give it a half-hearted look…and you can’t control that. Another disadvantage is a lack of information transfer to the entire review team. There is often a synergistic effect when an entire review team is collaborating at the same time. Someone makes a comment and that triggers an idea that otherwise wouldn’t have surfaced. Even though review team members can read the comments of others, it does not have anywhere near the same impact. Yet another potential **disadvantage** is that if the review team doesn’t provide timely feedback, the project schedule can be delayed. And finally, in many reviews of this type the work product author is under no obligation to implement the reviewer comments.

This type of review may be okay for certain types of minor work products, but it is not effective for major work products like requirements, design, code, or testing work products because of the aforementioned disadvantages.

### Informal Walkthrough

<img src="ss/mod12/07.png" width=300>

A second model that is frequently used for software quality reviews is the informal walkthrough model. Here’s an industry definition of the walkthrough…and there are many variations on it.

In my experience, when organizations tell me they are performing quality reviews on work products, their review model frequently falls into this category.

The walkthrough model is appropriate for all major project work products. It can be very effective, moderately effective, or an absolute waste of time and resources, depending upon how it is structured and carried out. In a later lecture I will describe the characteristics that make this review model effective. This review model is synchronous. The review team will meet in-person or virtually over the Internet.

### Formal Inspection

<img src="ss/mod12/08.png" width=300>

The third type of frequently used quality review model is the formal inspection model.

This is more structured, rigorous, and formal than the walkthrough model…and it’s considered to be an industry best practice. According to T. Capers Jones, an industry expert on software quality and measurement, all best-in-class software organizations use some variation of the formal inspection model…where “best-in-class” means organizations that achieve a software product defect detection rate of 95 percent or higher.

An interesting fact about this model is that it was purposely invented, if you will, to mitigate the problems historically encountered when doing software quality reviews. Not every organization needs to use this quality review model. For many…using the more lightweight walkthrough approach may be “good enough”. Earlier in this course you learned about the CMMI process improvement model. The formal inspection review model maps into the CMMI Peer Review process area.

We’ll talk about the details of the formal inspection review model in a later lecture.


---

# 12B: Software Quality Reviews

<img src="ss/mod12/09.png" width=300>

In this lecture, we will discuss the reasons for doing software quality reviews, how quality reviews add- value and improve quality, the costs and benefits of doing quality reviews, and critical factors for ensuring that reviews will be successful.

Before I even discuss what software quality reviews are, I want to talk about why they should be done. One important reason is that they result in higher quality software products. By higher quality products I mean products that are delivered with fewer defects. When I help clients improve their software engineering and management processes, and we talk about quality reviews resulting in better quality products...that's a no brainer…and I get no arguments from them.

However, when I ask them if they're doing software quality reviews things get kind of interesting. Sometimes they say no, and sometimes they say yes...but the most frequent answers I get go something like this: "we try to do them, but we don't always have time", or, "we used to do them, but they took too much time, so we dropped them."

Then, when I tell them that quality reviews can both reduce cost and shorten the project schedule, they look at me a bit strangely...like...how can that be? And that makes it pretty clear that they don't understand what I call the "physics" of software quality reviews. Let me explain.

Done effectively, quality reviews can reduce the total project cost. By that, I mean less effort...less person- hours...are required. This happens as the result of finding and eliminating defects earlier in the project life cycle, where defect detection is much cheaper compared to later in the life cycle...and this, in turn, reduces the amount of total project rework. Reduced total effort also results in shortened schedules.

So...in a nutshell...this is what I like to call the "physics" of software quality reviews. We spend some additional time doing quality reviews, but this investment is more than paid back, resulting in less effort, shortened schedule, and, of course, a higher quality product.

The key to achieving these benefits is that quality reviews must be "effective"...and I'll describe in later lectures what I mean by "effective". I'll also discuss in more detail in later lectures how effort and rework are actually reduced.

For now, let's look at some specific examples of benefits that organizations have realized from quality reviews.

### Sample Quality Review Benefits

<img src="ss/mod12/09.png" width=300>

Let’s start with schedule. Effective use of quality reviews has shortened project schedules by 10 to 30 percent. That’s pretty significant. For a project that would otherwise take, say 12 months, the schedule might be shortened to a little over 8 months…a savings of more than 3 months.

Software quality reviews are actually more effective than traditional software testing at detecting defects. Traditional software testing defect detection rates average out to about 60 percent. Depending on the type of quality review process used…defect detection rates can approach 90 percent.

Implemented effectively, software quality reviews help to significantly improve the quality of delivered products…resulting in products delivered with 10 times less latent defects.

As an example of cost reduction and increased productivity, and by applying software quality reviews during the requirements phase, some have found that a single requirements defect detected and removed as a result of a requirements review can save 30 hours of testing effort. That’s also quite significant.

### Typical Project Reword Costs

<img src="ss/mod12/10.png" width=300>

I mentioned that reduction of rework is one of the positive outcomes of performing successful reviews. So…what is rework anyway?

Rework consists of unplanned repeating of tasks that were already performed…because they weren’t done correctly the first time or two. Rework is also performing tasks that should have been performed earlier, but weren’t…maybe because the project team was trying to cut corners.

From an industry standpoint, rework accounts for a significant portion of project cost. There have been numerous studies done to measure this that have found that rework can range from about 40 percent to more than 50 percent of total project costs…that’s about half of all costs…and that’s very, very significant.

Let’s take a look at the 44 percent figure on the slide. Suppose we were able to do something that cut the rework percentage in half to say…20 percent. So, right away the project cost is reduced by 20 percent, and the schedule is shortened as well…not necessarily by 20 percent, but any time you reduce effort the schedule can almost always be shortened.

### Defect Detection and Repair Costs

<img src="ss/mod12/11.png" width=300>

There have been numerous studies in industry in which the relative cost to find and fix software defects has been measured as a function of time. All of those studies have found that the cost of finding and fixing defects increases over time in an exponential-like way.

This graph shows the results of one such study. In this study they were measuring the relative cost of finding and fixing requirements defects as a function of life cycle phase. Here’s how we read it…if it costs 1 monetary unit to find and fix a defect during the requirements phase, it can cost 10 times that amount to find and fix the defect in the coding phase, 50 times that amount to find and fix it in the test phase, and more than 300 times that amount once the product has been implemented. That’s pretty scary stuff. 

Other studies have indicated costs of finding and fixing defects between 10 and 200 times the cost relative to the requirements phase. If you fit a curve through the data points it
would have a generally exponential shape.

So…what causes this generally exponential relationship? One thing that causes it is the extent of rework that is required. The later a defect is detected, the more rework potential there is. A defect found in the requirements phase can be quickly fixed. A defect found in the test phase requires more work…we have to find the root cause of the problem, which might require going back and changing a requirement, then changing a design, then changing code, and then repeating multiple levels of test. You can see the idea…the further downstream you go before you detect a problem, the further upstream you may have to return, and then move downstream again…this is rework.

### Software Quality Review Costs

<img src="ss/mod12/12.png" width=300>

Any expenditure of staff effort incurs cost, and performing quality reviews is no exception. Performing software quality reviews can range from 5 percent to 15 percent of total project effort, depending upon the type of review process used and how many reviews need to be performed.

This is sometimes a deterrent when shared with management who then decide reviews are too expensive or would take up too much time. This is an incorrect viewpoint.

Investing effort in quality reviews has to be looked at in terms of the net benefits to be gained. As I mentioned earlier, effective use of quality reviews can certainly improve product quality, by delivering a product with fewer defects, but it can also result in significant cost and schedule reductions due to decreased rework.

### Critical Success Factors

<img src="ss/mod12/13.png" width=300>

So…how come everyone’s not doing reviews, given all the potential benefits they can bring to a project? Well…I can tell you from my own experience that a major reason for this is a failure to understand how the costs and benefits interact…what I referred to earlier as the “physics” of quality reviews…the investment in review effort gets paid back several times over.

As I also said earlier…just doing quality reviews is not sufficient…the reviews must be effective. In a later lecture I’ll describe what needs to be done to make them effective. In fact, unless reviews are effective they will add to the project cost and they will cause schedule increases.

Another critical success factor is that once detected, defects must be removed…meaning work products must actually be corrected. A significant portion of the review processes I have looked at for my clients did an okay job of detecting defects, but didn’t incorporate a follow-up step to ensure that the detected defects had actually been resolved. While this may seem surprising, I have seen this situation far more frequently than I’d have like to…and it makes the quality review investment a waste of time and resources.

Finally, project team members need to have at least some minimal level of training to make this work at the project and certainly the organizational level. Knowing how to do effective reviews is not at all intuitive…if it was everybody would be doing them and doing them well. It doesn’t take much in the way of training…a day is usually sufficient.

A few years ago I put together a one-day training session for a large insurance company client as a pilot project to demonstrate how effective quality reviews can produce significant benefits. The core teams that received the training and applied it to real projects saw immediate positive improvements. As a result, the company required that every IT professional take the training program. Over the course of several years I trained more than 500 of their staff.

---

# 12C: Defect Detection and Repair Costs

<img src="ss/mod12/13.png" width=300>

In this lecture I’ll discuss some additional drivers that influence defect detection and repair costs, and discuss more about the “physics” behind how effective quality reviews can add value and improve quality.

I’ve already talked about rework being a major driver behind the exponential-like defect detection and repair cost escalation, and I explained how the detection point influences the amount of rework. There are some other drivers as well.

### Defect Detection and Repair cost Drivers

<img src="ss/mod12/14.png" width=300>

Others worth talking about are a phenomenon called error amplification and project size and complexity. Error amplification is a phenomenon that exists on every single software project. The one sentence description of this phenomenon is that defects introduced in any project phase can cause additional defects in later project phases…producing a compound growth effect. I’ll talk more about this shortly.

Additional drivers are size and complexity. I’ve lumped them together here because they have a similar effect on the cost function. By size I mean the size of the software product…measured, say, in lines of code. By size I also mean the number of people working on the project. Complexity refers to the intellectual and technical complexity of the software product. For example, real-time embedded products typically have a higher complexity than batch- oriented products.

All of these drivers influence the relative cost multipliers either increasing or decreasing them. For example, early defect detection reduces rework and the combined result is to decrease the multipliers, whereas higher complexity and more people working on a project increase the multipliers.

### Error Amplification Model

<img src="ss/mod12/15.png" width=300>

I want to say a little more about the error amplification phenomenon, because it exists on every software project.

Here’s a model that describes it. This model was actually formulated at IBM back in the early 1980s…and it is still valid today. Here’s how it works. We have a box like this for every phase in our project life cycle. For the sake of discussion, let’s assume we are in the coding phase of a project. Some coding errors may be introduced during this phase…but that’s only one source of error.

Another source is the errors that were made in prior life cycle phases, and that weren’t detected and removed. In our example, these would be requirements and design errors. Now, some of this prior phase errors will simply accumulate…they won’t cause any additional coding errors to be introduced. IBM found that about 50% of the errors that get through the requirements and design phases will accumulate…but the other 50% will be amplified. That means they will cause additional errors to be introduced in the coding phase that otherwise would not have been introduced. An example of this would be an ambiguous requirement. A programmer may interpret this requirement incorrectly.

So…if we added up the errors in the three compartments that would be the total number of errors in our project during the current phase. Depending upon the error detection and removal activities that we implement, some of these errors will be removed, and the remainder will pass on and be inherited by the next phase in the project, where the amplification phenomenon repeats itself.

### Impact of Error Amplification

<img src="ss/mod12/16.png" width=300>

Let’s take a look at the impact of error amplification. Here, I’m just taking into account a requirements, design, code, and test phase.

I mentioned earlier that IBM found that on average about half the errors that got through the requirements and design phases were amplified. They also found that the amplification multiplier in the design phase was 1.5 and in the coding phase was 3. 

To see how that works let’s assume that 10 errors passed through the design phase undetected. Half of them would simply accumulate, and half would be amplified by a factor of 3. So…5 errors are amplified, yielding a total of 15 amplified errors…5 original ones plus 10 additional.

By the way, I’ve actually applied this model in several client situations. One of my clients, a division of NASA, found that 80 percent of errors passing through the requirements and design phase were amplified, and the amplification multiplier in the coding phase was near 10.

Because of this phenomena, the number of errors at any given life cycle phase is a function of the number of errors at the prior phase…and the population of errors tends toward a geometric growth rate. This further impacts the amount of rework that may need to be done, particularly if most or all of the defect detection activity is concentrated in the testing phases of the project…because the defect population is growing and compounding in the earlier phases.

### Impact of Quality Reviews

<img src="ss/mod12/17.png" width=300>

Effective software quality reviews can have a significant impact on the amplification phenomenon. By performing quality reviews during the requirements phase, the design phase, and the coding phase, defects can be detected and removed earlier…resulting in a significant dampening of the error compounding.

This is another example of what I referred to as the “physics” of software quality reviews.

---

# 12D: Informal Walkthrough

### Informal Walkthrough

<img src="ss/mod12/18.png" width=300>

In this lecture, I’ll describe the informal walkthrough quality review model.

The walkthrough is a very popular software quality review model that has numerous variations. This model is considered to be a relatively informal review model…and it can be very effective if certain things, which I will describe, are incorporated.

Used as a software quality review, the objectives of a walkthrough are to detect and remove defects in a work product, and to ensure that the work product meets its requirements. Some organizations expand the scope of the walkthrough to include additional things as described in the definition you see here, but experience has shown that it is best to limit the objectives when this model is applied as a quality review.

The review is implemented as a meeting, either in- person or virtual. The work product author leads the review team through the work product, usually summarizing and paraphrasing chunks of material. Reviewers, who ideally have looked through the work product as part of their pre-review meeting preparation, can ask questions, make comments, and raise defect issues.

The issues should be logged and resolved after the walkthrough meeting.

In this model, the work product author acts as both a presenter, literally walking the review team through the work product, and also typically serves as the meeting facilitator.

### Walkthrough Guidelines

<img src="ss/mod12/19.png" width=300>

If certain guidelines are followed, the informal walkthrough can be a very effective quality review model.

In practice, one commonly occurring problem is that the objectives for the walkthrough are too broad and can become unrelated. As an example, sometimes people are invited for orientation purposes or because they think they have a need to know where the project team is at. By itself, this is not detrimental, but what often happens is that the focus of the meeting drifts to accommodate questions and comments from this group, the meeting drags on, and the defect detection objective is set aside.

So…one important guideline is to minimize the objectives to include only those mentioned earlier, and to invite only those who can directly contribute to the review’s objectives.

Another commonly occurring problem is that people are unclear as to what the objectives are, so it is important to communicate objectives and expectations in advance. I usually recommend to my clients that an email be sent in advance specifying the review objectives, scope, and expectations. This can help pre-condition reviewers and help to keep things focused on the correct objectives.

Some organizations use checklists to help focus reviewer attention on important things to look for. A sample checklist for a requirements review is illustrated later on in this lecture.

It’s also important to limit the meeting time for the walkthrough. Ninety minute to two hours is an industry rule of thumb. Done correctly, walkthroughs are energy-intensive, and people tire and lose focus when meetings drag on too long…and this increases the likelihood that defects will slip through the cracks and not be identified. Another reason for limiting meeting time, in my experience, is that the longer the meeting the more time you are asking reviewers to invest…and this may cause some who would be important contributors to opt out because the walkthrough is taking up a good part of their work day.

Guidelines six and 7 are absolutely crucial to ensuring that walkthroughs are effective. Issues need to be logged, issue owners need to be identified, and a follow-up activity needs to be included to be sure that all issues have, in fact, been reconciled. In my own experience with clients, I have found that unless a follow-up step is included there’s about a 50-50 chance that issues will actually be resolved…and…unless they are resolved they are still present. It surprises me how often I see walkthroughs that do a good job of defect detection, but then fail to actually eliminate defects due to lack of a follow-up step. Recall the error amplification model from an earlier lecture. Unless defects are actually removed they will be amplified. Failure to follow-up can make the walkthrough activity a waste of time and resources…and it will add to the project cost and increase its schedule.

The last guideline can substantially reduce the overall time spent doing walkthroughs and can also increase its effectiveness. It is best to log issues but limit discussion of how to resolve the issues during the walkthrough meeting. How come? There are three primary reasons. One, history has shown that typically only a single individual, or a small subset of individuals, are responsible for resolving an issue…so it is not productive to take up everyone’s time ironing out a resolution. Second, people are under a bit of time pressure during the meeting because they have to get through the work product, and this sometimes leads to issue owners jumping prematurely to a resolution that, upon further reflection, turns out to be incorrect. And third, if issue owners are not present at the walkthrough and the review team attempts a resolution, it can often be wrong…so now we have the possibility of the walkthrough being a source of error.

In practice, this last guideline may be difficult to achieve…because in many business meetings we are used to solving issues as well as identifying issues. But…the payoff for including this guideline can be significant. I helped one of my airline clients implement this and they reduced the time spent in walkthrough meetings by 40 percent…and also increased the walkthrough effectiveness by eliminating the problems I just mentioned.


### Sample Walkthrough Checklist

<img src="ss/mod12/20.png" width=300>

As I mentioned earlier, it’s often useful to incorporate checklists into walkthroughs to help reviewer’s focus on what’s important.

If reviewers don’t know what to look for the effectiveness of the review may be compromised. Here’s a sample checklist that could be used in a requirements walkthrough. I’ve split it into two parts…one focuses on the content of the document itself, and one focuses on the quality of the actual requirements.

As an aside…too often, people focus on style, formatting, and grammar…and nitpick at those…and that does not add value in my experience. To help avoid this for one of my clients we made spelling and grammar checking a pre-requisite for doing the walkthrough…and it helped immensely.
