Software quality assurance (SQA) and the insurance business may seem quite different, but there are some interesting similarities. Both deal with risk, and how much you are willing to pay to cover that risk. This may sound rather strange, so let me elaborate.
Each change to a piece of software involves risk. The level of risk depends on the nature of the change, and this is often hard for developers to foresee. The number of people working on the code is huge, and it isn’t always possible to predict how a small change to a seemingly minor component will affect, or even damage, other aspects of the software.
And here’s where the similarity between software testing and insurance lies: They both require risk management. They require risk analysts who can analyze the risks involved and suggest ways of mitigating them.
In both insurance and SQA, risk analysis can’t be done by relying on ‘gut feelings’. In order to fully understand the many potential implications of a given risk, we need specialists who take a systematic approach. In other words, we need a methodology. And so we conduct risk analysis sessions and ‘failure mode and effect analysis’ – techniques that are used in both SQA and the insurance business.
In the insurance business, these risk analysis sessions result in a detailed risk report that indicates where the risk lies and provides an estimate of how much it will cost to cover it. You may then discover that you don’t need insurance at all because the likelihood of the risk materializing is slim and the impact of any potential damage, inconsequential.
Which brings us to an interesting and important difference between SQA and conventional insurance. The effectiveness of insurance is pretty clear. When disaster affects a high risk item that you’ve insured, you see the benefits instantly. It’s money in the bank.
When we do quality assurance, our attempts at mitigating risk consist mainly of software testing, code reviews, and training. We find problems and fix them before the software is released. The true amount of money that is saved with SQA can only be guessed or estimated. If the software works flawlessly, you can’t tell whether the testers did a great job or if there was, in fact, no risk.
It’s easy to fixate on the cost of SQA because the benefits can be hard to see. But this doesn’t mean the benefits aren’t there. We’ve done the analysis. We know they are.