| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
Quality Assurance & Quality Management of IT
This episode of the ISACA Certified Information Systems Auditor (CISA) exam prep series introduces quality assurance and quality management as disciplines that keep technology systems trustworthy. It covers what quality assurance does, how it differs from quality control, why the quality function must remain independent, what quality management encompasses across an IT department, and the role of an operational excellence team.
What this episode covers
- Quality assurance defined — the planned, systematic actions that confirm every system change is approved, tested, and moved to production in a controlled way.
- QA vs. quality control — quality assurance governs the process and sets the procedures, while quality control tests the product and catches defects before release.
- Who owns each function — the QA group develops standards and trains staff; the QC group performs periodic checking of inputs, processing, and outputs.
- Independence requirement — why the quality function must stand apart from the work it reviews and the absolute rule that no one reviews their own work.
- Quality management scope — the broad reach across software development, maintenance, operations, acquisition, service management, security, and administration.
- Operational excellence teams — how they eliminate waste, streamline processes, and use data and analytics to drive measurable improvements across the enterprise.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is the difference between quality assurance and quality control?
Quality assurance is about the process; it makes sure staff follow the prescribed quality steps and sets up the procedures everyone should use. Quality control is about the product; it runs the tests and reviews to catch actual defects before anything reaches production. One group writes the recipe and the kitchen rules, while the other tastes the dish before it leaves the kitchen.
Why must the quality function stay independent from the work it reviews?
Independence is required because no one can fairly check their own work; a reviewer whose role creates a conflict will undermine the entire check. The principle that no one should ever review their own work is absolute, and conflicts of interest, such as a database administrator reviewing changes that affect the database, must be avoided.
What does quality management cover across an IT department?
Quality management is the discipline of running, measuring, and improving technology processes, covering software development, maintenance, daily operations, hardware and software acquisition, service management, security, and general administration. Defining and documenting these processes is a sign of good governance, and adherence to them is what makes a department efficient and predictable.
What does an operational excellence team do?
An operational excellence team exists to make operations more efficient and effective by hunting down and eliminating waste, streamlining processes, and improving collaboration, often using data and analytics to identify what to fix. Its common responsibilities include developing and sharing best ways of working, coaching colleagues, and serving as a resource across the enterprise, with the payoff being lower costs and higher customer satisfaction.
📚 Master the ISACA CISA Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISACA CISA certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in Quality Assurance & Quality Management of IT.