Stott, Daniel R. (1990, ASQC) IBM Corporation, Kingston, NY
Every action taken within a process (and on a process) should improve the likelihood that the process will be successful. Any software project that can deliver the required function, on schedule, with the needed quality, and do so within its people and dollar constraints is, by definition, a successful project.
Software developers need a means for quickly determining and communicating how a project is doing with respect to goals in each of these critical areas. Furthermore, when corrective action is called for, they must be able to identify and prioritize improvement opportunities, evaluate possible remedies, and verify the effects of actions that have been taken. In other words, they need the ability to produce objective, repeatable and frequent assessments that answer the question "What is the probability that the process, as it is currently practiced, will be successful?" The answer will enable the project manager to recognize when corrective actions are needed, while preventing false alarms.
"Quantitative risk assessment" meets these requirements. This paper describes its three basic steps and demonstrates their application in managing the defect content of software under development. The example is mathematically simple, is intuitively appealing to software developers and managers, is robust in the absence of data, and tends to be self correcting when incorrect assumptions are made.
Our objective is to show how quantitative risk assessment can embrace and implement the four system elements of Total Quality Control (TQC): Customer focus, management commitment, total participation, and systematic analysis. By so doing, it helps development teams produce better software more quickly, easily, and cheaply, by reducing the effort needed to determine and communicate status, and by improving the quality of the critical decisions that affect process operation.