Category: Testing

Too Busy for User Acceptance Testing (UAT)?

I Love UAT

One of my favorite parts of testing is getting the opportunity to coordinate UAT. I love it because we’re getting feedback from the people who are actually going to use the system once it goes live. Even if a team is great about getting user input, everything up to this point is theoretical. All of us can think we know what we want, but once we actually see it, touch it, and live with it, we don’t know if what we asked for is what we really wanted or needed.

I’m planning to write a few articles about what I’ve learned during my UAT experiences, and I hope it will help others with their efforts.

Who Should Perform UAT?

The obvious answer to who should perform UAT is “users”. What users should perform UAT, though? Like many things, “it depends.” For a public-facing application, you may want people from the general public who don’t have a lot of deep knowledge about the system or industry. For an internal application, you likely want experienced users. However, those experienced users will often, understandably, plead that they are “too busy” to help test.

At one of my past clients, I requested the time of experienced users to test a back-end system for processing college applications. Like most companies, they were a bit understaffed and perpetually a bit behind at getting the work done. To the team, and to the manager who was trying to guard their time, my request was just one more bit of unnecessary busywork added to their plate.

The manager offered to hire a temporary worker to perform UAT so their most experienced workers wouldn’t be pulled away from their important work.

The Users Will Live with the Results

Given what I’ve seen others do with UAT in the past, this team may have believed that UAT was simply going to be formality where they would run tests that I had already verified met the written requirements. UAT is sometimes simply a step done to mark a checkbox in the few days before going live. However, when I run a UAT effort, it is much more than that.

I knew that having a temp worker wouldn’t give our team the insight we needed. A temp worker could certainly execute a pre-written test script, but that is not a useful way to perform UAT in my experience. Our team needed to know if this software truly met the needs of the team. We genuinely wanted to know, and we planned to incorporate the feedback into the final product.

I had a heart-to-heart with the manager and the team lead. I explained to them that their team would be using this application to do all of their work in the not-too-distant future. The team, in order to make the most of their investment, would likely be using the software for years. Shortly after the software went live, I’d be gone, but their team would be living with the results.

I explained that we truly were going to take their input into account to ensure the best software for doing their work. Then I asked if they still wanted a temp to be responsible for giving that input and making those decisions that would affect their team for years.

Once they understood the true impact of UAT, the answer was obvious. The manager and lead both made time for UAT, and they even had another employee participate. They brought on a temporary worker to handle some of the more routine clerical tasks instead of having them perform UAT.

We did incorporate their feedback into the final product, and the client was very happy with the end product. It was a true improvement to their old system.

If you could use some guidance with user acceptance testing, please reach out to me at [email protected]

Those Pesky Bugs – Special Characters

Pesky Bugs

Some bugs keep popping up in project after project.  It’s important to catch these sneaky bugs before they get into a production system.

In the past, in a one month period, I caught three separate bugs that occurred due to improper handling of special characters.  This type of bug can be easily missed if the test team isn’t specifically looking for it.

Roach with special characters written on it

Culprit 1 – <

The innocent less-than sign is usually used for good.  However, it can be a menace when it falls into the wrong hands.  It can be used to send malicious executable scripts into systems from web pages.

Our program screened out HTML characters from the main entry screen by design.  So, we didn’t expect to have any problems.  However, it turned out that a portion of data in the system was imported from a spreadsheet rather than entered through the data screens.  When the user tried to use a feature that created a new record from an existing record, the system failed.  With a little digging and changing the settings that determine how the error messages are displayed, we identified the error.

Of course, this brings up an additional issue of how to handle data imports to screen out data that would fail the validation rules, but that’s a discussion for another time.

Culprit 2 – ñ

Of course, any site that accepts names should be sure to accept the letter ñ.  In my experience, this letter typically hasn’t caused a problem, but it did cause a problem on a recent project.  We built a system where people could set up a secure profile that included their name.  The name and some other information were then sent to a third party that would send a welcome e-mail.  Because we utilized Embedded Quality, we tested profile creation early, which included testing names containing ñ.  Everything worked fine early on.

In a later round of testing, the ñ started causing an error.  As we dug into the problem, we found that the issue was that the 3rd party e-mail system could not understand the Unicode representation of ñ.  Instead, the 3rd party expected this character to be in UTF format.  Once we realized that, we were able to convert the format of the characters before sending them to the e-mail vendor. 

Culprit 3 – : )

On the same project, we encountered an error that became known as the “smiley face” bug.  This bug was not found until user acceptance testing, which is much later than I like to find bugs.  In this case, we had tested online profile IDs that contained every acceptable special character without a problem.  However, we did not specifically test the situation where the profile ID ended with a smiley face emoticon.  When one user created an ID of janed:), the profile creation failed.

It turned out that the expression in code that checked for a duplicate profile ID before creation could handle any special character except for a single, right parenthesis.  It interpreted that character as part of the expression, and caused a failure.

Summary

Encountering these 3 special character errors within a one month period reminded me of how important it is to test for every special character before going live.  The experience validated my general rule of “if the system allows it, the users will do it.” 

Have any of you found bugs due to special characters?  Have any made it into production?  If so, what was the consequence?

Embedded Quality – Development Team

When I’ve introduced Embedded Quality to the developers on a project, a common reaction is fear and loathing.  They often have a visceral, negative reaction to the words “Quality Assurance,” and the idea of working more closely with the Quality Assurance team instills a feeling of dread in them.

As a reminder, I originally outlined the basic concepts of Embedded Quality in this blog post.  The concepts are:

  • Quality Assurance starts on Day 1
  • Quality Assurance is part of the Core Project Team
  • Quality Assurance is performed by qualified experts
  • General User Acceptance Testing does not begin until Core Project Team QA is complete
  • Strong Foundation – No code is “Complete” until it is tested and works correctly

Although the developers I’ve worked with generally have a negative first reaction to the concept of Embedded Quality, once they’ve experienced it, they almost always request it on their next project.  The question is, “how can we convince developers to try Embedded Quality the first time?”

Overcoming Common Concerns

I’ve found that it’s typically harder to overcome the developers’ concerns than the Quality Assurance team’s concerns because the developers usually start with the mindset that they don’t want to use Embedded Quality.  However, there are ways to address their concerns.

The Code Isn’t Ready to Test

The developers will often say that the code really isn’t ready to test until very close to the end of the project.  However, there are some good reasons why this should not be the case.

  • The project schedule generally shows sections of code being completed before the end of the project.  If a developer says that the code is complete, it’s difficult to imagine why it can’t be tested.
  • It’s much easier to identify and fix bugs in small portions of code.
  • Finding and fixing bugs early means that new code is built on a solid foundation.

Having the Quality Assurance team test code early in the process is analogous to having a building inspector view various portions of a building before it is complete.  It makes a lot of sense for the inspector to check the foundation, the electrical, the plumbing, and the HVAC system before the building is anywhere near complete.  Fixing these items after the building is complete is much more costly and difficult than fixing them earlier.

It Will Take Too Much of My Time

Another concern that developers have is that they will have to spend too much time explaining things to the testers.  Because the code isn’t complete, they are afraid that the testers will report bugs for items that are simply not yet finished.  Also, they will have to spend more time explaining how to test certain items when the complete UI may not be available.

These concerns are legitimate and show the need for having a test team of qualified experts.  The testers should have a mindset of collaboration with the developers rather than antagonism.  The testers will work closely with the developers to understand what code can be tested and what code is not ready.  Of course, any code that is not ready cannot be considered complete for project planning purposes. 

It is also true that the developer will have to spend more time explaining how to test some incomplete code.  However, if the Quality Assurance team is qualified and experienced, they should be able to quickly learn any tools needed for testing.  In my experience, any extra time that the developers spend helping the Quality Assurance team is saved many times over by finding the problems early.

I Don’t Need the Extra Pressure of Someone Looking Over My Shoulder

Many developers have had bad experiences working with testers who take delight in pointing out the flaws of others.  These types of testers tend to make comments like, “I don’t know what those developers were thinking,” when they chat with each other in the break-room.  This attitude really does put unnecessary pressure on the developers and contributes to a hostile relationship between developers and testers.

This is why it’s critical to ensure that the Quality Assurance team is made up of true professionals.  I always remind the developers that Quality Assurance is part of the core team, which means that our goal is to ensure that the project gives a good impression to everyone outside of the team.  I tell the developers that I know that they’re good developers and that bugs are a normal part of the process.  The developers shouldn’t feel bad if the Quality Assurance team finds bugs.  In fact, they should be happy because every bug that is found by the Quality Assurance team is one not found by the project sponsor or the end users.  The project sponsor and the end users are the people who are generally the harshest critics of the development team.

Other Concerns?

I’d like to know what concerns you would have introducing Embedded Quality into your organization.  What concerns would you anticipate from others?  I’ll do my best to address those concerns in future posts.

Offshore Agile Testing…a Request from Management

A friend of mine asked me for some advice about how to run an Agile software development team with the developers and business users working in the US and the testers working for an outsourcing company in India.

My short answer was, “You can’t”.

The Agile Manifesto and Offshore Testing

I’ve actually had similar requests a number of times over the past few years. Managers want to be “Agile” and want to use “Offshore resources” so they ask their project teams to implement the combination of the two hot concepts. In the cases that I’ve seen, management has tried to send only the testing portion of development offshore. They wanted the onshore, local team to be “Agile”, but they also want to send code “over the wall” to an offshore test team. Unfortunately, these two concepts do not work together.

The Agile Manifesto principles include “Business people and developers must work together daily throughout the project;” “Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done;” “The most efficient and effective method of conveying information to and within a development team is face-to-face conversation;” and “The best architectures, requirements, and designs emerge from self-organizing teams.”

These 4 (out of 12) principles are very difficult, if not impossible, to implement in an environment where the testers are separated from the rest of the team by geography and time zones. In addition, when only the test team is outsourced to another company, the testers often are required to communicate with the rest of the team via a single point of contact rather than directly with developers and business people.

To make things even more difficult, I’ve found that offshore, outsourced teams are typically set up to run a full, lengthy regression test for each build. In one case, I worked with a team that was trying to do Agile development with a test team that insisted on running a 6 week regression test for every build. This ran completely counter to the Agile Manifesto principle of “Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale.”

Can Agile Work with Offshore Teams?

I believe that Agile development can work with offshore teams if the teams are structured correctly and significant effort is put forth in building trust. Here are some techniques that I’ve used effectively to help build an Agile, globally distributed team.

  1. Have a full team consisting of all roles in each geographic location. This means that developers, testers, and business experts must be physically located in each location. The business expert may be a Product Owner Advocate rather than the actual Product Owner.
  2. Ensure that everyone on the global team has time to work together in person early in the project. This means flying people around the world which can be costly, but it makes a huge difference in the ability for team members to trust each other and work together.
  3. If the team is divided into drastically different time zones, schedule specific weeks throughout the project where the global team will work at the same time regardless of time zone. During these weeks, the team should make a concerted effort to communicate in real time with their counterparts around the world.

In a future post, I’ll talk about some additional techniques that are not specific to Agile that I’ve used to make global teams more effective.

Further Reading

Over the years, I’ve found these articles helpful in understanding the issues related to Agile distributed teams and how to address those issues. Maybe you’ll find them useful as well. To me, the two articles available for purchase from IEEE Computer Society were definitely worth the small cost.

Agile Strategies for Geographically Distributed Teams

Global Development and Delivery in Practice

Agile Offshore Techniques – A Case Study (Available for purchase)

Using and Agile Software Process with Offshore Development

Follow the Sun: Distributed Extreme Programming Development (Available for purchase)

Your Experiences

I’d like to hear any of your experiences with global Agile software development. What worked and what didn’t?

Contact me if you’d like help improving the effectiveness of your global team.

Tester Traits – Comfort with Cognitive Dissonance

I believe that software testers need to be comfortable with two conflicting ideas in order to best contribute to the success of a project. They need to be able to find and point out every defect in a given software application; however, they also need to keep in mind that the software can meet the business’ needs even if it is not perfect. The best software testers that I’ve worked with are comfortable with the cognitive dissonance caused by these two conflicting ideas.

Goal of Perfection

I’ve worked with some software testers who are great at finding defects, but they get so focused on the defects that they lose sight of the big picture. They seem to believe that the ultimate purpose of software is to be perfect rather than to meet a business goal. These software testers can cause a software project to be unnecessarily delayed by arguing that minor issues should prevent software from going live. They can also reduce end-user acceptance of a product by complaining to anyone who will listen that the software is subpar and by pointing out every known issue to end-users.

I believe that testers do need to point out every bug possible to the internal development team and ensure that the team knows the business implications of any bugs. However, good testers need to be comfortable with the fact that perfection is not ultimate goal for business software. Instead, software has some business purpose that does not require perfection. Once software goes live, I believe that a tester should champion the software to the end-users.

When I encounter a tester who has trouble accepting imperfect software, I remind them that most useful commercial software has known bugs. Often, some of these bugs are even listed in a “Read Me” file for end users to see. There is a real value to having less than perfect software available rather than having no software at all.

Goal of Delivery

Although I have seen testers who are too focused on perfection, I have also seen testers who are too focused on delivery of the software. These testers either are not detail-oriented enough to find critical bugs or they ignore the real business impact of bugs. These testers do not want to stand in the way of the delivery date under any circumstances. Project Managers often put enormous pressure on testers to sign-off on software that was not properly tested or has major bugs in order to meet a delivery deadline. However, the best testers will have the backbone to stand up to any pressures and point out the specific risks of going live.

In my opinion, it’s important that the tester understand the business goals well enough to point out the specific risks to key decision makers; however, I believe that it should not be up to the tester to decide whether or not software goes live. The ultimate decision should be made by management who understands the full scope of business needs and can weigh the quality risks against every other concern.

The Ponds

There’s a poem by Mary Oliver called The Ponds that I think captures the essence of this trait that software testers need to contribute to a successful project. Testers need to notice imperfections while still being “willing to be dazzled”. This version of the poem is from a book called New and Selected Poems by Mary Oliver published by Beacon Press in 1992. I hope you enjoy it and find it relevant.

Every year

the lilies

are so perfect

I can hardly believe

their lapped light crowding

the black,

mid-summer ponds.

Nobody could count all of them –

the muskrats swimming

among the pads and the grasses

can reach out

their muscular arms and touch

only so many, they are that

rife and wild.

But what in this world

is perfect?

I bend closer and see

how this one is clearly lopsided –

and that on wears an orange blight –

and this one is a glossy cheek

half nibbled away –

and that one is a slumped purse

full of its own

unstoppable decay.

Still, what I want in my life

is to be willing

to be dazzled –

to cast aside the weight of facts

and maybe even

to float a little

above this difficult world

I want to believe I am looking

into the white fire of a great mystery.

I want to believe that the imperfections are nothing –

that the light is everything – that it is more than the sum

of each flawed blossom rising and fading. And I do.

User Acceptance Testing Tales from the Trek – Writing a Perfect Bug

My early experiences running User Acceptance Testing (UAT) typically involved dealing with just 1 or 2 users. When they encountered an error, they’d show it to me, and I’d record it. However, as I gained experience in Quality Assurance, I worked on larger projects.

Training – How to write a bug

On my first larger project, I needed to train a group of 20 users who were going to perform User Acceptance Testing. Having worked with several different users in the past, I knew several of the pitfalls that users may encounter. However, I never really had asked users to record errors themselves. Still, I thought it would be easy to get the point across.

During the training session, I said that it was critical to record all necessary steps so that the developer could recreate the bug. I told the users that we often hear from users who simply say, “It doesn’t work,” and explained that the developers will not be able to fix a problem that was described so generically. The users said that they understood perfectly and were ready to start testing.

Bug Writing – Frustration

With 20 inexperienced testers working independently, it was important to filter the reported bugs before assigning them to the developers. I was responsible for triaging all bugs reported by the users. I verified that I could recreate bugs and eliminated duplicate bugs before assigning them to the developers. If I could not recreate a bug based on the instructions, I would reassign it to the user who reported it and ask for more detail. I assumed that the users would quickly realize when they were not providing sufficient detail and start writing perfect bugs after a day or two.

I assumed wrong.

Although a few users were writing clear, reproducible bugs, most were writing ones that were way too generic. For example:

  1. I was on the “Choose a Course” screen.
  2. When I chose a course, I got an error.

In this case, when I tried to reproduce the bug, I did not receive an error. So, I sent the bug back to the user requesting more detail. In most cases, the first time a bug was recorded, I had to reject it. In many cases, I had to reject the rewrite as well. Pretty quickly, the users got fed up with me and complained to their manager that I was rejecting their bugs.

Enlightenment

I realized that I needed to find a way to illustrate to the users exactly what was needed in a clear, reproducible bug report. I developed the following simple exercise that was very effective. I have used it on all subsequent large-scale UAT efforts with the same success.

I ask the users to do the following with their first 5 bug reports:

  1. Record the bug as clearly as you can and assign it to yourself.
  2. Wait 5 hours.
  3. Try to recreate the bug following only the information that you recorded.
  4. If you are able to recreate the bug, assign it to me. Otherwise, go back to step 1.

It is important that the users wait some amount of time before trying to recreate the bug. I found that when they try to recreate the bugs immediately, the steps are too fresh in their mind to truly follow only what they wrote. They seem to fill in the gaps without realizing it.

I have found that once users complete this exercise, they are able to consistently write bugs that have enough detail to be reproducible. They do not become expert testers, of course, but they are able to write a useful bug.

I’m interested in hearing about other people’s experiences as well.

What concepts have you found especially difficult to get across to people performing UAT for the first time?

Were you able to find a technique that helped the users better understand the concept?

User Acceptance Testing – Planning for Value

Throughout the years, I’ve led many user acceptance testing (UAT) efforts. There are a couple of common ways to plan the testing that I’ve found to be problematic. The methods allow someone to say they’ve planned UAT but add very little value. The end result is that unhappy users report problems after the software is live, and the project manager asks why they didn’t find the problems during UAT.

After years of experimentation, I found a method that adds a lot of value to the testing process with less effort than the other methods.

Method 1 – Users write UAT scripts

I’ve been involved with quite a few projects where the client wanted the users of the software to write the test scripts for UAT. This was often done to reduce development costs. The folks planning the project believed that they would save money by having business employees write the test scripts for UAT rather than have someone from the development team work on them. They also believed, often correctly, that the business folks understood the goals of the system best, so they were the most qualified to write the UAT scripts.

The problem with this is that most business users have more than a full time job already. In addition, most business users have never planned a testing effort or have written a test script. It’s difficult enough for business users to find time to execute tests, but nearly impossible for them to find time to plan testing. Even if they do find the time to plan it, their lack of experience results in test scripts that test very little.

Method 2 – Test Analyst writes UAT scripts

On other projects, I’ve been asked to write test scripts that the users can run during UAT. Usually, I’m asked for the same scripts that the test team ran during system testing. Under this scenario, it’s unlikely that the users will find any issues that the test team didn’t already find. This method doesn’t uncover functional issues that the test team missed. In addition, I’ve found that the business users rarely take the time to follow the test script closely and end up not doing much testing at all.

UAT Success Method – Guided Functional Checklists

The UAT planning method that I’ve found adds the most value with the least effort is Guided Functional Checklists. This method is quite simple:

  • A member of the test team meets with each key user and asks what business goals they need to accomplish with the software.
  • The test team member compiles the list into a spreadsheet that will be used for recording the test results.

That’s all there is to the planning. The result is an organized list of what should be tested based on the business goals of the users rather than based on the development team’s view of the project. Because this takes little of the users’ time, they are able to make time to complete the planning. By not having a detailed script, users are able to ensure they can meet their business goals in the way that they will in the field, which is often a bit different than the development team expects. This allows everyone to identify programming or training issues before going live.

Feedback

What UAT planning challenges have you faced? How did you address the challenges? I’d love to hear your tales from the trek.

Metric Misuse – Quality Assurance Metrics Gone Awry

I was reading through some posts from Bob Sutton, one of my favorite management gurus, and I ran across a post that contains one of my favorite Dilbert comic strips.

Bob Sutton’s post, as well as the comments that I made on his blog, reminded me of one of my favorite topics: misused Quality Assurance metrics.

Tying Quality Assurance Metrics to Financial Rewards – A Dangerous Game

“Treat monetary rewards like explosives, because they will have a powerful impact whether you intend it or not.” –Mary and Tom Poppendieck, authors of Implementing Lean Software Development: From Concept to Cash

Over the years, many people have asked me what Quality Assurance metrics they should use to evaluate employee performance. My advice is that Quality Assurance metrics should not be used directly to evaluate employee performance. The Dilbert comic strip may seem a bit extreme, but it’s exactly what happens when employee performance is based strictly on metrics. This is true regardless of whether monetary rewards are explicitly tied to the metrics or not.

In my comments on Bob Sutton’s blog, I mentioned three specific metrics that had unintended effects when used for evaluating employee performance:

  1. rewarding testers for the number of test cases they wrote resulted in poorly written test cases;
  2. rewarding testers for the number of bugs they found resulted in a high number of unimportant or duplicate bugs reported; and
  3. penalizing testers for bugs rejected by the test lead or development staff resulted in important bugs going unreported.

Many people think that they have the ability to write a set of metrics that can be used to unequivocally gauge the performance of a Quality Assurance professional, but I have not yet encountered a metric that couldn’t be manipulated to favor the employees.

(If the metric can’t be gamed, it probably isn’t under the control of the employees, so it wouldn’t be effective at driving behavior anyhow.)

Are Metrics Worthless Then?

Actually, metrics are a great tool for identifying coaching opportunities and potential problems. However, in order to get honest metrics, they shouldn’t be used directly for employee evaluations or employee rewards.

When I’ve looked at the metrics that I mentioned earlier with an eye towards coaching, I had excellent results.

  1. Reviewing the number of test cases written helped me identify a tester on my team who was putting much more detail than I wanted into his test cases. After some coaching, he was able to consistently meet my expectations.
  2. Reviewing the number of bugs found by each tester helped me identify a tester who was digging into the root cause of the most difficult to reproduce bugs. She didn’t report as many bugs as others, but her work was critical to getting a great product out the door in a timely manner. It turned out that she was the most skilled tester even though she reported the fewest bugs.
  3. Reviewing the number of bugs rejected by the development staff helped me identify a manager who was evaluating his programmers based solely on the number of valid bugs found in their code. The developers were motivated to simply mark bugs as invalid rather than fix the bugs. This insight allowed me to address the problem directly with that manager.

Good Quality Assurance metrics provide powerful tools for managing a Quality Assurance team when used properly. However, they shouldn’t be used in a vacuum. They should just be considered one data point among many.

I was only able to scratch the surface of this topic in this blog post. I plan to discuss specific metrics in future blog posts. In the meantime, if you want to read a much more in-depth review of the pros and cons of employee incentives, you can find one paper here.

Your Experiences

I know that a lot of people feel passionately about Quality Assurance metrics, both pro and con. I’m very interested to hear about your experiences with Quality Assurance metrics. Have you found any that were particularly useful? Have you found any that had unintended consequences?

Value of QA – People Do Not Find Their Own Errors

I’ve noticed, through the years, that people often dismiss the need for Quality Assurance by saying, “These are good developers. We don’t need to test their code.”

Of course, anyone in testing knows from experience that even the best developers have errors in their code. I’ve also found that it seems easier for me to see errors in other people’s work than in my own.

It turns out that I’m not the only one who experiences that phenomenon. According to this blog post by Dorothy Graham, some research shows that people tend to find only about 1/3 of their own errors on initial inspection.

That’s a powerful justification for an investment in Quality Assurance.

Are you familiar with this research or statistic? I’m planning to look more into Capers Jones’ research and see how it applies to the value of Quality Assurance.

Influencers – James Bach

There are a number of blogs that I enjoy reading about all areas of the software development process. The software development process includes project management, business analysis, development, and testing, of course. In addition, delivering software that works requires consideration of concepts around management, sales, and business organization.

I’d like to share some of the blogs that I find influential when thinking about how to build software that works.

James Bach and Exploratory Testing

One of my favorite blogs is James Bach’s Blog. He is the creator of Rapid Software Testing. I first became interested in his blog because he wrote about exploratory testing in a way that made sense to me. I knew from experience that exploratory testing was one of the best ways to find important bugs, but I didn’t have a great way to communicate the high value of exploratory testing to teams that were focused heavily on mechanizing the testing process. James Bach has written a lot on the topic of exploratory testing. This particular post about the history of Exploratory Testing captures many of the concepts that drew me to the blog.

I particularly like the concepts of testing vs checking and the “responsible tester.”

Feedback

What do you think of James Bach’s blog and the concepts he writes about? What blogs and resources do you find particularly interesting and useful for building software that works?

Scroll to top