12 Activities of Quality Management: Seeing Beyond Testing

How realistic is it to set quality as a primary goal? When you pursue “quality” directly, you risk losing sight of the essential factors that contribute to it, such as effective feedback loops, system maintainability, constraints optimization, and employee engagement, among others. Instead, by focusing on these underlying factors, you can naturally achieve quality as a byproduct.

I would like to invite you to explore how to deliver innovative products faster, better and cheaper in the book “QUALITY MANAGEMENT for Tech Startups.” Your feedback will be greatly appreciated. However, for now, I suggest focusing on areas of impact of quality management that go beyond typical testing and QA activities. Let’s review 12 activities where to focus your effort to shift the perception of quality from a cost center to a business enabler.

1. Value-driven delivery

The first step in preventing problems within your product is creating only what is truly necessary. Focusing on the incremental delivery of value to customers and adapting based on their feedback is essential. While discussions about software quality and testing often start with analyzing requirements, I recommend taking a step back and incorporating quality practices from the very beginning. The reason for this is simple: effective quality management aims to minimize waste, and the biggest waste in software development isn’t just unnecessary features; it also includes costs needed to resolve damage caused by delivering unvalidated assumptions (and sometimes this damage is extremely difficult to revert).

2. Standardization

A lack of standardization can lead to wasted time reinventing solutions for common problems. For example, using standard templates for specifications and shared terminology reduces ambiguity, making requirement reviews more effective and helping catch potential issues early. A design system also improves quality by providing a standardized framework for building user interfaces. It is generally recommended to establish clear coding guidelines to reduce defects and ensure consistency and maintainability. These should cover how testing should be organized, logging and security standards, data handling procedures, etc. Teams can benefit from testing checklists and decision-making guides, like a unified defect prioritization matrix. API standardization also plays a crucial role. For example, you might require that all new APIs include a feature flag configuration by default.

It is also important to establish an explicit agreement between the product and engineering teams, drawing a red line that should never be crossed to ensure the system remains functional, reliable, and secure. This agreement should be documented as Minimum Quality Bar (MQB) — a clear, non-negotiable set of criteria that every new feature or service must meet before it’s released.

Lastly, support your team with lightweight playbooks or rulebooks for common sessions like risk assessments, root cause analysis, and postmortems. Consider creating a standard team charter where internal agreements are documented — for example, “We don’t take tasks larger than eight story points,” or “We don’t accept pull requests over 250 lines of code.”

3. Risk management

An organization should manage risks by having essential controls in place. This is especially important for companies that must adhere to statutory and regulatory laws, rules, and standards. For example, ISO 27001 recommends a list of 93 controls to address potential security risks. However, it is important to emphasize the phrase “essential controls” and avoid spending excessive time managing risks that don’t align with critical business needs. Too many controls or unnecessary approvals can be counterproductive; for instance, many organizations overuse the Change Advisory Board (CAB), which, when implemented incorrectly, becomes a bureaucratic bottleneck.

Additionally, an organization can significantly benefit from maintaining a centralized Product Risk Register. The primary goal of this register is to ensure that potential threats to product quality are identified, documented, assessed, and managed effectively, all without creating undue bureaucratic burden.

4. Process optimization

W. Edwards Deming once said, “A bad system will beat a good person every time.” This emphasizes that an individual’s performance is often limited by the processes they work within; therefore, enhancing these processes can lead to improved outcomes. People can only perform at their best if the system is designed to support them. If a process is overly complex, undocumented, rushed, or relies too heavily on perfect human execution, it’s a breeding ground for errors. An individual’s mistake then often serves as a signal that the process itself has a weakness, a missing safeguard, or an unclear instruction. Quality managers should work closely with leadership, as well as the product and engineering teams, to create a supportive process for the entire value stream.

A common mistake in business is that people tend to put effort into optimizing things they know how to change rather than figuring out what would make a big difference, AKA real constraint. A common constraint is having a testing team that only begins their work after the code is completed. Of course, the capacity of the testing team should not constrain the organization’s speed of delivery.

5. Testing

Ensuring smooth functionality is challenging without proper testing activities, which should not be treated as just a final step, like fastening your seat belt before driving. Instead, testing should be deeply embedded in every phase of the development process. When people think of testing, they often picture running a system to find bugs — that’s dynamic testing. But there’s also static testing, which involves examining code (using various tools, including eyes) and documentation (specs, design assets, RFCs, KB articles, etc.) without executing anything.

In addition to that, a good automation testing strategy starts with clear decisions about what to automate, when, and why, based on risk, value, and feedback loops. It thrives in a culture where the quality of tests is a shared responsibility, and feedback from tests is used to improve continuously. How to build a testing strategy that is grounded in reality, I discussed in one of my previous articles:

Adjustable Testing Funnel: The Testing Pyramid Had a Good Run… in 2009

6. Security measures

Your customers expect a system they can rely on. Your team expects a system that is easy to maintain. Your wallet expects a system that is secure enough.

Yes, you want to deliver simple solutions quickly, but not at the cost of exposing your entire database due to overlooked basic security measures. In some cases, such oversights could even threaten the survival of your business. Implement basic security measures using static analysis tools, vulnerability scanners, or a checklist tailored to your system. Enforce role-based access controls (RBAC) to prevent unauthorized access and protect data security. Make sure to include security expectations in the API guide, like applying the principle of least privilege, and provide instructions for avoiding exposure of sensitive information.

7. Culture shift

One of the biggest challenges is shifting the perception of quality from being a separate function to a shared responsibility. The common assumption that making quality built-in is purely an engineering function is far from reality. Managers are in a position to foster a culture where employees think critically and take ownership of the final outcomes. As a result, quality work arises not from following strict checklists set by managers, but from the inner transformation of individuals who see themselves as co-creators, not just executors of tasks.

Often, the issues we face aren’t just about strategy, plans, or processes; they’re truly about the people involved and their behaviors. If those behaviors don’t change, we might never find real solutions to problems. Many challenges cannot be resolved simply by providing more information or establishing strict rules. Real change typically requires a shift in culture, including changes in habits, mindset, and values.

8. Accessible Knowledge

While the Agile Manifesto advocates for “working software over comprehensive documentation,” this doesn’t mean the absence of documentation. Instead, it’s about avoiding documentation created solely for bureaucratic purposes. Additionally, consider the Bus Factor — the risk of losing key knowledge within a team or organization. For example, imagine a small engineering team where the lead engineer becomes unavailable unexpectedly. How significant would the disruption be?

If you want your team to create great products faster, provide them with a solid foundation of useful, reliable, easy-to-navigate documentation. Ensure people have access to knowledge and can quickly navigate to find the information they need. Well-maintained documentation, functioning as a self-service portal, empowers team members to solve problems independently and ultimately reduce cycle time.

9. Incident and Problem Management (IPM)

Building effective processes doesn’t end with the release of new features; the way the company deals with failures and interruptions of work in their services is sometimes way more important, and poor incident management can lead to huge financial loss or even to the closure of the business.

To address common challenges in IPM, I have created two practical guides:

A Practical Incident Management Framework for Growing IT Startups

Managing the Consequences of the ‘Ship Now, Fix Later’ Approach

10. Data quality management

Data is critical for strategic decision-making — but only if it’s trustworthy. That is why the main goal of data quality management is to ensure the right data is available to the right users at the right time. When applied effectively, a robust data quality framework not only mitigates the risks of poor data but also enhances an organization’s ability to identify new opportunities.

Poor data quality creates many hidden forms of waste across an organization. World Quality Report 2024/25 states that in their research, organizations have identified the top three areas of return on investment from data management:

1. Increased production quality (56%) — Improved data management enhances production quality, reducing errors and boosting efficiency in business operations.
2. Better customer outcomes (49%) — High-quality data leads to more personalized and effective customer interactions, increasing satisfaction and loyalty.
3. Cost reduction (45%) — Effective data management reduces operational costs by reducing inefficiencies and errors.

11. System observability

When a business accepts imperfections in a system, observing how the system actually behaves makes managing such less-than-perfect software much easier. Additionally, proactive monitoring can significantly reduce the risk of costly failures that may negatively impact an organization’s reputation. Today’s users of web and mobile applications expect everything to run smoothly and quickly. When they encounter issues, their frustration can lead them to seek alternatives. You surely want to stay updated on what’s happening in your production environment and understand why some of your customers might be choosing to leave.

The absence of observability limits a team’s ability to detect, diagnose, and act when things go wrong. In this sense, observability is not merely “nice to have”; it becomes a critical requirement for responsible software delivery whenever a business prioritizes speed. Moreover, it enables managers to make informed, data-driven decisions regarding the necessary actions to ensure system stability and enhance infrastructure investments.

Evolving Observability in a World of Less than Perfect Software

12. Metrics that unlock understanding

Concentrate your time and effort on metrics that foster improvement rather than create anxiety. As recommended in the World Quality Report 2024/25, shift focus to broader metrics:

Move beyond measuring process efficiency and automation coverage.

Evaluate how Quality Engineering contributes to business objectives, such as customer satisfaction, revenue impact, and overall product quality.

I wrote an article about quality metrics some time ago, and it received a lot of great feedback. You might find it useful as well.

Top 3 Useless Quality Metrics (And What to Measure Instead)

For teams to work effectively, they must establish a clear strategic direction, align on shared principles, define key processes, and adopt a common terminology. They need to come together on which quality measures to implement at each stage of the workflow and make it a habit to review them regularly. Quality managers may not be the ones implementing these measures directly, but it’s their responsibility to ensure they’re in place and doing their job. Start by gathering insights into how people currently assess the quality of both the product and the process using these 12 areas. Consider approaching this as if you were conducting an audit. Then, collaborate with your team to envision a better future state. Once you’ve shaped a shared vision, summarize it clearly and involve stakeholders early. People are far more likely to commit to quality initiatives when they see their voices reflected in the solution.

Find more practical solutions for building reliable, secure, and maintainable products in the book “QUALITY MANAGEMENT for Tech Startups: Delivering Fast, Delivering Right.”