Quality 01 08 Eng

The customer magazine of SQS Software Quality Systems
OPEN SOURCE
The legal stumbling blocks
>> Page 22
# 01_2008
Q A U Lity
LONDON OR NEW YORK?
Global stock markets head to head
>> Page 24
TOP Of ThE LEagUE
Geneva portrait of a city
>> Page 32
Seamless system
SaP
and quality
>> Page 8
1 SQS / QUALITY # 01_08
Pure German
stopping power.
The ContiSportContact 3
with very short braking distances.
w
w
w
.
c
o
n
t
i
n
e
n
t
a
l
-
c
o
r
p
o
r
a
t
i
o
n
.
c
o
m
Conti Sommer_08_210x280_engl.ind1 1 13.02.2008 9:43:14 Uhr
EDITORIaL
achieving success with SaP
If it says SAP
on it, then it has SAP
in it. But which SAP
would you like? The

decision is not always easy because SAP
is going down a path of product divers-

ication. Behind the SAP NetWeaver access portal you will nd a great variety of
solutions for various industrial sectors, different sizes of company and all sorts of areas
of application. SAP AG recently underlined the vertical expansion of its portfolio with
a thunderbolt: although previously the company management had repeatedly stressed
that billion-euro takeovers were not on its agenda, SAP
took over Business Objects for

4.8 billion euros in early October 2007.

What does this mean for its customers? They are confronted with an increasingly mul-
tifaceted but also ever more complex range of SAP
products. If in the long run they

are to gain the competitive and productivity advantages that they hope to achieve with
the standard software, the rst step has to be analysis and evaluation. This can produce
surprising results. The German company Postbank AG, for example, decided to join
forces with SAP
to develop an entirely new industry solution in one go (page 16). If

system introduction is to proceed as quickly and smoothly as possible, quality manage-
ment and testing have a crucial role to play. This is something that the Mercedes-Benz
Bank learned (page 12). SAP
itself, too, has intensied the validation of its own pro-

ducts and, among other things, is running intensive software checks in India (page
18). Then there is also testing after customisation: who should SAP
customers rely on
if they want to ensure the quality of the standard software within their own company?
The answer, as so often, can differ, depending on the circumstances (page 15).

In addition to SAP
, as ever, this edition of QUALITY brings you other current trends

and stories some of which also go beyond the world of IT: do you know your way
around Geneva (page 32)? And who has their noses ahead in the competition between
the London and New York stock exchanges (page 24)? I hope you enjoy your read.
Best regards,
Rudolf van Megen
CEO of SQS Software Quality Systems AG
2 SQS / QUALITY # 01_08 3 SQS / QUALITY # 01_08
Q
NEWS
SQS NEWS
News in brief / Looking back 3
STRaTEgY
Interview with SAP
security expert Sachar Paulus 8

Mercedes-Benz Bank automates testing of its SAP
systems 12
Effective testing of SAP
solutions 15
Interview with Thomas Mangel (Postbank Systems)
on SAP
as the banks core system 16

SAP
is also testing its software in India 18

BEST PRaCTICES
GETRAG FORD Transmissions is reducing IT costs 20
Open Source: dangerous or controlled? 22
The impact of shortfalls in quality 23
TRENDS
London or New York where to list 24
IT offshoring is changing job proles 26
Book review 27
Reducing time lost on IT projects 28
EVENTS
Software & Systems Quality Conferences 30
SQS user event 30
Training & events 31
MY CITY
Geneva: always in the Premier League 32
VIEWPOINT
FIFA referee Herbert Fandel: leader and lone warrior in one 36
REaDERS SURVEY
SAP

testing 37
IMPRINT 37
Looking back
five years ago in the SQS magazine
Contents # 01_08
Certifcate for SQS training
SQS is one of the rst training enterprises
to receive approval for the training pro-
gramme run by ASQF (Software Quality
Working Group, Franconia). The consul-
tancy and training company can there-
fore now conduct training to ASQF
Cer-
tied Tester standard (Editors note: now
ISTQB
Certied Tester). The training

content is based on the ASQF curriculum,
which in turn is based on its international
counterpart ISEB (Information Systems
Examinations Board).

The course content includes the funda-
mentals of software testing, testing
throughout the software life cycle, (),
test management, and tools for support-
ing testing. Full details of the contents are
given in the Fundamentals of testing
curriculum for ASQF
Certied Testers,
Foundation Level. After the course the
participants are familiar with the basic
principles of software testing. They are
able to use the general test process and
have been familiarised with activities and
techniques needed to support all phases of
the process.
SQS sets up homeshore
test centre in Grlitz, Saxony
SQS Software Quality Systems AG opened
a software test centre in Grlitz, Saxony, at
the beginning of 2008. Tis means that SQS
has established an alternative to convention-
al oshore locations. Te team was initially
launched with just over 30 test experts.
Within ve years the number of sta is
expected to rise to three gures.
In addition to the advantages commonly
ob tained from outsourcing, such as exible
access to labour resources along with favour-
able terms and prices, the homeshore test centre
in Grlitz offers services in German across the
board for the German-speaking market. SQS
is training the staff of the Grlitz test centre
to be certied testers in accordance with the
standards set by the Inter national Software
Testing Qualications Board (ISTQB
). To
date, more than 60,000 testers have been
trained and tested in conformance with this
globally recognised training and further edu-
cation scheme.
The test experts main roles will be to verify
technical concepts of IT systems, prepare
and perform functional tests and set up and
maintain automated tests. For this, they make
use of systematic procedures of software quality
assurance that detect inconsistencies, omis-
sions and contradictions at an early stage and
document them. Testing is actually performed
by way of remote access to the customers par-
ticular systems. Web-based tools provide the
customer with all the up-to-date information
about the status of the test activities and any
identied deviations, either in real time or at
periodic intervals.
flexible price models
The price model to be used in each case is
agreed between SQS and each customer on an
individual basis. Depending on requirements,
SQS can bill for the work performed, the
number of test cases processed or the number
of technical concept pages tested. SQS also
offers what it calls test points as a possible
alternative price structure based on testing
activities achieved.
When you have large, critical software
systems, which are also constantly being
modied, it is worth using systematic and
auto mated testing, says Rudolf van Megen,
Chief Executive Ofcer of SQS AG. Test
automation reduces maintenance costs consi-
derably. SQS has set up the new test centre in
Grlitz, he says, for the purpose of performing
and maintaining both manual and automated
tests cost-effectively. As well as that, the Gr-
litz specialists will be carrying out the automa-
tion of software tests themselves.
When it came to selecting the location, Grlitz
ultimately came out ahead of competitors such
as Stralsund and Greifswald. The advantages
in its favour were the motorway and the vicini-
ty to Dresden airport. In addition, the univer-
sity and the Educational Centre for Informa-
tion Processing Professions (b.i.b.) provide a
good source of well-qualied new employees.
Further information is available from:
www.sqs.de
Discover how to reach
new standards of testing
With innovative tools and techniques, developed from hundreds of
projects, Cognizant helps you deliver increased value to your business
by accelerating testing, increasing software quality and lowering costs.
Our state-of-the-art testing centre, staffed by thousands of dedicated professionals,
delivers adaptable testing methodologies and streamlined test management
processes to deliver predictable and reliable results every time.
Cognizant Technology Solutions
Torhaus Westhafen
Speicherstrasse 5759
60327 Frankfurt am Main
Germany
Tel: +49 69 2722 695-0
Email: sales.de@cognizant.com
www.cognizant.com
Consultancy
Functional Testing
Performance Testing
Test Automation
Managed Test Centre
VISIT US ONSTAND 38 AT
THE SOFTWARE & SYSTEMS
QUALITY CONFERENCE
16-18 APRIL, DUSSELDORF
NEWS NEWS
ireland goes from
strength to strength
SQS Software Quality Systems Ireland
achiev ed record growth in 2007. Te number
of consultants based in Ireland and Northern
Ireland doubled during the year 2007 and
large customer projects increased as well as
the number of new customers contracting for
long term work.

Stephen Magennis has joined Derry ORiordan
on the Irish sales team, covering both Northern
Ireland and the Republic of Ireland.
Northern Ireland Business Unit Director, Rob
McConnell has been growing the business from
our Belfast ofce with an increasing number of
clients and aggressively hiring new consultants.

We have added a number of new services to
our ever-expanding portfolio of services.
Among these new services are: Vista Migra-
tion, Requirements Validation, Quality Project
Management, Offshore Testing, Test Environ-
ment Management and SAP Testing.
SQS South Africa enjoys over
100 per cent growth in 2007
Te South African branch of SQS Software
Quality Systems AG recorded runaway
growth last year. While sales roughly dou-
bled, the number of employees working there
rose from about 30 at the end of 2006 to 90
in December 2007.
David Cotterell, Chief Executive Ofcer of
SQS for the United Kingdom, Ireland and
South Africa (SQS-UKISA), expects growth
to continue at the same pace this year too.
The team in Durban achieved 40 per cent
of its sales through offshore projects for
European clients and almost a third of the
services were provided locally to South African
customers.
Current offshore projects include working
for major nancial and telecommunications
service providers in Switzerland and for soft-
ware vendors and a large international law
rm in the UK, among others. The main tasks
taken on by the SQS experts include functional
and performance testing, automated regression
testing and specifying business requirements
for software development.

The customers making use of our offshore
capacities have made considerable efciency
gains and reduced their costs, says David
Cotterell. We will now be doing more to
spread this message among those customers
who have not yet embraced offshore testing.
aDVERT
Process and product quality
from a single source
In the new Process Intelligence (PI) Com-
petence Center, SQS has established a coun-
terpart to the Application Intelligence (AI)
team. Since the beginning of 2008 the PI
specialists have provided services for process
analysis and improvement.
In our projects we have regularly found that
product and process quality are two sides of
the same coin, says Detlef Vohwinkel, who
heads the new Competence Center. That, he
says, is why SQS has, with PI and AI, set up
two service groups that have emerged from the
previous Code Quality Management and IT
Process Quality teams. They might be sepa-
rate in their positioning but they frequently
collaborate in projects. The two areas are also
growing together methodically, Vohwinkel
says.

Vohwinkels team carries out as-is analyses
of processes for both in-house and third-
party software such as in connection with
a supplier evaluation. Conversely, SQS experts
can also investigate whether a principals pro-
cesses are ready to take on development work.
Apart from analysis, the service team also pro-
vides advice on process improve ment up to
and including the management of Software
Process Improvement (SPI) projects. Finally,
SQS provides rollout support for SPI projects
such as training courses.

The PI team uses all major process models
from ISO 9001:2000 via ISO 15504 or
CMMI
to V-Model XT. The team also works

on a xed-price basis.
Company founder Bons steps down
from Executive Board of SQS
Heinz Bons, Chief Operating Ocer (COO)
of SQS Software Quality Systems, retired
from the Executive Board of the company
at the end of December 2007. Te SQS co-
founder will continue to provide his services
to the company as a chief consultant.
By the beginning of 2007, SQS was already
setting up three regional management teams
covering the operational side of SQS, in prepa-
ration for Heinz Bons departure. The regional
management teams of Germany, UK/Ireland/
South Africa and Switzer land/Austria/Nether-
lands/Management Consul ting assu med his
COO responsibilities. There is no direct succes-
sor to take over from this long-serving member
of the Executive Board.

Heinz Bons founded SQS in 1982 together
with the current CEO, Rudolf van Megen.
Since then he has played a decisive role in
making the company the worlds largest inde-
pendent provider of software testing and qua-
lity management. Until only recently, Bons
played a key role at SQS in respect of the tech-
nology involved in important projects with
premium services for major customers.

We thank Heinz for the invaluable contribu-
tion he has made to SQS, says Rudolf van
Megen, the fellow board member who has
shared his professional journey, looking back
on Mr. Bons time with the company. As co-
founder and COO, he helped SQS to its market
leader position especially through his efforts
with our customers in the nancial services
sector and his many years of experience in the
eld of research and development for SQS.
Nico tschanz is new CEO
of SQS in Switzerland
Since the start of 2008, Nico Tschanz has
been heading operations as the new Chief
Executive Ocer (CEO) of SQS Software
Quality Systems (Schweiz) AG. He has taken
over from Reto Zst, who headed the Swiss
branch of SQS from 2003.
Nico Tschanz, 39, began his professional career
as an independent consultant for an enterprise
resource planning (ERP) project with the Swiss
e-business provider Crealogix AG in 1998.
Tschanz worked for this company in various
capacities until the end of last year. By then he
had become a member of the Executive Board
and company partner.

His main aim as new CEO will be to fur-
ther expand and consolidate the posi-
tion of the Swiss branch of SQS as market
leader in software quality management and
testing. He will also continue to pursue the
growth strategy for the company, which
now employs around 100 consultants at its
Zurich and Geneva branches. To bring about
this expansion, Tschanz will be focus ing on
customer-specic offshore bids and manage-
ment consulting.

Reto Zst, who was the CEO until recently,
had already taken on wider international
commitments within the SQS group in 2007.
He is now responsible for the regional
sub sidiaries in the Netherlands, Austria
and Switzerland, as well as expanding the
Egyptian offshore centre and assuming key
responsibil ities in the areas of manage ment
consulting and services delivery for the
SQS group.
New growth opportunities
for SQS UK
SQS UK continues to full its leadership
position in the UK market. During 2007
both business and sta grew to new levels and
today the company is approximately twice the
size it was when SQS UK and Cresta merged.
All business units grew during 2007 and in
2008 new opportunities have been launched.
Based in the city of Manchester in the north
of England, Dave Rigler has opened a new
business unit with Account Manager Alan
Upton. SQS already has customers and
em ployees in this region that will give Dave a
start on business.

Another new business unit in England will be
headed up by Patrick Chatee. Patrick is a well
known entrepreneur in the market and has
already been growing key clients in England.
Additionally, the business units in England
have been aligned to industry sectors. This
step is giving a greater focus for employees
and customers to benet from the extensive
business knowledge our testing and quality
professionals have.

A Center of Excellence for SAP
systems has
been initiated, managed by Peter Wilkinson
and Gary Jenn. This country-wide support
centre is delivering specialised services to
SAP
projects and hiring consultants to satisfy

demand.

SQS UK customers benet from the unique
combination of onshore and offshore testing
professionals delivered through Managed
Services.
A building society scrutinises
its software interior
Raieisen Bausparkasse in Vienna success-
fully established Code Quality Management
(CQM) by the end of 2007 and the nancial
services provider has been beneting from
the initial CQM steps towards optimising its
software code.
We have now achieved our project aims,
sums up Andreas Madjari, software architect
at Raiffeisen Bausparkasse GmbH. We are
now enjoying the advantages we were aiming
for with the introduction of CQM. Madjari
places particular emphasis on the greater
transparency for developers and management,
the increased performance of software engi-
neering and the improved system integration.
Additionally, Raiffeisen Bausparkasse can now
allocate its IT specialists with more exibility,
since the software code no longer has emplo-
yee-specic features.

The now successfully implemented Code Qua-
lity Management system was introduced into
the Viennese company with the assistance of
SQS Software Quality Systems AG. The build-
ing society was supported by SQS consultants,
particularly in designing the necessary pro-
cesses, selecting the appropriate code evalua-
tion criteria and in evaluating, installing and
customising the appropriate measuring tool,
the Bauhaus Suite from Axivion, which plays
a decisive role in the automation of CQM.

The building society is currently planning to
expand CQM as part of an evolving process.
It will therefore implement further evaluation
criteria using CQM.
New heads of tool development
and SAP
at SQS
Dr. Vincenza Pignataro is the new head
of product management for test tools and
Philipp Gerber is taking over as head of the
new SAP
Center of Excellence at SQS Soft-

ware Quality Systems in Cologne.
Vincenza Pignataro
joined SQS from
T-Com at the begin-
ning of 2008. At
T-Com she was for-
merly in charge of a
cross-enterprise pro-
ject to transform pro-
cesses and convert IT
systems in customer
contacts, order management and billing. At
SQS, Dr. Pignataro is in charge of tool devel-
opment for the Group.
Building on SQSs decades of experience with
test tools, we are continuing to develop SQS-
TEST
/Professional and positioning it more

clearly in the market, she says. In keeping with
the sell what you use and use what you sell
principle, improvements will be made which
will be of benet for in-house use at SQS and
marketing externally to clients.

At the new SQS SAP

Center of Excellence,
Philipp Gerber is, for
the rst time, bund ling
the companys SAP

competence from all
over Germany. The
new centre will
link in-depth SAP

ex pertise and our
quality assurance know-how, Gerber says.
For this purpose the new team will, in addit-
ion to personnel expansion and the new part-
nership between SQS and SAP
, enhance its
service portfolio. The focus will be on best
practice solutions that we align to our custom-
ers specic requirements, he says.
Gerber, a physics graduate, joined SQS from
Deutsche Post. At logistics service provi-
der Deutsche Post he was in charge of SAP

projects in the letter post division, managing
SAP
rollouts in Europe, America and Asia.

Readers survey: companies
satisfed with it offshoring
QUALITY readers consider IT oshoring to
be mostly a good thing. Only 16 per cent of
respondents to the latest readers survey in
QUALITY 2007 indicated that they were
dissatised with the results of oshoring
in their company.
The gures from the survey back up the idea
that IT offshoring has become everyday real-
ity, namely for 54 per cent of the people ques-
tioned. At the same time 13 per cent are still
considering whether to take the step. In terms
of achieving expectations, 42 per cent have
obtained 80 to 100 per cent of the increased
value that they had hoped for.

As far as preferred countries for offshoring
are concerned, it is the Eastern European
countries which lead the way. All respondents
to the survey can imagine outsourcing to
Russia, the Baltic states etc., while 85 per cent
of those taking part view India as a suitable
offshoring destination.
Other regions of the world such as Southeast
Asia are further down in the rankings.

The results also provide an indication as to
why Eastern Europe is the favourite: because
of the comparatively low cultural and linguis-
tic barriers. 85 per cent see this as a signicant
challenge in relation to offshoring.
In addi tion, 77 per cent of the respondents are
afraid of lengthy, complex processes, while 62
per cent consider unpredictable quality of ser-
vice to be a stumbling block.
Market barometer for
software testing is online
With its SQS Consult website SQS Software
Quality Systems has launched the rst online
service for software testing trends. Constant-
ly updated study results will keep visitors
well informed.
The Internet portal is based on a representa-
tive survey of the software testing market and
software testing practice that SQS has just
commissioned for the second time. Visitors
to the site will be able to not only retrieve the
latest gures, they will also be able to identify
trends and changes in comparison with pre-
vious years.

At present the online service presents the nd-
ings of the 2007 market study that Coleman
& Parkes carried out in three countries.
The 2008 gures will be available in April.
For the latest survey, analysts at Pierre Audoin
Consultants (PAC) interviewed over 1,000 IT
and quality assurance managers in 13 coun-
tries. The website also features a benchmark-
ing tool.

Our new online service shows where software
quality assurance is heading, says Liliana
Preuss, head of PR & Marketing at the SQS
Group. In the past, companies and experts
had to rely on sporadic surveys and subjective
experiences. In contrast, the representative
gures that are now available online create
transparency.
Te research site is at:
www.sqsconsult.com
SQS to start testing in Egypt
from summer 2008
SQS Software Quality Systems has opened a
test centre in Cairo, initially with a sta of
about 25. Almost all of the test experts based
there also speak uent German as well as
English.
The new offshore location for Europes lead-
ing consulting house for software quality
management and testing is an addition to
the SQS branch in Durban, South Africa,
which is already experiencing strong growth.
While the consultants and testers in Durban
mainly work for customers in English spea-
king countries, the Egyptian ofce is ori-
ented towards clients in Germany, Austria
and Switzerland.

There is a German university in Cairo and
there have been three German-language
secondary schools there for decades, reports
Axel Bartram, member of the management of
SQS Germany, which means that about 500
well-educated German-speaking graduates are
produced every year. He says this establishes
an outstanding basis for high-quality offshore
services.

All of the new SQS employees in Cairo have
IT training and will undergo a trainee pro-
gramme in software testing. The work they
carry out for their clients will primarily com-
prise verifying technical IT concepts, pre-
paring and performing functional tests and
setting up and maintaining environments for
test automation. In the medium term SQS is
expecting the number of employees in this
part of North Africa to rise to three gures.
SQS NEWS SQS NEWS
STRaTEgY STRaTEgY
There is no 100 per cent security
As the person in charge of security at SAP, when you talk about
secur ity, can you then always assume that the people you are talking
to mean the same thing with this term?
By no means. In reality, even in the IT business a lot of people still think
only of rewalls and virus scanners when they hear the word secur-
ity. But security means much more: the term includes the attributes of
integrity in the sense of intactness, availability and condentiality of
data and of information generally. Basically, security in an IT context
means that all processes run as they are expected to even when there
is a possible threat from external inuences.
We learn when things go wrong
Nonetheless, it can be seen that security-consciousness varies greatly.
Particularly great attention is paid to it, of course, when something
unforeseen occurs. And, at the end of the day, we do tend to learn from
situations in which something has gone wrong.
To create the greatest possible level of security again, you need, on
one hand, to carry out monitoring and, on the other, to build trust
among colleagues. In this instance, this means differentiating between
the internal security risks of a company and the external threats which
often call for a completely different approach.
What strategies do you recommend for both internal risks and extern-
al threats?
Internal risks, that is insider threats, are best dealt with using two
principles. The rst is to promote an open and trusting working
atmos phere that minimises as far as possible any motivation to harm
the company, accompanied by awareness campaigns centring on the
threats and focusing attention on acting in a manner that promotes
security. The second the principle of function separaton should
apply throughout the company. This prevents critical combinations of
activities, thus reducing risk to the company. There are also special
solutions for IT systems such as SAP
.

You can never completely rule out external threats, but in basic terms,
the threat always depends on the specic nature of the business and the
Why security must complement quality
Interview with security expert Sachar Paulus from SaP
political relevance of the company. There is no cure-all for this. The best
thing to do, however, is to implement a standard for security manage-
ment, for example ISO 27001. The risks can be analysed in accordance
with its process instructions and appropriate measures instituted.
Which typical situations do people like you, in charge of security,
experience in your day-to-day work?
When, for instance, I am preparing the regular security report for
the Executive Board, I always consider to what extent I should limit
myself to the actual incidents and disturbances and whether I should
also broach the open-ended issues that represent a potential risk. In this
situation, many of my colleagues opt to dispense with the open-ended
issues.
If they then speak to heads of department and advise of the fact that
insecure software is being used in their area of responsibility, they often
get the reply that everything is working smoothly and that they have
been unable to pinpoint any problems. Moreover, they say that they rely
on certain applications such as Skype, which should not be switched
off for this reason. (Editors note: Skype is a small software program
that you can use to phone other Skype users worldwide at no cost.) But
even in the case of the Executive Board, security requirements are often
limited simply to the request for additional rewalls.
How can you better communicate the importance of a wider apprecia-
tion of security, particularly to management?
We have to nd a language that management understands. Nowadays it
is often still the case that a lot of money is invested for security reasons
in technologies that are meant to protect software, but which do not
solve the problem effectively.
To nd the right solution at the right time, the management needs reli-
able information and measurable facts. We need continually collected
data on the security of software. This is the only way the people in charge
can arrive at decisions that are not based primarily on a gut feeling.
How can security actually be measured?
Security cannot be depicted in simple black-and-white or yes-no cate-
gories that apply equally in all instances. First of all we have to be clear
STRaTEgY STRaTEgY
in our minds about the fact that there is no such thing as 100 per cent
security. Instead, companies must make decisions about what kind
of security is important for them, which security level they want to
achieve and what price they are prepared to pay for this. Any such
analysis is always based on the companys business objectives. Based on
these, indicators can be derived which can be used to measure security.
What relationship exists between security and quality?
Security and quality are mutually dependent: they are complementary
in a certain way. Security is all about ensuring that the product only
includes functions whose specications have been predened and that a
software program doesnt do anything that you dont expect of it. This
is, so to speak, the negative denition of the minimum level of security
that you create in a software application.

With quality on the other hand, in simplied terms, it is about meeting
the predened quality objectives and achieving all standards set. This
then is a positive denition: the software does everything you indeed
expect of it.
How can companies align security and quality with their business
requirements? What approach do you recommend?
Id like here to draw a distinction between two different target groups.
First, there are software manufacturers, and then there are software
users. The IT providers need clearly dened security standards for their
products. They have to ensure the provision of secure coding and carry
out all these steps in accordance with current best practice.

The manufacturers also have to have processes with which they can
address security issues as soon as they arise but above all before they
become virulent. Still, as already said, you can be 100 per cent certain
that you cannot achieve 100 per cent security.

For users, on the other hand, the rst and most important point is a
clear denition of their requirements. On the basis of these, they can
then evaluate the software and services they want to use in the various
areas of their company. In the end, the responsibility for the security of
certain products and services must be clearly regulated and assigned to
employees with specic responsibility for this.
Security is measurable
What can security experts learn from quality specialists?
They can learn the usefulness of metrics and how best to apply them.
Here, we can benet from the many years experience gathered by
the testing and quality experts in analysing and evaluating software
code. By this I dont mean only pure system measurement but also the
denition of programming guidelines and how adherence to these can
be checked.
Which trends and challenges in the world of IT will security experts
have to prepare themselves for in the future?
We will have to learn to deal with increasing complexity. This is coming
about, for example, through the so-called Internet of Things, that is,
the increasing inclusion of everyday objects in electronic networking.
This is increasing the ubiquity of electronic communication enorm ously
the key phrase here is ubiquitous computing. With this, bound aries
and limitations are playing an ever-smaller role. Accordingly, ever more
security risks which hitherto were limited to the IT domain are also
reaching other areas in the world of work and everyday life.

Industrialise security
In these instances, security specialists must step in, as we are at a water-
shed. The more complex the applications become and thus also their
security risks, the more we have to standardise and industrialise security.
And for this we need reliable data that records security better, quantita-
tively and qualitatively, and makes it more controllable than hitherto.
Professor Dr. Sachar Paulus ...
... is Senior Vice President for Product Security Governance at
SAP
AG. In this capacity, he is responsible for the SAP
strategy for
product security. He is considered a pioneering thinker in the secur-
ity community and is a member of various IT security organisations
including the Information Security Forum and the International
Security Management Association.
STRaTEgY STRaTEgY
Easing the burden on banking experts
Te maintenance of IT solutions such as SAP
often requires more

resources than implementation. Expanded functions and service
packages, for example, result in systems that are constantly chang-
ing. Each of these changes must be quality-assured. Tat is why the
Mercedes-Benz Bank decided to automate its regression tests. Today
this automation substantially eases the burden on banking employees
in specialist departments.
A new job function can fundamentally change your view of things.
That was the experience of Dr. Thorsten Wittmann, Director of Finan-
cial Backbone Business Intelligence at the Mercedes-Benz Bank, when
he set up an across-the-board specialised support organisation for the
banks in-house SAP
BW and SAP
BA systems. Previously, each

specialist department was responsible for maintaining its own systems.
That included tasks such as acceptance tests or specialised tests of newly
supplied system components. In the course of IT standardisation the
bank combined these functions in the new, independent team. The
banks experts in specialist departments have since been able to better
concentrate on their core tasks.
The support that we provide for our SAP
systems is provided by col-

leagues with both specialist and IT know-how. In a way they serve as
interpreters between the banks specialist departments and its techni-
cally oriented software and hardware staff, Wittmann says. From the
new service teams point of view it is no longer enough for new system
components merely to stay within time and budget in the course of their
development. Along with the factors time and money, he says, for us
in the service team the quality and testability of the software delivered
are of decisive importance.
Information for test control
At this stage of the proceedings, the Mercedes-Benz Bank decided to
automate the testing of its SAP
systems. The banking and IT experts

had three main aims in mind. First, the structuring and standardisation
of all test processes to improve the quality of new components received.
Second, the support team hoped to make its own test process control
more meaningful. To achieve this, the management needs regular and
reliable status reports on the given situation in order to deploy pro-
jects and employees systematically. Third, the Stuttgart bank wanted
to speed up its maintenance processes. Automation, the bank hoped,
Mercedes-Benz Bank automates testing of its SaP
systems
would lead to shorter pro-
cessing times and parallel
trouble-shooting cycles.
External consultants from
SQS Software Quality Systems
AG lent the Mercedes-Benz
Bank a helping hand. They
contributed the idea of test
automation, drew up the
concept for the new proce-
dure and set up a pilot envi-
ronment. After it was tested
and found to be a success, the
SQS experts devised a con-
cept for its full-scale use and
implemented it.
The structure of test pro-
cesses is now geared to the
products and services that the bank provides from leasing via nan-
cing to investment business. The be-all and end-all for ensuring that
automated testing runs smoothly is the quality and structure of the test
cases supplied with the new system components. Wittmann and his
team have subjected them to stringent formal standards. As a result the
automation project led to all concerned adopting a more structured,
cross-enterprise approach. That was the only way to lay the groundwork
for smoothing the running of the test machinery.

Automation of the tests is managed mostly through the use of two tools.
TestDirector from HP (formerly Mercury) is the link that connects test
management by the specialist testers. The bank already had the tool,
but it had not been widely used. Test data is maintained and made
available through use of SQS-TEST
/Professional.
The SQS tool has the major benet of working through the use
of synthetic data and not requiring production data. In this way, previ-
ously used specialist test data can be reused in the next test. Time-travel
functions automatically set the dates required at the actual date.
In a second step the Stuttgart specialists harmonised the test proce-
dure with the specic features of the SAP
systems used. SAP
BW,
for example, works with process chains that differ from those used in
testing. To reconcile the two worlds we needed sufcient time, Witt-
mann recalls. It is not something that you can simply do in passing.
And because systems other than SAP
supply data, his team also devel-

oped a data driver that bundles the various information into a test case.
Less expense, more transparency
The Stuttgart bankers were satised with the rst months of automated
testing in their SAP
environment. The speed of testing in particular

has increased considerably. It does not matter whether we put ten or
100 cases to the test automatically, the time it takes to run them is more
or less always the same, says a delighted Wittmann. The results are
available in a matter of hours. That, he says, is a signicant benet. In
the past the bank regularly had to second staff from specialist depart-
ments to carry out the necessary tests.
The support team also appreciates the gain in speed within three
hours they know where they stand in a given project.
The initial investment will pay for itself over time, especially as the
procedure and test automation are now also available for other devel-
opment and maintenance projects within the company. The success of
these new approaches to quality assurance in the SAP
environment has
convinced the Mercedes-Benz Banks management.
Mercedes-Benz Bank
Services that the Mercedes-Benz Bank provides are nancing,
leasing, insurance and eet management for the Mercedes-Benz,
smart, Chrysler, Jeep, Dodge, Mitsubishi Fuso and Setra brands.
In its direct banking business the company offers overnight and
xed-term deposit investments, savings plans, investment funds
and certicates. As a nancial service provider for leasing and
nanc ing, the Mercedes-Benz Bank has acquired a fund of
ex perience over a period of more than 40 years. It began direct
banking with nancial investment and credit cards in July 2002.
The bank now serves around one million customers. In its leasing
nance core business it currently has around 800,000 contracts
with a combined volume of 16 billion. Its deposit-taking business,
with about 260,000 contracts, totals over 4 billion.
Dr. Torsten Wittmann, Mercedes-Benz Bank AG,
says, Automating software tests boosts eciency
signicantly.
STRaTEgIE STRaTEgY
Effective testing of SaP
solutions
Tere is now growing demand for SAP
Solution Manager and a key

driver of this has been the service and support strategy of the Walldorf
software house. Te SAP
application management platform includes

a high-performance, and for SAP
customers, a licence-cost-free test

management component. On the one hand, this is a plus from a custo-
mer point of view, while on the other, the decision to procure a testing
tool should always be made after a detailed, systematic and complete
examination of quality assurance in SAP
projects.
SAP
implementation projects generally prove extremely complex and,

as a result, carry a high potential for risk. Here, comprehensive, system-
atic testing of the software makes an important contribution to red-
ucing errors. Testing tools such as the test management components of
SAP
Solution Manager can increase efciency considerably. One thing

must be borne in mind, however: before improving the efciency of the
test activities, their effectiveness must rst be assured.
Effectiveness before effciency
Surveys show that almost 70 per cent of companies do not follow a
uniform, consistent testing procedure. One in two companies cannot
show that they use any set testing strategy. The well-known saying
a fool with a tool remains a fool aptly describes what has been found
to be true: that dened test processes conducted properly by skilled
testing personnel must be in place if testing tools are to be employed
successfully.

The fact that a tool is provided at no licence cost should not mean that
the costs and implications of implementing and using the tool should be
underestimated. Selection should therefore always be the result of care-
ful and systematic evaluation, including a complete cost-benet analysis.
For this, independent testing specialists must have in-depth market and
product knowledge and be able to identify any strengths or weaknesses
in the tools and address these without any conicts of interest.
Once a decision has been made for a product, implementation should
take the form of a project. In the course of implementation, process
ows and documentation must be adapted, users trained and, where
necessary, interfaces set up for the purpose of integration with the exist-
ing system landscape. In addition, tool operation and support must be
organised. Strong involvement of users in this process helps ensure their
acceptance of the product and the later utilisation of the tool. A pilot
project is suitable for checking feasibility within a limited context.
Early fault prevention
Quality assurance measures should never be restricted just to the testing
of the software. In fact, fault prevention is much more effective and
cost-efcient than testing for faults in order to identify and remove
them. Preventive quality assurance begins early on, with the planning
and preparation for a SAP
project. To ensure effective prevention,

pro fessional quality assurance providers offer their customers an inte-
grated consulting service throughout all stages of the project. Using
standardised procedures, they evaluate activities and ndings and draw
up recommendations for optimisation. The customer is thus afforded
across-the-board transparency, and the risk posed to his project is
reduced. Here, the principle holds true that quality assurance provided
by independent parties ensures openness and objectivity.
SaP
expert Philipp gerber recommends a systematic approach

when implementing testing tools
Read on to discover:
>> why testing tools are not a cure-all
>> what to bear in mind when choosing and implementing
testing tools
>> why effective quality assurance begins well before the
testing stage
Philipp Gerber ...
is head of the SAP
Center of Excellence at SQS Software Quality

Systems AG. Since 1997 he has, in various capacities, been taking
SAP
projects forward. Among his responsibilities is a global SAP

implementation project for Deutsche Post AG.
BUSINESSTECHNOLOGY LEADERSHIP
CIO provides opportunities to debate and discuss the issues you
face everyday and learn fromfellow CIOs practical experiences
Visit www.cio.co.uk to join the CIO strategic network today
www.cio.co.uk .co.uk
HowdoyouaccesstheCIO
strategicnetwork?
Project1:Layout 1 21/2/08 15:53 Page 1
STRaTEgY STRaTEgY
high baseline quality with standard software
Thomas Mangel, head of Development at Postbank Systems ag,
on the use of SaP
in the banks core business and testing as a profession

Dr. thomas Mangel ...
is a member of the Executive Board of Postbank Systems AG,
responsible for the IT projects of Deutsche Postbank. Te company is
the IT service provider of Deutsche Postbank AG, one of the largest
banks in German retail banking. Previously, Mangel had other areas
of responsibility at Postbank, for example as Managing Director for
IT Infrastructure. Dr. Mangel was involved in the development of
the core banking system in collaboration with SAP
as Head of Tech-
nology of Postbank Systems AG from entering into the contract with
SAP
through to implementation.
Deutsche Postbank is breaking ranks with the majority of the other
large banks by using SAP for its core business activities. Why?
Postbank has undergone rapid change in the last ten years developing
from a public institution into a now global bank that is a leader in retail
banking. This was in part achieved due to the companys decision in
1999 to pave the way with standard software and SAP

as the basis
for core systems for retail banking. The situation at that time favoured
this approach since the strategic plans of Postbank and of SAP
tted
each other very well. We were looking for a system that covered all the
important functions of a global bank with the emphasis on retail bank-
ing customers. At the same time, SAP
was on the lookout for a strong

partner able to deliver the input for such a system as a standard solu-
tion a partner who also had rst-rate knowledge of the fundamental
technical requirements such as performance and operating procedures.
We were prepared to provide this expertise.
Does the standard software today oer what Postbank at that time
was hoping for in terms of functionality?
Yes. Among the most important components is the core transaction
system for current and savings accounts. It manages all accounts and
maintains all transaction data. On top of this, it stores the master data of
both business clients and retail banking customers. In short, the system
is our transaction machine. If, for example, at the end of the year, Post-
bank accounts are faced with 30 million transactions within two days,
then this is all done via the SAP
system. In total, we manage around

ve million current accounts and over 17 million savings accounts using
this solution. In addition we manage more than seven million cards for
our customers through this system.
Tere was a lot of scepticism expressed at the start of your collabor-
ation with SAP. What were the greatest obstacles and how did you
overcome them?
We were clear from the outset that a standard software solution was
being created and that this required particular role allocations between
SAP
and Postbank. This was the very reason why we decided to col-
laborate with SAP
. Rather than drafting a system design ourselves,

we limited our responsibilty to providing the business expertise and
describing the requirements and contributed our experience in opera-
ting automated and highly efcient IT systems on a broad basis. This
approach suited the SAP
position. The relevant parties indicated to us

that they needed someone who, after the product was developed, would
demonstrate that the system could be used as a standard software solu-
tion. However, we were expected to leave it to the expertise of SAP
to
convert the requirements into a exible software solution.
Quite a big risk for such an important system ...
Of course, we asked ourselves this question too: could we place our
condence in something like this? The result of these deliberations was
an approach with which we fully aligned the priorities of the bank with
this project from the Executive Board to the individual employees.
In the end, were you not dealing with two projects rst, supporting
SAP in creating the standard software and then implementing the
software?
Yes, these were two logically separated parts, although there were over-
laps in chronological terms. As part of an initial phase, SAP
had to
deliver a parameterisable solution, or as SAP
puts it: customisable. We

had to adapt the functions provided to our individual requirements
as in every normal SAP
project. We did have a few advantages and

synergy effects, though. Thus some of our developers worked at SAP

from the outset in order to get to know the system at the development
stage. This insider knowledge then stood us in good stead later on at the
customisation stage.
Did SAP grasp and implement the expertise from Postbank from
the outset?
SAP
had also familiarised itself with what a standard banking solu-

tion has to achieve. And we provided application scenarios based on use
cases from our specialist areas. It also helped that SAP
was not a com-

plete newcomer to the banking environment. The company had already
had solutions for nancial services providers on the market, for example
SAP
CML for the credit business as well as SAP
BCA, a predecessor
of the core banking system developed in collaboration with us. We were
therefore able to presume a fundamental grasp of banking software and
concentrate on the technical and operational specications.
How did you ensure quality?
Quality management (QM) was a fundamental part of the program
structure. This provided for a multi-level project hierarchy in which
QM took on a support function at the program management level.
The program manager was thus assisted by a quality manager, who,
along with his team, took on responsibility for quality across the entire
program. Of course, each individual project had its own quality objec-
tives, but at the across-the-board program level, there was one person
in charge of quality who pulled all the individual strands together, for
instance, the specications for fault removal plans and the tracing of
fault removal. Here, too, there were two stages: rst, we checked using
predened test cases to see whether the SAP
solution was suitable for

standard software. And, in a second step, after customising, we tested to
see whether the system delivered exactly what we need at Postbank.
And there were no big surprises on commissioning?
You can compare the replacement of a core banking system with a heart
transplant. Particularly since we were also changing the entire technical
infrastructure from BS/2000 to an IBM mainframe and server. With
such a step, it goes without saying that the quality assurance was set at
the highest level. In addition to the traditional levels such as module
and integration tests, we therefore ran additional intensive tests simu-
lating operational conditions. Postbank Systems built a test bench for
this purpose that simulated actual operation. On it, we ran what is
known as a production run without customer impact over a period of
several weeks with up to 500 bank employees. This enabled us to ensure
a smooth start for the new system.
Who is now taking charge of quality assurance for the operation and
maintenance of SAP?
We decided early on that testing is a discipline all of its own. A separate
organisational unit is responsible for test management. Testing is thus not
a task that, for instance, developers or the specialist departments perform
in addition to their own tasks. It is taken on by specialists, essentially test
managers with responsibility for adhering to a particular method ology,
test engineers with technical system expertise and the testers themselves.
Separate job specications ensure that we have the necessary skills at our
disposal. If, for example, a regression test of the SAP
system for bank

giro transfer is due to be done, we need specialists who know straight off
which test cases in our database are needed for this.
How is the SAP systems test performing today compared to, for
instance, software developed in-house?
It basically holds true that SAP
as a provider of standard software deliv-

ers good basic quality for instance, updates and functional enhance-
ments. This means that we are building on a level of quality comparable
with the quality offered with self-developed software before this goes
into the integration test. If the product supplied does not include any
functional adaptations relevant to us, we carry out a specied quota of
regression test cases. It goes without saying that the responsibility for
the production run for both self-developed and standard software lies
with ourselves.
STRaTEgY STRaTEgY
Much more than an extended workbench
India is regarded as a future world economic power. Its IT capital
is Bangalore, where several thousand IT companies have now set up
operations. As a result of the enormous demand for highly skilled
labour, in and around Bangalore there is a higher-than-average turn-
over of sta of as much as 35 per cent. But this is not the case at
SAP
, which in 2004 began having its software validation performed

by Indian specialists. Tree years later, sta turnover is far below the
average for the industry.
When SAP
considered outsourcing software testing activities to Ban-

galore, the company was cautious due to the many adverse reports based
on rst-hand experience there. Personnel consultants reported a staff
turnover of between 20 and 40 per cent annually. Few companies had
employees with more than ve years service. And press articles had
reported that the delight at low labour costs in this emerging market
would not be maintained, since, on average, around 25 per cent of
employees leave the company within their rst year.
Despite these negative gures, in 2004 SAP
decided to set up a soft-

ware testing centre in Bangalore. This centre was intended to carry out
the nal steps in the validation process directly before releasing the end
product. These nal tests provide simulations of customer scenarios,
including implementations, upgrades and patches.

Before the commencement of offshoring activities, the validation team
had consisted of 30 permanent members of staff in Germany who col-
laborated with 60 freelancers, mostly consultants, from all corners of
the globe. To expand the service portfolio and meet new requirements,
SAP
continually recruited more staff to its team of testers and set out
by rstly appointing ten Indian project managers and ten Indian system
SaP
is also testing its software in India

SaP
Manager Martin adam knows why

>> how SAP
is building up testing expertise in India

>> which strategies are successfully reducing staff turnover
>> who is commuting regularly between Walldorf and Bangalore
administrators for the Bangalore operation. In close collaboration with
the head ofce in Germany, they were given both off- and on-the-job
training in preparation for their work. In the period following this, the
company appointed more system administrators and professional testers
in Bangalore. Thus, in addition to the team members in Walldorf, there
are now around 100 full-time Indian SAP
staff in the software testing

division. As a result, the number of freelancers required has dropped
considerably.
How has SAP
managed to contain the turnover of skilled labour typical

of this region? How do you keep employees happy and in their posts?
Responsibility on the ground
Success is achieved through a number of different factors. Firstly, it was
very important to gradually hand over more and more responsibility to
the Indian employees on the ground. The team in India is very much
more than an extended workbench and head ofce worked hard to
convey this to staff convincingly.
Thus the scope of responsibility of the Indian employees grew continu-
ally: rst, they carried out the regression tests for software corrections,
then they carried out upgrades as well and, nally, took on responsibility
for performing the tests. Today, the team in Bangalore is responsible for
designing some of the SAP
tests used worldwide and also provides

project managers for several important global projects.
This is coupled with intensive team development. Workshops, regular
review meetings and joint activities such as trips help promote cohesion
and appreciation of each others qualities. Adhering to a clear structure
of meetings from the outset has also proved very efcient. In addition to
monthly review meetings with management, the validation team intro-
duced weekly team meetings and regular telephone conferencing. On
top of this, staff hold works meetings from time to time with manage-
ment participation. This means that there is an open, trusting team cul-
ture among management and staff. From the very rst day too, a good
relationship was built up between the two head managers in Germany
and India. These one-to-one meetings also played a role in this some-
thing that is not necessarily the order of the day in India.
Travel between two cultures
This dialogue between cultures cannot be a one-way street, how-
ever. The Indian members of staff who wanted to learn new skills at
the SAP
headquarters travelled to Germany. Likewise, the German

staff members who would later be in charge of knowledge transfer
and setting up the team went to Bangalore. And, as a matter of
course, all team members underwent intercultural training to get to
know the business culture of the other country.
Meanwhile, low staff turnover is underpinned by a hiring policy with
clear job specications for candidates. In addition to one German and
one Indian manager, a local HR specialist was also put in charge of
interviewing. This meant that the Indian personnel consultant could
explain any key issues about the cultural background of applicants. As
well as those selected locally, ve Indian students were appointed who
had completed a one-semester work placement in Germany with the
software validation team.
To sum up, after three years of collaboration, nearly all team members
are still on board. During this period, SAP
has established a culture of

division of labour. If it looks like it makes sense or seems necessary to
delegate responsibility to Bangalore and the resources are in place for this,
they just do it. This is why, for example, the project managers for devel-
oping and validating three important SAP
solutions are to be found in

India. Currently, this offshoring of testing is running smoothly.
Dr. Martin Adam ...
... studied mathematics and computer science and has a PhD in mathe-
matics. He has worked at SAP
in Walldorf since 2001 and is head of

the Production Unit Solution Validation division, which is respon-
sible for quality assurance testing directly before product release.
BEST PRaCTICES BEST PRaCTICES
Software testing becomes automated
With its new range of dual clutch transmissions (DCTs), GETRAG
FORD Transmissions is seeking to combine the advantages of auto-
matic and manual transmissions in one solution. Te level of IT com-
plexity involved in these mechatronic systems is considerable. And
this means that their quality assurance requirements are just as high.
By automating the testing process, this automotive industry supplier
is ensuring system reliability and safety while at the same time opti-
mising cost-eectiveness.
One of the fastest-growing divisions of GETRAG FORD Transmis-
sions is that of product development. Here, software continues to
constitute a major part of the new mechatronic systems. One example
of this is the new dual clutch transmissions, which offer great dynamics
with optimal efciency. On one hand, these dynamics come from the
engine, which has a specic speed. On the other, the vehicle itself creates
great dynamics, which pushes up the requirements for calculating time
and correct computing of the data by the processors. We havent built
3 GHz Xeon processors into our transmissions, but instead 66 MHz
processors, explains Jrg Hermes, the specialist in charge of valida-
tion and verication at GETRAG FORD Transmissions. We of course
have to test the software much more intensively and extensively and also
be able to verify this check, since the control software has relevance for
safe operation.
Control software
The control software in the dual clutch transmissions is responsible
for carrying out the right gear change at the right time. Thus it has
to pre-engage the correct gear, as is its job under normal operating
conditions. On top of this, the software also performs diagnostics.
It registers when there is a fault in the transmission system and in
this event triggers countermeasures.
One example of this is a sensor that recognises whether, for instance,
the rst or the third gear is engaged. If the sensor is faulty, the control
gETRag fORD Transmissions is reducing IT costs
for developing dual clutch transmissions
>> how software ensures engine safety
>> legal requirements for software tests
>> what reduces the cost of repeat tests
software can no longer ensure correct gear changes and then blocks the
gear train affected, but still allows the driver to continue safely until he
can either drive the car to the garage for repair or steer it in a controlled
manner on to the hard shoulder.
The control software runs on a separate operating system supplied fully
tested by the manufacturer of the transmission control unit (TCU). Con-
nection takes place via an electronic interface to the ABS (antilock brake
system), ECU (engine control unit) and EIC (electronic instrument clu-
ster). It is important that the safety design includes an additional level for
the safety software. With this two-level principle, this separate software
checks the ndings of the control software via validity checks.
Model-based development
The control software of the transmission is subdivided into various
logical subsystems. The engineers at GETRAG FORD Transmissions
design it on the basis of a structured analysis. In doing so, they follow
the approach of model-based development. In addition to the product
development requirements, they also have to full numerous legal con-
ditions in the process.
ISO IEC 61508 is the applicable standard here. It stipulates particu-
lar development measures and methods that are largely covered by the
V-model for software development also used by GETRAG FORD.
When testing, the validation team at GETRAG FORD Transmissions
asked themselves two main questions: which testing methods meet the
specications of the ISO standard for the unit level test? And which
framework is necessary to accommodate the particular features of
model-based development? We had to nd a workable solution that
was applicable across the board as well as being economically ef cient,
says development engineer Bernd Jakoby. We were unable to nd such
a solution on the market, since the ISO standard does not yet take
account of model-based development and the tools for the different tasks
in the development process offered only self-contained solutions.
GETRAG FORD Transmissions therefore implemented its own
development and testing process, including an integrated tool solu-
tion, S-Test. The name stands for security testing and was developed
in-house as a linking tool.
It primarily links the modelling tool Matlab Simulink from the
company Mathworks and the CTE XL Test Editor from Daim-
ler. S-Test opens selected models from Matlab and creates an XML
le that the CTE XL Editor can convert into test cases. It also spe-
cies the required test sequences. S-Test subsequently loads these
les as soon as tests are due to be performed. S-Test then gener-
ates the test environment and starts up the relevant test sequen-
ces in the Matlab Simulink tool. Then S-Test converts the analysis
and documentation of the ndings into les that the CTE XL Test
Editor can read out. Finally, these les and the Matlab models are
fed back into the Rational ClearCase tool from IBM, concluding the
software testing and development cycle in question.
Turning theory into practice
Once the engineers at GETRAG FORD Transmissions had implemen-
ted S-Test, they still didnt know whether their solution would also be
usable in practice or if the costs would decrease as hoped. Hermes and
Jakoby therefo re contacted the independent software testing special-
ists at SQS Software Quality Systems. As part of a pilot project, their
remit was, together with other experts at the Fraunhofer Institut IESE
(Institute for Experimental Software Engineering), to nd out whether
checks could be done with the S-Test software at a developer level and
whether the cost calculations carried out previously were in fact realis-
tic. The SQS experts were also to analyse across the board whether the
testing strategy at GETRAG FORD Transmissions was in line with the
state of the art in embedded software development.
SQS was chosen for this because the company had already had expe-
rience of testing in automotive engineering and aircraft construction
validation projects. The individual steps were as follows: SQS set up a
test procedure, detected errors within the tool chain and established a
documentation system in close consultation with the developers.
On the whole, S-Test proved a success, since it is suitable for non-testers
too as a relatively easy to operate, intuitive tool, says Jrg Hermes. But
we still did nd some process ow errors and this enabled us to make
some improvements before issuing it to our colleagues for use. Thus
the development division brought in additional aspects of modelling,
meaning that the functions of S-Test also had to be enhanced. As a next
step, the quality experts also increased the reusability of the test cases,
since, in practice, the software checks mostly consist of repeat tests,
known as regression tests.
Both the developers and the testers of GETRAG FORD Transmissions
dual clutch transmissions are happy with the solution arrived at.
Be cause the software tests are now easier to carry out, particularly as
many manual steps run automatically, the costs of quality assurance
have also fallen. On top of this, the current procedure supports the
cross-test design. Bernd Jakoby is pleased to report that all model spe-
cications are now subject to a clear-cut version check. From the model
to the test, we now have an integrated system.
With this foundation, GETRAG FORD Transmissions is currently
taking the next steps along with four SQS employees. They are exten-
ding the procedures established in the pilot project to all models of
the transmission control software. They are gradually transferring their
newly-gained expertise to developers. The latter should be able to set up
the tests themselves soon. This will push automation further ahead and
drive costs further down.
BEST PRaCTICES BEST PRaCTICES
the impact of shortfalls in quality
Skype failure for almost two days:
a chain reaction caused by software faults
For almost two days, the Voice Over IP (VOIP) and instant messaging service, Skype,
failed. Skype says that a chain reaction was to blame, initially triggered by the restarting of
a large number of Skype user systems after a software update. Worldwide, a large number
of computers of Skype users were restarted within a short period after a software update.
This unusually high number of system restarts affected Skypes network resources. A ood
of login requests combined with the lack of peer-to-peer resources then triggered a chain
reaction with grave consequences.
In fact, Skypes peer-to-peer network has an in-built function for repairing itself. But in this
case a hitherto undetected fault in the routine for allocating network resources arose that
thwarted the self-repair mechanism. The result was that Skype could not be used by the
majority of its users for almost two days.
Source: golem.de, 20.08.2007
Dangerous or controlled?
Tere is more and more of it. And not only that: it is free. It is under-
standable, then, that open source software (OSS) is becoming increas-
ingly popular in commercial system development projects, which
are often subject to considerable cost pressure. Te use of OSS
has to be managed, however, otherwise many a company may nd
itself in court.
A legal dispute between the body representing OSS interests,
gpl-violations.org, and the voice-over-IP provider Skype and its supplier
SMC, for example, resulted in an IP telephone having to be withdrawn
from the market. It used open source software that infringed the licensing
conditions, thereby violating rights and was therefore against the law.

Examples such as this are multiplying as more software producers
include OSS. The uncontrolled use of open source in large IT pro-
jects is therefore fraught with risk. From the companys standpoint this
can be critical for its business, because not only can it result in
direct demands for money or demands for full disclosure of the
source text, but considerable damage is also liable to be caused to the
companys image.
Transparency or commercial secret?
The main source of risk with the uncontrolled use of OSS lies in what is
known as copyright, or in equivalent arrangements under other licence
agreements. In this case the OSS licence calls for the disclosure of sour-
ces, including further developments or derivations. The term derivative,
in particular, can be interpreted so widely, depending on the licence,
that the mere use of an OSS module will lead to the entire system
being classed as derivative. As a rule though, commercial producers
do not want to disclose all or parts of the source code of their sys tems,
because this source code is usually not only intellectual property but
may well also include commercial secrets. Nevertheless, anyone who
wishes to utilise the huge productivity gains to be had from using readi-
ly available subcomponents from OSS sources with an acceptable degree
of risk needs active licence compliance management (LCM).

For relatively small organisations or projects with manageable levels of
complexity, risk assessment can conclude that neither a formal LCM
Using open source software is not without its risks
Licence compliance management helps avoid the stumbling blocks
Read on to discover
>> which risks are associated with open source
>> why the topic of open source keeps some courts busy
>> which form the management of open source software should take
process nor one-off regular examinations of the system are necessary.
However, the decision to run such a risk must be taken consciously
and take account of all relevant information. In short: awareness of the
lawful use of open source software must be a given.
Te process of establishing licence compliance management is
made up of four phases:
Denition: First, management must dene the strategy for the software
system that is to be examined. This is generally based on the intended
purpose and the area of application. The development teams can then
use the strategy to derive specic rules on the use of OSS components.
Screening: This phase determines the composition of the particular soft-
ware system. Specialised tools are not only able to establish the obvious
use of certain components but can also detect secret copying at source
code level.

Analysis: The results of the screening rst have to be interpreted and
validated. This may render it necessary to check the ndings against the
licence rules of any OSS components that have been used.
Control: On the basis of the information obtained in the preceding
phases, whatever short-term corrective measures that may be necessary
can now be initiated. In some circumstances the consequence may also
be that long-term changes to the product strategy or even corporate
strategy are required.
Targeted risk control
Companies can also use the results of the LCM process to position them-
selves within a maturity model on the use of open source software. This
produces a high level of transparency concerning where a company is
situated in terms of its LCM and which risks still persist. This gives the
IT management a tangible matrix to work with so that it can target the
risks and reduce them step by step, and at the same time reach a higher
maturity level. The maturity is usually determined by an assessment.
A very low level of process maturity, for example, would be classied as
unaware by analogy with the CMMI
(Capability Maturity Model

Integration) process standard, while an organisation with a very high
level of process maturity would be assigned the seal strategically tested.

Measuring process maturity in this way according to a level model has
proved very successful in practice. It puts a company in a position to
carry out an assessment of current risks while at the same time advan-
cing strategic target setting.
Dr. Frank Simon, SQS AG
aDVERT
TRENDS TRENDS
London or New York where to list
Why do companies go public? To become better known, gain access
to capital, create a larger market for their shares and deal on a basis
of equality with major international clients. To broaden their share-
holder base and potentially give existing shareholders the chance to
exit. To raise their prole with a view to expanding operations into
new international markets. And to reward and encourage employees
through the introduction of share incentive schemes.
These reasons particularly apply to companies of all sizes that are
considering an international listing, and the choice for middle-sized
companies is arguably to seek a listing in either New York or London,
with a choice in London between the Main Market and the Alternative
Investment Market, or AIM, launched in 1995. Which might it be,
and why?

Eight or nine years ago, a New York listing was felt to be chic, but
in the nal analysis the hard nancial facts are what counts. Londons
AIM is the worlds leading market for smaller, growing companies in all
business sectors from all over the world. Over 1,500, including several
hundred non-UK companies, are listed on AIM. Its success is due to a
simplied regulatory environment that is specically designed for the
needs of smaller companies. The German stock market no longer has
anything comparable.

Unlike most other markets, AIM does not stipulate minimum criteria
in relation to company size, track record or a set number of shares to
be in public hands. That, for a start, makes it more accessible than the
NYSE. It has a simple admission process and appropriate regulation for
smaller companies, and it offers UK tax breaks for investors in AIM
companies.
Compelling reasons
Gaining access also costs less in London, and that means not just the
initial cost but the ongoing costs of compliancy with the SECs report-
ing requirements and with the provisions of the US Sarbanes-Oxley
The marketplace of choice
Which is the right one for middle-sized companies?
Read on to discover
>> the benets of an international listing
>> why an NYSE listing has lost much of its chic
>> where AIM has the edge on US exchanges
>> how going public has beneted SQS
Act of 2002. Costs are up to 10 times higher in New York than in
London. A UK listing that costs 150k a year can cost between 1m
and 1.5m in the United States, and in view of the extent and risks of
liability involved, D&O insurance for companies listed in New York
has become hard to nd at any price.

Not surprisingly, European stock exchanges are raising more new
money from IPOs and attracting more international IPOs than US
exchanges and London leads the way, accounting for more than half
of new issues in Europe. London now employs more people in nan-
cial trading than New York, and its trading volumes have in recent
years been much higher than Wall Streets. These, then, are some of
the compelling reasons why London is the marketplace of choice for
international companies.
Companies apply to delist
Where does that leave the two? London has been successful in attract-
ing a large number of companies and in trading high share volumes
that generate business for platform operators, traders, and so on. In
New York, SEC requirements have scared off international companies.
BASF, E.ON and Bayer are among German companies that are app-
lying to the SEC to delist in New York (which, by the way, is easier said
than done). That still leaves 11 DAX companies listed in New York, but
Bayer reckons it will save 15m a year by delisting, while its New York
listing costs Siemens 30m a year.

For Martin Graham, the head of AIM, the challenge is to ensure that
London does not price itself out of the market with exaggerated regu-
latory requirements. As long as it does not make this mistake, London
will have the better starting position. New York in turn must ensure that
its regulatory requirements are less exacting, especially for international
companies. Otherwise it will tend to continue to become less attractive.

With the current state of the market, fewer companies are oating than
was the case a couple of years ago. That, however, is not because they
would not like to go public but because capital is harder to raise when
markets are volatile. Yet the number of IPOs remains relatively high
in London, perhaps 100 a year in the Main Market and twice as many
in the AIM.
And, regardless of the state of the market, the reasons for going public
are unlikely to change much. They are, essentially, to raise fresh money
for investment and acquisitions and, in the case of SMEs, partly to
enable founders to realise some of the companys value.
going for international growth
Take SQS. In 2005 the Cologne-based software testing and quality
management company became the rst German rm to seek a listing
on Londons AIM market. It has doubled its market capitalisation in a
little over two years as a result of listing in London. That has enabled
it to make selective regional acquisitions in the UK, Ireland and South
Africa and to expand into management consulting with an acquisition
in Austria. And these acquisitions have to a large extent been paid for in
equity. The capital that was raised also helped to boost organic growth
by more than 20 per cent.

Going public has sharpened the companys image and made it better
known, especially as many of its clients are also listed in a major inter-
national marketplace and are able to nd out more about SQS in ways
with which they are familiar. So SQS feels that the bottom line has been
decidedly positive.
An international listing makes business more transparent and more
professional, and that applies to middle-sized companies and not just
to the DAX 30. It is denitely to be recommended as a way forward,
and interested companies should not let themselves be discouraged by
market vicissitudes.
In particular, companies that are going for international growth and
might like to nance acquisitions by means of a share issue should con-
sider an international listing, and London is a good choice. Liquidity is
a crucial factor, and that means trading volumes, which speak for them-
selves. Language is another factor, which is why English is preferable to
a listing in a country with yet another language.

Finally, a word of caution. Going public is like getting married. It is a tie
that must stand the test of time. But no company needs to be told that
it must think hard before committing itself.
Paul Bewicke
TRENDS TRENDS
Development managers urgently required
!
?
?
Oshore outsourcing of software development is not a zero-sum game
when it comes to jobs. It is a false assumption that just as many jobs
at home are lost as are created in India, eastern Europe or elsewhere.
Instead, the case is that specialist service providers in particular are
creating a multitude of new jobs in central and western Europe.
80 per cent of companies that rely on offshoring, according to a study
by the US consulting rm Booz Allen Hamilton, give cost reduction as
the deciding factor. Yet in the last three years, the lack of skilled labour
has emerged as a key reason for pursuing this option. Indeed, whereas,
according to the survey, in 2004 fewer than 40 per cent of respondents
cited access to skilled labour as a reason for offshoring, last year this
gure had risen to almost 70 per cent.
a high demand for specialists
According to the analysts at Pierre Audoin Consultants, this demand
for expertise instead of simply cheap labour is creating a lucrative
market segment for local providers of specialist services and thus also
jobs on the ground. As PAC analyst Melanie Mack observes: Through
the increasing industrialisation of IT production, the need for specialist
from worker to manager:
IT offshoring is changing job profles and creating onsite jobs too
>> why IT offshoring is not a zero-sum game
>> who benets on site from offshoring
>> how the IT labour market in central and
western Europe is changing
staff for quality assurance is on the rise. The primary task of service
providers operating in this market is to demonstrate clearly to users the
advantages offered by separate specialists as opposed to system integra-
tors. Here, the offshore component must play a key role in the service
portfolio offered, since the days of steadily growing budgets for software
development and testing are over. Providers can respond to the resulting
pricing pressure with exible onsite-offshore models, according to the
PAC study.

The efcacy of the onsite-offshore mix is demonstrated by the success
story of SQS Software Quality Systems AG in the last two years. Sales
and staff numbers have nearly doubled in this period. Whilst South
African operations in particular showed these high growth rates, the
European branches of the company also grew more rapidly than the
average in the IT service market as a whole.
Not everything is outsourceable
Developers and testers at home are therefore affording themselves new
career options when they get used to working with colleagues who
may be located thousands of miles away. This internationali sation
involving set tasks remaining on site is opening up new long-term
prospects for the home labour force. This is due to the fact that if a
customer wants to achieve his specied time, cost and quality objec-
tives through outsourcing, he will still always have to set up a strong
onsite team. The experience gained from the SQS projects in South
Africa shows that the distribution of onsite and offshore resources is
on average 50:50 and that it can take two years at the earliest to
reach this ratio. Only a few development projects manage an offshore
gure of 70 per cent.
If this remote and local task-sharing is to succeed, the companies and
staff in the West must instigate changes that turn operational devel-
opers and testers into managers and process specialists. This is because,
for projects distributed internationally, pure programming and testing
is becoming increasingly unimportant in western European business
locations. Instead, tasks such as project management, requirements and
change management as well as project preparation are becoming higher
priorities in western Europe. This in particular includes organising the
available staff and ongoing monitoring of results, progress reporting
and the use of resources for the project in question. Control centre work
is increasingly at the heart of day-to-day operations.

All this also requires the ability to deal with the unexpected: what
should be done if errors are mounting up and the project looks like its
running into difculties? What resources can then be used for prior-
itising and assessing risk?
Bridging the gap between business and IT
IT staff are rarely able to answer these questions on their own. They
tend instead to rely on the input of their specialist departments and
management. One element of the new job proles for offshoring pro-
jects therefore strongly emphasises intercommunication. This in turn
requires intensive training in social and communication skills and a
deeper understanding of how business and technical experts in ones
own company operate.

This need for business expertise affords many former business special-
ists the prospect of changing over to IT and developing new career paths
for themselves at the interface between business and technology. Thus
offshore outsourcing in IT can accelerate the general structural change
taking place in the labour market, provided that companies and staff
invest in the education and training required for this.
A well-written introduction to testing SAP
An SAP
solution undergoes profound changes over its life cycle.

On the one hand, it may have to be adapted for business reasons, for
example as a result of mergers or the introduction of new products.
On the other, technological enhancements or adaptations such as
upgrades and support packages are required. Both of these instances
make it necessary to carry out repeated, comprehensive testing of
applications. For this reason, SAP
AG provides its customers with

both procedure models and a complete set of tools for testing SAP

solutions. In their book, Testing SAP
Solutions, which appears

as part of the SAP
Press series, Markus Helfen, Michael Lauer and

Hans M. Trauthwein provide a complete, easy-to-understand intro-
duction to the subject matter.

The book begins with a brief outline of testing methodology. After a
short introduction to the theoretical principles, an overview is given
of the tasks involved in preparing and executing the software checks.
The focus of part two is functional testing. This section of the book
centres in particular on the SAP
Solution Manager, which greatly

supports test management. On top of this, the authors discuss the
eCATT tool from SAP
for test automation automatic testing, inclu-

ding consideration of its cost-effectiveness, as well as the SAP
Test
Data Migration Server, which simplies test data management. The
nal and third part of the book describes and explains performance
and load tests. The authors give an in-depth illustration of a typi-
cal performance testing procedure and provide detailed information
about the support offered by tools such as SAP
LoadRunner from
HP (previously from Mercury).

As a team, Markus Helfen and his colleagues at SAP
provide a
good, comprehensive overview of testing in an SAP
context. The
inclusion of plenty of graphics ensures the reader has a good grasp
of the subject matter, with the tool descriptions accompanied by
screenshots throughout. Beyond theory, the authors provide detailed
reports from customers on all aspects of the subject matter, offering
real-life examples. The book will provide project and test managers
with valuable information and suggestions on optimising testing.
Philipp Gerber
Markus Helfen, Michael Lauer,
Hans M. Trauthwein:
Testing SAP
Solutions. Rockville,
MD (SAP
Press) 2007. 47.99.

Book review
Ren Gawron ...
has been Chief Financial Ocer (CFO) of SQS Software Quality
Systems AG since 2001. He is primarily responsible for administration,
accounting, nance, mergers and acquisitions, investor relations and
the consulting rms personnel.
TRENDS
Tis article examines the experience of environment management
at two organisations and identies some of the common concepts
in approaching the projects as well as some of the recommendations
and techniques employed.
In the rst, environment services were provided to support the testing
on a programme to integrate a replacement billing system with existing
systems for a telecommunications provider to ensure a seamless trans-
ition for customers.

In the second, an investment banks environment management pro-
cesses and tools employed were reviewed. As a consequence they then
implemented the recommendations alongside a migration of existing
non-production environments from one data centre to another to ensure
the banks business could continue to deliver its competitive edge.

The initial step in both engagements was to understand the current
situation. This included:

Hardware Which hardware and other infrastructure was available?
Application architecture Collation of a software component matrix
across all applications and systems in use by the business or within the
relevant group.
Scheduling Understand which environments are required and when.
This step is critical to understand and plan demand.
Team dependencies Who has the required technical skills?

Once the current landscape was understood and requirements nalised
an approach was agreed on. Some of the core techniques employed and
processes that needed to be implemented were:

Service level agreements If development and test teams have service
levels, their environments need SLAs too.
Team dependencies Reduce dependencies on other teams by auto-
mating and transferring knowledge for repetitive tasks from technical
teams to environment management teams.
Access control Ensure that environments can only be modied in
a controlled manner.
Shared environments Sharing environments due to lack of hard-
ware budget is often false economy as this increases management
complexity, causes conict and results in both project compromises and
slowed project schedules.
Software components and services Ensure each component has
a reliable and dened packaging, release and deployment mechanism.
Preferably the mechanism is automated and consistent between
components.
Audit compliance The test environment is part of the test assets
and the environment build process must be reliable and repeatable
to ensure audit compliance for the overall software development and
testing life-cycle.
Environment templates Appropriate selection of software compo-
nents into pre-dened environment templates allows development, test
and environment teams to work with known congurations of environ-
ments to increase familiarity, improve support and reduce environment
deployment time.
Virtualisation and environment management tools Ensure that
hardware is used most effectively and realise the benets of being able
to deploy environment templates instantly. Enable users to self-serve
environment deployments.

In conclusion, environment issues occur across many industry sectors
and with a variety of situations and requirements. Clients can obtain
value through investing in environment management processes to
improve the overall efciency of the application development life-cycle
effort, including: improving the build and deployment time of new
environments, reducing the resource required to support and maintain
non-product ion environments, decreased environment downtime and
increased hardware utilisation and efciency.
Julian Brook
is a principal consultant for SQS UK. He has worked with SQS
(formerly Cresta) since 2000 both in the US and in the UK and is the
companys guru on test environment management.
Reducing time lost on IT projects
Environment management strategies to help
reduce 40% of time lost to environment issues on IT projects
What if you cant find the 32 hidden risks in this picture?

We know where to look.
If you look at a successful company, you will most likely find
it offers something special. For us, thats providing insurance
insight. To help our customers understand where risks are
hidden, we offer one of the largest and most advanced global
risk management networks in the world. Through a Relationship
Leader who serves as a single point of entry, you get access to
highly trained professionals who know your industry, know where
to look for risks and what solutions you should consider. In a world
where risks are changing all the time, that is special indeed.
www.zurich.com/corporatebusiness
General Insurance
Life Insurance
Risk Management
0024_ZH_GC7_uke_SQS_210x280.qxp 7.2.2008 15:10 Uhr Seite 1
ISEB Foundation Course ISEB Intermediate Certicate Course ISEB Practitioner in Test Analysis
14.04; 07.05; 28.05; 16.06 London
14.07; 18.08; 18.09; 22.09 London
07.04; 12.05; 21.07; 15.09 Leeds
21.04; 23.06; 27.08 Manchester
28.04; 07.07; 01.09 Dublin
19.05 Birmingham
19.05; 28.07 Belfast
02.06; 06.08 Woking
30.06 Edinburgh
07.04; 28.04; 19.05 London
07.07; 11.08 London
21.04; 28.07 Leeds
06.05; 04.08 Dublin
12.05 Birmingham
02.06; 08.09 Belfast
09.06; 15.09 Manchester
16.06 Edinburgh
30.06 Woking
01.09 Bristol
07.05; 09.06; 21.07; 01.09 London
19.05; 18.08 Woking
28.05; 27.08 Dublin
02.06 Leeds
16.07 Birmingham
04.08 Manchester
04.08 Belfast
11.08 Edinburgh
ISEB Practitioner in Test Management Practical Test Estimation Practical Testing Processes
12.05; 09.06; 04.08; 27.08 London
07.05; 16.07 Belfast
19.05 Leeds
28.05; 01.09 Woking
02.06; 11.08 Dublin
02.06 Reading
21.07 Birmingham
28.07 Edinburgh
18.08 Manchester
23.05; 07.07; 15.08 London
07.04 Woking
18.04 Belfast
12.06 Leeds
26.08 Dublin
17.04; 19.06; 07.08 London
13.03 Woking
01.05 Dublin
09.06; 18.09 Leeds
31.07 Belfast
Advanced Testing Techniques Requirements Testing Practical Test Design
15.05; 24.07; 04.09 London
08.04 Woking
05.06 Leeds
07.08 Belfast
06.05; 11.07; 19.09 London
10.04 Woking
11.06 Leeds
08.08 Dublin
15.05; 17.07; 11.09 London
22.05 Belfast
04.09 Dublin
Introduction to Agile Testing Practical Test Management Practical Test Planning
14.05 London
11.07 Dublin
12.05 London 07.04; 23.06; 04.08 London
14.08 Dublin
Testing Basics User Acceptance Test Management User Acceptance Testing
14.04 London
12.05; 18.08 Dublin
22.09 Belfast
15.04; 17.07 London
03.04; 25.09 Belfast
15.05; 21.08 Dublin
17.04; 15.07 London
01.04.; 23.09 Belfast
13.05; 19.08 Dublin
Test Management Advanced WinRunner 9.2 Advanced QuickTest Professional 9.2
03.04; 11.09 London
21.04 Dublin
10.07 London 24.04; 26.06; 31.07; 25.09 London
22.05; 04.09 Dublin
Fundamentals of LoadRunner 9.0 LoadRunner 9.0 Hands-On Lab LoadRunner VuGen 9.0 Scripting for the Web
28.04; 02.06; 30.06; 28.07 London
18.08; 15.09; 29.09 London
16.06; 15.09 Dublin
04.04; 02.05; 06.06; 04.07 London
01.08; 23.08 London
20.06; 19.09 Dublin
02.04; 30.04; 04.06; 02.07 London
30.07; 20.08 London
18.06; 17.09 Dublin
QC 9.2: Project Planning and Customisation Using QualityCenter 9.2 Using the QualityCenter 9.2 Dashboard
22.04; 20.05; 17.06; 22.07 London
19.08; 16.09 London
15.04; 29.07 Dublin
21.04; 19.05; 16.06; 21.07 London
18.08; 15.09 London
14.04; 28.07 Dublin
24.04; 22.05; 19.06; 24.07 London
21.08; 18.09 London
17.04; 31.07 Dublin
LoadRunner VuGen 8.1 for SAP QuickTest Professional 9.0 for SAP Using WinRunner 9.2
03.07 London 30.06 London 08.07 London
Using QuickTest Professional 9.2
21.04; 07.05; 23.06; 28.07 London
27.08; 22.09 London
19.05; 01.09 Dublin
EVENTS EVENTS
Software & Systems Quality Conferences are now held annually
at ve dierent locations. Tis spring sees premieres in Dublin and
Geneva, while the main international conference will be held for the
thirteenth time in Dsseldorf from 15 to 18 April 2008.
In Dsseldorf, Egypt will be the rst partner country at the four-day
gathering of specialists, managers and IT experts. The organiser, SQS
Software Quality Systems AG, is expecting about 900 participants from
over 20 countries. They will again be able to choose from over 100 lec-
tures, tutorials and workshops.

Partner country Egypt will present itself as a next-generation out-
sourcing location. In a keynote address Dr. Tarek Kamel, Egypts
Minister of Communications and Information Technology, will
outline the strategy and initiatives by which his country is establishing
itself as a recognised IT outsourcing location.

Offshoring is also the subject that a high-ranking panel of experts will be
discussing. Under the heading IT Offshoring: New Job Opportunities
Trends, tenets and tendencies
IT offshoring and much more at Software & Systems Quality Conferences

SQS users meet annually in a peaceful, luxury setting to share experi-
ences and gain new ideas for their own project practice. On 12 and 13
September 2007 the QUALITY user event was held in Bonn.
At the Hotel Collegium Leoninum in Bonn, SQS users spent two
days beneath the Gothic pointed arches of a former church discussing
subjects such as outsourcing, supplier management, process automa-
tion and efciency measurement. Insights into the life of professional
mountaineer Thomas Bubendorfer and a crime dinner inspired by
Edgar Wallace provided further opportunities to share experiences with
fellow specialists.

Martin Seifert of VersIT Versicherungs-Informatik GmbH was one of
the users who attended the Bonn session. He felt that practical reports
at the user conference had been especially outstanding. IT special-
ist Seifert was convinced that with the experience gained from the
speak ers you can avoid many detours in dealing with your own quality
assur ance tasks. In addition, he appreciated the relaxed character of
the gathering. You didnt notice that you were there to learn, and that
was how you learnt most.
Te next QUALITY user conference will be
held on 17 and 18 September 2008.
in Europe, analysts, service providers and corporate users will debate
the repercussions of offshore outsourcing for the domestic IT industry.
Along with market observers such as Frank Ridder of Gartner Germany
and Klaus Holzhauser of Pierre Audoin Consultants, panellists on the
platform will include representatives of, for instance, Dresdner Bank
and consultants Sogeti and SQS. Other trends and eld reports will be
revealed by keynote addresses and lectures on topics such as IT security,
test management or improving IT processes.

Starting this year, two new Software & Systems Quality Conferences
will be discussing tenets and trends in connection with software quality
management and testing. While the event held in Dublin on 4 and 5
March attracted about 100 attendees, the rst French-language confer-
ence will be held in Geneva on 20 May 2008. Subjects to be discussed
on the shore of Lake Geneva at the Htel des Bergues will include appli-
cation intelligence, test preparation and quality gates.
For more about and to register for the conferences, visit:
www.sqs-conferences.com
Practical know-how beneath gothic pointed arches
SQS user event QUaLITY met in Bonn
Training courses
Events
SQC Conference, QEII Centre
2930.09.2008, Westminster, London
More information and further UK/IRE/SA events can be found at:
www.sqs-conferences.com/uk
More information and further UK/IRE/SA For international training courses:
training courses can be found at: Austria: www.sqs.at/training
www.sqstraining.com/training Germany: www.sqs.de/training
Switzerland: www.sqs-group.ch/training
MY CITY MY CITY
Iyad f. Musa, Senior Consultant at SQS:
geneva is a city that both demands and offers a lot
Te superlatives with which Geneva adorns itself are almost intimidating. No other
city has been the home to as many Nobel laureates. Much of the worlds nancial trading
takes place here. Twenty-four international organisations, including the United Nations
and the International Red Cross, maintain a presence on the shores of Lake Geneva. If
you are undeterred by all this prestige and make the journey to southwest Switzerland
you will discover a city where you can live and spend time well very well, indeed.
The city centre has a relaxed atmosphere even on working days. Many Genevans know
and greet each other on the citys streets. Tourists mill around the Rhne bridges and
admire the Jet deau, the fountain of water rising nearly 150 metres that has been the
citys hallmark since the end of the nineteenth century. Only the constant trafc jam on
the only bridge between the two halves of the city, the rive gauche and the rive droite,
indicates that the secret capital of French-speaking Switzerland is more than just a quiet
place in a beautiful location.
In this city you have to work hard, but you get a great deal in return. This is a view that
Iyad F. Musa constantly reiterates. A Genevan by choice and a senior consultant with
SQS Software Quality Systems, he sounds a note of pride that you might expect from a
member of a family who has lived in the city since Calvins days. Yet, like many present-
day Genevans, Musa only made Geneva his home a few years ago. He is representative for
the many Genevans who ensure that the Alpine metropolis will continue tomorrow to be
where it is today in the Premier League on the commanding heights of superlatives.
That goes not only for quality of life, for which Geneva is regularly awarded top marks
in international rankings, but also for business and work. The citys classical industri-
al heritage is now, to a large extent, history. Nowadays the manufacturing industry is
-> By day
The le de Rousseau next to the Pont des
Bergues is in the middle of the city between
Lake Geneva and the River Rhne. With its
monument to the famous philosopher it is
an oasis of peace and quiet in the bustle of
the city streets and also offers a superb view
of the city, the water and the Jet deau foun-
tain. A visit to the island can be extended to
include dining at a restaurant.
Info: www.geneve-tourisme.ch
Phone +41 22 909 7000)
-> Seeing and being seen
The Place du Molard is Genevas open-air
front parlour. In the winter Genevas most
prominent Christmas tree decorates the
square, while in summer hundreds of people
sit at outside tables in the squares cafes
where the fare ranges from coffee and cakes
through to a full menu. Reservations are not
taken; you have to be there at the right time.
-> Practicalities
Visitors to Geneva need have no fear where
mobility is concerned. You can easily walk
around the city and public transport is free
for longer distances. All hotels issue the
Geneva Transport Card for the citys Unireso
local transport system.
Info: www.unireso.com
Phone +41 900 022 021
-> Spending money
Once you tire of walking from one special-
ist shop to another, you will nd everything
under one roof at the Globus department
store on Genevas up-market Rue du Rhne
(at No. 48) fashion, savoir vivre, food and
more on three oors.
Info: www.globus.ch
Phone +41 22 319 5050
always in the Premier League
34 SQS / QUALITY # 01_08 SQS / QUALITY # 01_08 35
MY CITY MY CITY
represented mainly by specialist companies. Nearly everyone knows
about watches from Geneva, and many large food companies use food
avourings made in southwest Switzerland. Commerce also has a long
tradition, especially commodities trading. But services are the be-all
and end-all of Genevas economy. First and foremost banking, which
has ourished in the city for centuries. It specialises in retail banking,
and Genevan banks manage private assets totalling around US$1.5
trillion, including Swiss banking condentiality, of course. Last but
not least, IT companies appreciate the citys international climate.
Hewlett Packard, for instance, has set up its European headquarters on
the shores of Lake Geneva.
Spirit of independence
All these success stories are accompanied by a hint of exclusiveness.
Stroll around the city and talk with people who live here and you
will gain the impression that playing in the Premier League is a part
of what Geneva is about. That may be because Geneva has something
special and in part due to its colourful past. In the sixteenth century
the city had the courage and intuition to offer a home to Calvin, the
French-born Protestant theologian. Calvin took up arms against both
the Catholic Church and the German Lutherans. This independence
of thought of the city fathers and the citizens was not without political
consequences. In 1536 the Geneva Republic was proclaimed, retaining
its independence until the nineteenth century. Not until 1815 did the
canton of Geneva become a part of Switzerland because the city and
the surrounding areas hoped to maintain a maximum of autonomy in
the Swiss Confederation.
Geneva has thrived on this autonomy to the present day. The city is
considered to be even more neutral than Switzerland, which accounts
for its popularity with diplomats and international organisations. This
attractiveness can also cause friction, of course. There is a recurring
rivalry with Zurich, for example on whether the largest international
airport in German-speaking Switzerland should be further enlarged or
if Geneva should take a larger share of the countrys air trafc. Yet no
matter how such disputes may end, Geneva will continue to emphasise
its French character and encourage the lightness of being that wafts
across from neighbouring France, combined with the proverbial Swiss
reliability and precision.
Maybe Calvin is still in the Genevans bones. It is partly due to his
legacy that they are still regularly prompted to achieve performances
that create an international stir. In the Reformation days he was con-
vinced that everyone could tell from his ability to perform his duties
strictly that he was predestined for divine salvation.
Cosmopolitan
Today, in contrast, duty and obedience are no longer the hallmarks of
life in the city. In many cases salvation is dened differently. The recipes
for success have changed, too. The attraction of Geneva today lies in
its openness, Musa says as he takes a bite of his pain au chocolat, the
chocolate-lled croissant that here as in France is an essential part of
breakfast. Regardless of whether you take the business world, dining
or the arts, you will constantly come across the courage, and sometimes
the compulsion, to go for change.
The citys international prole is a further factor for constant change.
Over 45% of residents are not Swiss nationals. Genevas residents are a
cosmopolitan mixture with an above-average education that is fed by
around 180 nations. Swiss immigration makes this possible as long
as the demand for certain specialists exists, they are granted work and
residence permits without much difculty. Foreign workers, however,
are not only here to ll gaps in the Swiss labour market, but also to
give the economy in general, fresh external stimuli. Geneva really is a
melting-pot where the colour of your skin makes no difference, Iyad F.
Musa says. If you have special skills, you belong.
The SQS consultant might be considered to symbolise the diversity of
the cosmopolitan mixture on the shores of Lake Geneva. He was born
in Syria of an Austrian mother. As a young adult he spent several years
in Vienna, where he rst learnt the German that he now speaks without
a trace of an accent. He then moved to Switzerland, where he now
speaks French like a native. The international quality of Geneva is due,
in his opinion, to the people who live in the city and to the proximity
of France, from where many frontaliers commute to the city daily.
Skilled workers also ock to the city from countries such as the UK.
It is not unusual for IT consultants to come here three days a week to
work, Musa says, and then y back home.
Quality of life
Flying back home is not a must, however, and certainly not for Iyad F.
Musa, who, after many stays in different continents, has made Geneva
his home. Wherever my wife and I have lived, be it in Singapore or in
Dubai, we almost reached the stage at which we were going to decide
to stay there. But Geneva is where we have really taken root. The
reason, he says, is that people here are simply very open to different
cultures and identities. There is also the quality of life offered by the
citys unique lakeside location amid mountains that provide countless
opportunities for sports buffs or simply excursions into the countryside.
And spending money is easy in Geneva, where the goods and services
on offer are much better and wider in range than in other cities of com-
parable size. The multicultural nature of the city offers a wonderfully
varied range of high level-possibilities. It is a climate wide open to new
ideas. Which brings Musa back to his initial claim that in this city
you have to work hard, but you get a great deal in return.
Te Htel des Bergues hosts the rst Software & Systems Quality Conferences
in French language on 20 May 2008
Jean-Jacques Rousseau, philosopher and son of the city
is still looking towards Lake Geneva today
VIEWPOINT REaDERS SURVEY / IMPRINT
Leader and lone warrior in one
When millions of viewers follow a European Championship match,
all eyes are often on just one man. Entire nations watch with feverish
interest to see which decisions he will take in tricky situations. A top
referee therefore has to be an out-and-out leader. Ultimately, his pre-
paration for top tournaments such as the upcoming one in Austria
and Switzerland takes years.
The basic requirement for success for any referee is physical tness. In
the end, he is the one who, in the course of a match, will cover the most
ground of all on the pitch: up to 15 km in 90 minutes. Furthermore,
only if you are swift and agile will you be able to keep up completely
with play as it takes place. These neutral parties selected by UEFA will
come together three times in the rst half of 2008 to demonstrate their
sprinting abilities and undergo endurance tests. However, it is the ref-
erees themselves who do the preliminary technical assessments: which
systems will the participating teams be using and how are their lines of
defence set up? Only the referees who can answer these questions can
quickly integrate themselves into the actual dynamics of the game at
the stadium.

Yet, for a top referee, the heart of good preparation is to be found else-
where: his success stands and falls with his state of mind. This is because
referees hold a position of leadership. The players and the public should
be able to trust him. They expect someone who provides them with a
point of reference. Every referee can do the mental preparation for this
role alone, as leadership ability has to do with ones individual personal-
ity. And each person has his own way of achieving inner balance. In my
case the method that works is to insulate myself. Two to three weeks
before an important tournament, I disengage from all private and work
concerns and keep everything to do with anything but the upcoming
games at a distance.
Striking a balance between rigidity and tact
The nal stage before a tournament is putting the very nal touches to
what will ultimately have been the years, indeed decades, of preparation
that a good referee undergoes. The real resource these unbiased deci-
sion-makers draw on when overseeing premier matches is experience.
The UEfa European Championship is just around the corner
and fIfa referee herbert fandel is getting ready for it
Experience is a guiding and protective force. It provides the instinc-
tive basis for making the right decisions in highly charged situations on
the pitch, often within fractions of a second. Experienced referees are
appointed to the most important international matches for good reason.
Younger colleagues may well demonstrate just as much technical and
physical ability. But by using experienced leaders, the football associ-
ations are adding a safety net for the possibility of extreme situations
such as can arise in any match.

Young referees would therefore be well advised, rst of all, to adhere
strictly to the letter of the law and rigidly enforce this. Only by doing so
will they achieve the necessary authority on the pitch. Only when they
are self-possessed enough to admit mistakes at times and interpret the
rules with tact and sensitivity will they not only have authority but also
be fully accepted by players and clubs. If a referee manages this, he will
make the transition from merely a skilled actor in events to one with a
leadership role.
Publisher &
supervision
Editorial &
co-ordination
Graphic concept &
layout
Printing Picture credits
SQS
Software Quality Systems ag
Stollwerckstrae 11
51149 Cologne, germany
Phone +49 (0) 2203 9154-0
info@sqs.de
www.sqs.de
PR-Partner Kln
agentur fr Kommunikation
Neumarkt 35/37
Phone +49 (0) 221 92150420
info@prp-koeln.de
www.prp-koeln.de
aclewe gmbh
Werbeagentur
friesenstrae 50
Phone +49 (0) 221 292129-20
info@aclewe.de
www.aclewe.de
LUP ag Lithographie &
Printproduktion
Luxembuger Str. 7983
50354 hrth, germany
Phone +49 (0) 2233 9933-0
info@lup-ag.de
www.lup-ag.de
Europastadt grlitzZgorzelec
gmbh (p. 3)
SaP Deutschland ag & Co. Kg
(Cover; p. 10-11)
Mercedes-Benz Bank ag (p. 13)
Deutsche Postbank ag (p. 17)
getrag ford (p. 21)
PR-Partner Kln/M. Schmidt
(p. 32-34)
imprint
Your views are important to us
SaP
testing
Results of the last survey
The main results of the last readers survey (subject: IT offshoring)
can be found on page 7 of this magazine.
1
st
prize Apple iPod 30 GB storage capacity
2
nd
prize Apple iPod 2 GB storage capacity
3
rd
prize Bang & Olufsen A8 earphones
Dear readers,
Answer a few questions this time on SAP
testing
and you have a chance to win.
You can nd the survey at: www.sqs-uk.com
The winners of the last survey are:
>> Michael Schrder, Postbank Systems AG (iPod 30 GB)
>> Sascha Kremer, Deutsche rzteversicherung AG (iPod 2 GB)
Congratulations!
Herbert Fandel ...
is one of the most successful football referees today. Te concert
pianist and music school director has been a FIFA-level ocial since
1998. Among the matches he has refereed are the 2006 UEFA Cup
nal and the 2007 Champions League nal. He is currently making
preparations for his involvement in this years European Champion-
ship in Austria and Switzerland.
SQC conference 2008 | Monday 29th September and Tuesday 30th September | QEII Conference Centre London
Organised by
SQC Conference 2008
Were looking to create a real buzz in 2008 with a fresh, new venue at the QEII Conference Centre. And SQC UK will be a hive of activity this
year with some fascinating speakers for what promises to be a challenging, and potentially controversial, conference theme: never too
busy the role of testing in improving productivity.
Everyone needs to pull their weight in an organisation. If a worker bee doesnt contribute to a hive, the entire colony is at risk (and no-one
gets any honey). The same can be said of organisations whose departments arent contributing effectively to the business (although honey
levels arent affected).
With insight from many industries, including nancial services and enterprise management, SQC UK will tackle this sticky subject head on
and discuss exactly what the testing community can do to boost productivity in the business space.
Be the bees knees in your company
Never too busy?
The role of testing in improving productivity.
Venue
Mountbatten Suite and
Elizabeth Windsor Room,
5th oor, QEII Conference Centre, London
Dates
Monday 29th September and
Tuesday 30th September
For more delegate or exhibitor information,
please contact the conference team.
Phone: +44 (0)20 7448 4624
Email: uk@sqs-conferences.com
Delegates
Practitioners and business delegates:
1 day: 400 + VAT per person
2 days: 750 + VAT per person
Exhibitors
There are a number of exhibitor packages
available, including sponsorship deals.

Quality 01 08 Eng

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Quality 01 08 Eng

Diunggah oleh

Hak Cipta:

Format Tersedia

The customer magazine of SQS Software Quality Systems

on it, then it has SAP

in it. But which SAP

would you like? The

is going down a path of product divers-

took over Business Objects for

products. If in the long run they

to develop an entirely new industry solution in one go (page 16). If

itself, too, has intensied the validation of its own pro-

, as ever, this edition of QUALITY brings you other current trends

security expert Sachar Paulus 8

as the banks core system 16

is also testing its software in India 18

Certied Tester). The training

to V-Model XT. The team also works

projects and hiring consultants to satisfy

Center of Excellence at SQS Soft-

/Professional and positioning it more

rollouts in Europe, America and Asia.

AG. In this capacity, he is responsible for the SAP

often requires more

BA systems. Previously, each

systems is provided by col-

systems. The banking and IT experts

systems used. SAP

supply data, his team also devel-

environment. The speed of testing in particular

Solution Manager and a key

application management platform includes

customers, a licence-cost-free test

implementation projects generally prove extremely complex and,

Solution Manager can increase efciency considerably. One thing

project. To ensure effective prevention,

expert Philipp gerber recommends a systematic approach

Center of Excellence at SQS Software Quality

projects forward. Among his responsibilities is a global SAP

in the banks core business and testing as a profession

was on the lookout for a strong

system. In total, we manage around

. Rather than drafting a system design ourselves,

position. The relevant parties indicated to us

puts it: customisable. We

project. We did have a few advantages and

had also familiarised itself with what a standard banking solu-

was not a com-

CML for the credit business as well as SAP

solution was suitable for

system for bank

as a provider of standard software deliv-

, which in 2004 began having its software validation performed

considered outsourcing software testing activities to Ban-

decided to set up a soft-

is also testing its software in India

Manager Martin adam knows why

is building up testing expertise in India

staff in the software testing

managed to contain the turnover of skilled labour typical

tests used worldwide and also provides

headquarters travelled to Germany. Likewise, the German

has established a culture of

solutions are to be found in

in Walldorf since 2001 and is head of

(Capability Maturity Model

solution undergoes profound changes over its life cycle.