Source code Review

Please explain and whom to be involved in Souce code review activity.
I think this is technical matter, how QA should involve and certify the activity.


Currently I am working in an organisation where the source code review is being performed by a in-house software engineer (one who did not write the code in question but who is independent from the code. This is important) and the other person on the review cycle is a Quality System Engineer from the Quality Systems department.

Having QA involved in this activity seems to be necessary in terms of having a full review cycle but in my opinion the Quality review process adds little to the quality of the software if the QA person has not got the neccessary knowlegde in software engineering or who has not got experience with the code in question whether it be JAVA,.NET etc

In my view it’s more of a paper exercise having a QA sign-off on source code.

But that is only my opinion.

I would be interested to hear more experiences.


I completely agree with Graham on the point that QA adds little value (or can actually be detrimental) when participating without proper technical background. I’ve seen cases where this actually can stifle a review by having to try to bring them “up to speed.”

HOWEVER, you still need to be compliant with what your procedures say. So if your procedures require QA involvement, then try to find places where QA can make a positive contribution. This could be ensuring that the procedures are followed, actions are worked to closure, etc. It should be done in the spirit of cooperation, not in the spirit of assuming engineering is trying to be non-compliant.

If they are just there because the procedures say so, consider changing the procedures.

Completely agree.

In our organisation, we too use an in-house specialist who understands the coding language and general coding standards (ie the quality side) - provided of course that we have one! The specialist documents their review of the code, including their overall findings and conclusions, particularly any deficiencies and whether corrective actions are required or not.

The validation leader then approves the documented findings - not because they understand the code (they won’t), but in order to ensure that they understand that they need either do nothing (code review was good) or they need to manage the process of carrying out the corrective actions, and getting them documented. The validation leader almost certainly won’t do the corrective actions, but they are responsible for ensuring they are done through the project team.

I hope that makes sense.