These issues exist because current policy does not clearly dene roles and responsibilities for documenting system requirements
and testing system functionality. In addition, software development processes do not address non-national application development.
Finally, management does not conduct quality reviews or follow-up to ensure that all phases of the process are complete. Without
an adequate software development process, the Postal Service is at risk of developing applications that do not meet customers’
needs or achieve business goals. Also, because the development process is inadequate, there is a higher risk of cost overruns
and project delays, which limit the organization’s ability to optimize infrastructure and leverage technology to drive business value.
We identied potential schedule delays and cost overruns valued at about $4.5 million.
Incomplete Requirements and Test Phase
Project teams using SDLC and TSLC are not properly developing and obtaining applications requirements and conducting system
and customer tests as required by the software development process.
5
We sampled 71
6
applications and found the following
issues related to the requirements and testing phases:
Requirements Phase
■
We found two instances
7
where requirements were developed during the test phase as opposed to the requirements phase,
and one instance where testing occurred before development was complete.
■
We found two instances where the customer
8
did not prepare the initial application requirements according to TSLC process
9
and, instead, the developer prepared the requirements.
■
We identied 37 instances where no application requirements were uploaded into the TSLC Artifacts Library and 13 instances
where incorrect documents were uploaded.
Testing Phase
■
We identied 136 instances where system and customer testing was not performed.
■
We found 47 instances where the customer did not conduct independent acceptance testing as required and; instead,
testers used the same test scripts to perform both system and user testing.
This occurred because current policies
10
do not clearly dene who is responsible for performing the TSLC requirements, design,
and testing phases. In addition, customers lack the knowledge to perform CAT testing. Finally, test environments were not always
prepared for testing, as required by policy,
11
and test exemptions
12
were not always obtained. As a result, the Postal Service is at
risk of developing applications that do not meet customers’ needs or achieve business goals. In addition, there is a higher risk of
excessive cost overruns and project delays due to increased development and operational costs for reworking issues and xing
system defects. Moreover, the development team could inadvertently introduce errors into the system or code that could expose
condential and sensitive information.
5 TSLC Agile Sprint 0/Requirements Process, Purpose Section, updated March 18, 2014; and Handbook AS-805, Information Security, Section 10-4,
Testing of Hardware and Software, May 2014.
6 Our sample consisted of ve SDLC-developed applications and 66 TSLC-developed applications.
7 An instance refers to a case or occurrence of anything.
8 The organization requesting the new application or modication to existing applications.
9 TSLC Agile Sprint 0/Requirements Process, Purpose Section, updated March 18, 2014.
10 TSLC Policy, Process Description Section, Requirements, Design, and Testing, March 18, 2014.
11 Handbook AS-805, Section 8.3.1, Distributed Postal Computing Environments; and Section 8.3.3, Testing Restrictions, May 2014.
12 Refers to the forms and approval required when testing cannot be performed in either the SIT or CAT environments.
Project teams are not properly
developing and obtaining
applications requirements
and conducting system
and customer tests.
Software Development Processes
Report Number IT-AR-15-006
7