Resource
What financial services firms consistently get wrong about independent quality assurance
Today
Independent quality assurance has been a feature of financial services change delivery for decades. Yet misconceptions of what it is, what it does and when it adds value remain stubbornly persistent. As programmes grow more complex, regulatory scrutiny more intense and the cost of delivery failure more visible, those misconceptions are becoming more expensive to hold onto. In this month’s blog, Dom Tovey, Assured Thought’s Head of Delivery, explains the four aspects financial services firms are most commonly still misunderstanding – and the true practical reality of genuinely effective independent QA.
Misconception 1: Independent QA duplicates what the SI is already doing
This is the most common objection, and it rests on a misunderstanding of what independent assurance is for. A system integrator's QA function is designed to verify that the SI has built what it was asked to build. That’s a legitimate and necessary activity. But it’s not independent assurance.
Independent QA asks a different question: has the right thing been built, and is it safe to release into a regulated environment? It challenges the SI's assumptions, tests the scenarios the SI may not have considered and provides governance evidence with greater credibility – because it comes from a party with no commercial interest in the outcome of the delivery.
Firms that conflate the two questions often discover the difference at the worst possible moment – for instance, when a production incident reveals a gap the SI's testing didn’t cover.
Misconception 2: High test volume is necessary for independent QA to be useful
Test volume does not ever equate to test quality – but it’s even more true in an independent QA context. A programme that runs 10,000 test cases with poor coverage of high-risk scenarios is in a worse position than one that runs 2,000 test cases designed around where real risk lives. The only function of independent QA is to provide an objective view of that risk– never to maximise activity metrics.
In financial services, the highest-risk scenarios tend to be the most complex and least obvious: edge cases in fee calculations, interactions between corporate actions and rebalancing logic, regulatory reporting outputs under specific market conditions. These are precisely the areas that internal delivery teams, when under time pressure or influenced by their own design assumptions, may overlook.
This is where independence matters. Independent QA is not constrained by delivery ownership or legacy thinking. It brings the distance and domain perspective needed to challenge whether the right things are being tested at all, not just whether tests are being executed.
Volume metrics may give Steer Cos a sense of activity. Independent, risk-based coverage provides genuine assurance. The two are not the same thing.
Misconception 3: Independent QA shouldn’t be brought in until a programme’s end
This is perhaps the most costly misconception in practical terms. Quality assurance that arrives at the end of a programme to run a final round of testing can find defects, but it cannot prevent them. By that point, the cost of remediation – in time, money and programme risk – is at its highest.
Independent QA adds most value when it’s embedded from the start: shaping the test strategy, reviewing requirements for testability and establishing entry and exit criteria that give release decisions genuine meaning. A quality engineering partner that is involved from design through to go-live is in a position to catch problems when they are still cheap to fix.
The firms that bring independent assurance in late tend to do so because an incident or a governance failure has occurred. The firms that bring it in early tend to find it prevents those things from happening.
Misconception 4: QA is a cost, not a control
The framing of quality assurance as a cost centre is understandable – it’s not a revenue-generating function, and its value is most visible in things that didn’t happen. But in a regulated environment, the cost of poor quality is far from abstract. Poor quality means production incidents, Internal Audit findings and regulatory observations – and all the operational and reputational consequences that follow.
A single client-facing incident on a wealth management platform – a fee calculation error, a rebalancing failure or a data migration defect that surfaces in portfolio reporting – can cost more to remediate than a full programme's worth of independent QA. The maths isn’t complicated. The difficulty is that the cost of not investing in quality is rarely attributed to the decision not to invest.
The reality of independent QA
The firms that get the most value from independent quality assurance tend to share a few characteristics. They involve their QA partner in the programme from the start. They give that partner genuine independence – access to programme materials, the ability to raise concerns directly to the Steer Co and a clear mandate to challenge where necessary. And they measure success not by test case volume but by the quality of the governance evidence produced and the absence of significant post-release incidents.
The output isn’t a test report. It’s a set of artefacts: a test strategy linked to programme risk, clear entry and exit criteria, structured defect management and a release readiness summary that a COO, an auditor or a regulator can understand – things that give everyone accountable for the programme genuine confidence in the quality of what is being delivered.
That is what independent quality assurance is supposed to do. When it’s working, you’ll know – not because you can see the tests, but because you can defend the release.
If you'd like to talk through how independent QA fits into your current or upcoming programme, we'd love to have that conversation with you. You can also read more about how Assured Thought works with wealth management and financial services firms like yours at assuredthought.co.uk
