CodeExcellence's Code Quality Governance Blog

I Don’t Get It – Why is Custom Code not better Monitored?

Posted by on July 3rd, 2012 at 2:20pm

The Royal Bank of Scotland Group (RBS) recent software glitch is yet another addition to the ERP failures hall of shame. Let us not forget the Victorian Order of Nurses , or many more calamities in ERP implementation adventures. This particular software glitch has led to people not getting paid, deposits not showing up in the bank accounts, manually having to generate thousands of invoices, clogged QA cycles, and more consequences of software failure after go live, even in tightly controlled development environments.

Why is this still happening?
I know that we can empathize with the RBS team and their customer but it seems that this software glitch reveals much about Britain’s banks and the worldwide consumer banking industry.

For example, consider a brand new 15,000 line procedure in a recent source code scan we did for a significant enhancement to an ERP system. (That that it was 15,000 lines long is, firstly, a problem.) This procedure has at least one conditional statement that is nested 8 deep, and has around 755 high severity coding violations like case statements without the WHEN OTHERS condition, or missing exception handling, or no checking of return codes. Moreover, this procedure is poorly documented (14% comment lines) and has a very high cyclomatic complexity value.
Difficult to test, difficult to maintain, prone to error.

Probability of the developer leaving for greener pastures at exactly the wrong time: high. Probability of this procedure clogging up QA and UAT: also high. Cost of dealing with the issues after unit testing is “done” – probably dramatic. Chances of pushing this implementation towards the hall of shame: not insignificant (unfortunately).

This sloppiness does not need to exist in our industry today. Simple corporate application of automatic source code quality surveillance coupled with IDE’s for developers to help them identify and remove issues. Manual code reviews are ineffective and expensive. I have not met any programmer who does not want to do a quality job. All they need is direction and tools. Code quality monitoring tools like CodeExcellence, combined with developer oriented aids will help introduce a consistent application of best practices across the board.

Why do think that companies still comprise on their code quality?

*Image credit: StewC via photo pin cc

Leave a Reply

Your email address will not be published. Required fields are marked *