The Great Confusion
In the software industry, the terms “QA,” “QC,” and “Testing” are used interchangeably so often that most people have stopped noticing the difference. Job postings say “QA Engineer” when they mean “Tester.” Departments are called “QA” when they only do “QC.” And “testing” is used as a catch-all for everything quality-related.
This confusion matters. Understanding these three concepts as distinct but related disciplines changes how you think about quality — and ultimately, how you build better software.
Quality Assurance (QA): The Process
Quality Assurance is process-oriented. It focuses on preventing defects by improving the processes used to create software. QA does not examine the product directly — it examines and improves the processes that produce the product.
Think of QA as the factory inspector who does not check individual products coming off the assembly line, but rather audits the assembly line itself. Are the machines calibrated? Are the workers trained? Are the materials sourced from reliable suppliers? If the process is right, the products will be right.
QA Activities
- Defining development standards and coding guidelines
- Establishing review processes (code reviews, design reviews)
- Implementing CI/CD pipelines
- Creating and maintaining test strategies
- Conducting process audits
- Training team members on best practices
- Selecting and implementing tools
- Defining metrics and KPIs for quality
- Establishing defect management workflows
- Performing root cause analysis to prevent recurrence
QA Is Proactive
The fundamental characteristic of QA is that it is proactive. It acts before defects are created. When QA introduces a rule that “all database queries must use parameterized statements,” it prevents SQL injection vulnerabilities from ever being written.
Quality Control (QC): The Product
Quality Control is product-oriented. It focuses on identifying defects in the actual product. QC examines the deliverable — the code, the application, the system — to determine whether it meets the quality standards.
Think of QC as the inspector at the end of the assembly line who checks each product for defects. They examine the finished goods, compare them against quality standards, and flag anything that does not meet the bar.
QC Activities
- Testing (all types: functional, performance, security, etc.)
- Code inspections and walkthroughs
- Reviewing documentation for accuracy
- Validating builds and deployments
- Monitoring production for defects
- Checking compliance with standards
- Reviewing test results and metrics
QC Is Reactive
The fundamental characteristic of QC is that it is reactive. It acts after the product (or part of it) is created. QC finds defects that already exist, rather than preventing them from being introduced.
Testing: The Activity
Testing is an activity within QC. It is the process of executing software to find defects by comparing actual behavior with expected behavior. Testing is the most visible and hands-on part of the quality ecosystem.
Testing Activities
- Writing and executing test cases
- Exploratory testing
- Regression testing
- Performance testing
- Security testing
- Usability testing
- Reporting defects
Testing Is a Subset of QC
Every testing activity is a QC activity, but not every QC activity is testing. A code walkthrough is QC (examining the product) but not testing (not executing the software). A documentation review is QC but not testing.
How They Relate
Process-oriented
Preventive] --> QC[Quality Control
Product-oriented
Detective] QC --> T[Testing
Activity-oriented
Execution-based] QA -.->|Defines processes for| QC QA -.->|Creates standards for| T QC -.->|Includes| T T -.->|Feedback improves| QA style QA fill:#3b82f6,color:#fff style QC fill:#8b5cf6,color:#fff style T fill:#ec4899,color:#fff
The relationship is hierarchical but cyclical:
- QA defines the processes and standards
- QC evaluates the product against those standards
- Testing is the most common QC technique
- Results from testing and QC feed back into QA to improve processes
Comprehensive Comparison
| Aspect | Quality Assurance | Quality Control | Testing |
|---|---|---|---|
| Focus | Process | Product | Execution |
| Nature | Preventive | Detective | Detective |
| Scope | Entire organization | Specific deliverables | Specific software |
| Timing | Before and during development | During and after development | During and after build |
| Goal | Prevent defects | Find defects | Find defects via execution |
| Approach | Proactive | Reactive | Reactive |
| Responsibility | Everyone (but led by QA team) | QA/QC team | Testers |
| Example | “All PRs require 2 reviewers” | Code inspection finds a bug | Test execution finds a bug |
| Output | Standards, processes, guidelines | Defect reports, quality metrics | Test results, bug reports |
A Day in Each Role
A Day in QA
Maria is a QA Manager. Today she:
- Reviews the team’s defect escape rate from last quarter and identifies that 60% of production bugs are related to API integration
- Proposes a new process: all API changes must include contract tests before merging
- Updates the team’s test strategy document to include API contract testing
- Conducts a retrospective on the last production incident to identify process gaps
- Trains junior engineers on the new contract testing approach
Maria did not test anything today. She improved the processes that will prevent future defects.
A Day in QC
David is a QC Analyst. Today he:
- Reviews the code for a new payment feature, checking against coding standards
- Inspects the API documentation to ensure it matches the actual implementation
- Validates that the build artifacts are correctly signed and versioned
- Reviews the test coverage report to identify under-tested areas
- Performs a security review of the authentication flow
David examined several products and artifacts, but he did not execute any tests.
A Day in Testing
Priya is a Test Engineer. Today she:
- Executes 15 regression test cases for the checkout flow
- Performs exploratory testing on the new search feature
- Writes three new test cases for the password reset flow
- Runs the automated API test suite and investigates two failures
- Files bug reports for the defects she found
Priya executed software and compared actual vs. expected behavior all day. This is testing.
In Real Organizations
In practice, especially in smaller companies, the boundaries blur significantly:
Small startups (5-20 people): One person often handles all three. They define testing processes (QA), review pull requests (QC), and write and execute tests (Testing). Their title is usually “QA Engineer.”
Mid-size companies (50-200 people): A QA team handles QC and Testing. A QA Manager or Lead handles process-level QA. Developers participate in QA through code reviews and unit testing.
Large enterprises (500+ people): Dedicated QA departments define organization-wide standards. QC teams audit projects. Test teams execute tests. Process improvement specialists focus purely on QA methodology.
Exercise: Classify Activities
Classify each activity as QA, QC, or Testing:
- Running a load test with 10,000 virtual users
- Implementing a rule that all commits must pass linting before merge
- Reviewing a requirements document for ambiguities
- Executing a test case that verifies the login button color
- Establishing a bug triage process with severity definitions
- Inspecting the deployed build to verify the correct version number
- Setting up a CI pipeline that runs unit tests on every commit
- Performing exploratory testing on a new mobile feature
- Defining the definition of “Done” for user stories
- Comparing the API response against the Swagger specification manually
Hint
Ask: Is this improving a process (QA)? Examining a product artifact (QC)? Or executing software to find defects (Testing)?Solution
- Testing — Executing software under load conditions to find performance defects
- QA — Establishing a process rule to prevent defects
- QC — Examining a product artifact (requirements document) for defects
- Testing — Executing the software and comparing actual vs. expected behavior
- QA — Defining a process for how defects are managed
- QC — Inspecting a product artifact (deployed build) without executing tests
- QA — Setting up infrastructure that ensures quality processes run automatically
- Testing — Executing software to discover defects through exploration
- QA — Defining a process standard that guides development quality
- QC — Reviewing a product artifact (API response) against a specification, though this could also be considered Testing if the API was actively called
Pro Tips
Tip 1: Your job title may say “QA” but your work might be “Testing.” This is normal. In most organizations, “QA Engineer” means someone who tests software. But understanding the full QA-QC-Testing spectrum helps you grow beyond just test execution into process improvement and strategic quality leadership.
Tip 2: Invest in QA to reduce QC workload. Every hour spent on QA (preventing defects) saves multiple hours of QC and Testing (finding and fixing defects). If your team keeps finding the same category of bugs, stop testing harder and start improving the process that allows those bugs.
Tip 3: Testing is necessary but not sufficient. You cannot test quality into a product. If the development process is broken, no amount of testing will produce a quality product. This is why QA exists — to fix the root cause, not just the symptoms.
Key Takeaways
- QA is process-oriented and preventive — it improves how software is built
- QC is product-oriented and detective — it evaluates what was built
- Testing is an execution-based activity within QC — it runs software to find defects
- Testing is a subset of QC, which operates under the umbrella of QA
- In practice, one person often performs all three roles, especially in smaller teams
- Understanding these distinctions helps you grow from test executor to quality leader