5.5 Risk and testing (K2)

Risk can be defined as the chance of an event, hazard, threat or situation occurring and its
undesirable consequences, a potential problem. The level of risk will be determined by the likelihood of an adverse event happening and the impact (the harm resulting from that event).

5.5.1Project risks (K2)
Project risks are the risks that surround the project’s capability to deliver its objectives, such as:
§ Organizational factors:
- skill and staff shortages;
- personal and training issues;
- political issues, such as
=   problems with testers communicating their needs and test results;
=   failure to follow up on information found in testing and reviews (e.g. not improving development and testing practices).
= improper attitude toward or expectations of testing (e.g. not appreciating the value of finding defects during testing).
§ Technical issues:
- problems in defining the right requirements;
- the extent that requirements can be met given existing constraints;
- the quality of the design, code and tests.
§ Supplier issues:
- failure of a third party;
-  contractual issues.

When analyzing, managing and mitigating these risks, the test manager is following well established project management principles. The ‘Standard for Software Test Documentation’ (IEEE 829) outline for test plans requires risks and contingencies to be stated.

5.5.2Product Risks (K2)
Potential failure areas (adverse future events or hazards) in the software or system are known as
product risks, as they are a risk to the quality of the product, such as:
§ Failure-prone software delivered.
§ The potential that the software/hardware could cause harm to an individual or company.
§ Poor software characteristics (e.g. functionality, security, reliability, usability and performance).
§ Software that does not perform its intended functions.

Risks are used to decide where to start testing and where to test more; testing is used to reduce the risk of an adverse effect occurring, or to reduce the impact of an adverse effect.
Product risks are a special type of risk to the success of a project. Testing as a risk-control activity provides feedback about the residual risk by measuring the effectiveness of critical defect removal and of contingency plans.
A risk-based approach to testing provides proactive opportunities to reduce the levels of product risk, starting in the initial stages of a project. It involves the identification of product risks and their use in guiding the test planning and control, specification, preparation and execution of tests.

In a risk-based approach the risks identified may be used to:
§ Determine the test techniques to be employed.
§ Determine the extent of testing to be carried out.
§ Prioritize testing in an attempt to find the critical defects as early as possible.
§ Determine whether any non-testing activities could be employed to reduce risk (e.g. providing training to inexperienced designers).

Risk-based testing draws on the collective knowledge and insight of the project stakeholders to
determine the risks and the levels of testing required to address those risks.

To ensure that the chance of a product failure is minimized, risk management activities provide a
disciplined approach to:
§ Assess (and reassess on a regular basis) what can go wrong (risks).
§ Determine what risks are important to deal with.
§ Implement actions to deal with those risks.

In addition, testing may support the identification of new risks, may help to determine what risks
should be reduced, and may lower uncertainty about risks.


Post a Comment