Risk based testing is performed based on the identification of risks involved in the project. Risk is the possibility of failure in the projects. Risk is the occurrence of the uncertain events with the positive or negative effect. This uncertain effect could have impact on business, cost, technical and quality targets of the projects.
Risks can be either positive or negative. They are explained as below.
Positive: It is the opportunity and help in business sustainability. For example investing in new projects, changing business processes etc.
Negative: these are the threats which recommend to be eliminated for the success of the project.
Risks can also be broadly classified as:
- Project risk
- Product risk
The project risk can be the problems other than those in the software. For example: incomplete or incorrect requirements, inaccurate estimates of resources, staff issues, inadequate skills of project team, business issues, political issues, technical issues, supplier issues and so on.
The product risk is associated with the risk in the specific quality characteristics of the software. The product risks include: defective software, software does not meet client requirements, defect in the structure of software, defect in quality characteristics of software etc
So generally the risk based testing is the process of giving priority to the feature’s project modules and functions under the application. It involves assessing the risk based on the complexity, business criticality, usage frequency and visible areas.
Risk management process:
The steps to understand the risk management process are
- Risk identification: This is done by conducting risk workshops, checklists, brain storming and interviewing. Risk register is a spread sheet which has a list of identified risks and its root causes. It is mainly used to track the risks throughout the life of the project.
- Risk Analysis: Once the list of risks are identified, the next step is to analyse them and filter the risk based on the significance.
- The risk response planning: After analysis we can decide, if the risks require any response. Some risks require response on project planning and some risk require response on project monitoring some does not require any response at all.
- Risk monitoring and control: Risk control and monitor process is used to identify the risks, monitor some residual risks, identify some new risks and update risk register and analyse the reason for change and execute risk response plan and monitor risk triggers.
Risk increases with change in technology, the size of the project, length of the project and shortage of appropriate skills. Risk analysis is performed when there are changes in requirements or new requirements requested by the client. The impact of risk is analysed for conducting the risk based testing.
How to manage Risk Based Testing?
- What are the advantages of risk based testing?