An Approach for Risk-Based Testing
What is Risk in Software Testing?
In general, software testing involves establishing difference between product and its corresponding requirements in the form of defects. A defect in the application under test can lead to any kind of undesirable consequences both for the development organization and the end users. The potential for such undesirable consequences is usually referred to as risk. A test approach that takes account of risks involved in all phases is called risk-based testing.
Risk = Impact x Probability
Risk can be termed as a problem which is likely to occur (Probability) and when it occurs, will cause Loss (Impact)
Reasons to implement Risk Based Testing?
Risk Management should be part of the overall testing process, hence it should start early in the life cycle. The Risk management process should be started during Test planning phase after all the risk based modules have been identified and Risk factor values are derived. Thereafter it can also be employed during Test Execution phase, if required. In test execution phase, Risk Based testing approach ensures that appropriate testing activities are identified and prioritized based on risk. The most notable difference between traditional and risk-based testing approach is that risk-based testing brings formal risk assessment methods to the usual testing process.
Phases of Risk Based Testing Process –
(1) Identifying all functional modules of AUT (Application under test) –
QA team needs to identify all the functional modules applicable for the application under test.
(2) Assigning values for Probability & Impact to functional modules –
Have a table that illustrates all the identified modules and their corresponding probability, Impact and Risk Factors and circulate to all the representatives involved in the process. Get every representative to assign values for Probability of risk and Impact of the Risk for each of the modules. The values can be in the range of 1-10, the higher the probability/impact the higher the values should be.
(3) Risk Assessment –
Calculated the Risk factor for each module of the AUT = Probability X Impact, as seen below.
After all the representatives have filled in the values, take an average of the Risk factor values for each module which can be done by simply dividing the total Risk factor value for each module and divide it by the number of teams/representatives involved in assessing/assigning the values. This is the final values we are going to deal with. The more the risk factor value is the more that module needs to be thoroughly tested/all test cases needs to be executed.
(4) Test Planning based on Risk Assessment –
After the average Risk Factor has been derived in the previous step, the test plan should focus on the modules having higher Risk factor values (Modules 2 and 6 as in above example). Prioritize the requirements and test execution based on risk assessment. Look/plan for risk mitigation, in the above example the plan could be to test Modules 2 & 6 thoroughly by making sure all the test cases related to them are tested. Another possible plan could be that Modules 2 & 6 should be tested first and then depending on the time available, other modules would be taken care of. Whatever plan is decided / all the teams need to follow it to test the product keeping into account the risk-factor.
Advantages of Risk Based Testing –
- Firstly, it provides a method to prioritize tests against deadlines i.e. higher priority areas / all of the critical functions of the application are tested first thus leading to improved quality. Hence, QA is able to make best use of the resources available
- Less but more efficient test cases can be specified. In this case testing becomes a much more targeted and organized activity
- Problem areas are discovered early, preventive measures can be started immediately
- Overall testing strategies, goals and directions for testing can be focused and continuously adjusted against problem areas throughout the duration of test cycle by continuously monitoring risk
- If schedule requires, QA can drop tests in reverse risk order which in turn reduces the test execution period with the least possible increase in quality risk
Disadvantages of Risk Based Testing -
- Risks that are not found or marked too low may cause problem in future if they become a reality
- As the starting point of implementing Risk-based testing is to identify risk, it’s always difficult to select/include the right personnel for risk assessment
Some Important Points -
- Since it’s a collective activity taking into account everyone’s opinion, the chances of it being accurate and effective are higher
- The development team’s input is very important as they are the ones to better describe what might work and what might need additional verification
- Risk analysis in actual should be first done at project level and then at QA level. If time is the constraint as in many cases for QA, then this process should be used to get the best possible testing done