The Relationship between risk based testing (Risk Identification, Risk Assessment, Risk Mitigation), software testing and risk management.
A few years ago, I was reading a paper th at mentioned Risk Based Testing and it said:
Risk Based Testing is:
t his started a series of thoughts for me. First – I recognised those words, they are the simplified, generic stages of Risk Management th at you might read in any material dealing with risk management. Secondly, I have been in testing for over 20 years, I have worked in teams th at called themselves Risk Based many times but, although we spoke of risk o ften, we did not use these words to describe our activities. So … is it right to say th at t his is the Risk Based testing process? I had to have a pretty good think.
Risk Identification = Test Analysis
whe n we identify a test, we are identifying a risk. whe n we create a test to ensure th at the Log On function works, we do so specifically because there is a risk th at it will not work.
In Risk Assessment we put values on the likelihood and impact (at least) of the risks in order to put the list of risks identified into a meaningful order so th at we can manage the most serious ones first. In testing we examine which tests will cause more damage to the business (impact) and wh ere in the system defects are more likely to appear (likelihood) and order our tests to address the most significant ones first. We call t his Test Prioritisation.
Risk Assessment = Test Prioritisation
In Risk Mitigation we take actions to reduce the impact, or likelihood, or both, of the risks to bring the level of risk down to an acceptable level. In testing we act to reduce the probability of undetected defects going live down to an acceptable level (we can never guarantee th at software is defect free). We call t his action Test Execution. Test Execution reduces risk – Risk Management teaches us th at risks are unknowns; testing provides information and therefore reduces the unknowns.
Risk Mitigation = Test Execution.
So – the words all map to testing. Are they therefore correct – th at Risk Based Testing is Risk Management? Yes … and No.
The activities identified are not activities th at we only perform in Risk Based Testing, they are activities th at we perform in all forms of testing, therefore:
All testing is Risk Management.
We decided to put t his hypothesis to the test. I booked onto a risk management training course and qualification: M_o_R by Axelos. t his is a risk management method and qualification aimed at anyone involved in organisation / corporate risk management (and indeed any other form of risk management) and the other participants in the course were company directors, charity directors and civil servants.
My theory was th at, because testing is risk management and the activities of testing map to risk management activities, I would find th at t his mapping continued all the way through an in-depth risk management process. Because I am well versed in test management and testing principles, I should therefore find the course quite straight forward.
To cut the long story short the theory was proven correct – I found the course enjoyable and straight forward and I passed the foundation and practitioner exams with the highest scores in the class. The activities th at course took us through are the things th at we have slowly, over the 40 or so years since Myers wrote The Art of Software Testing, introduced to the testing process. Including scope definition, stakeholder management and the stages mentioned above. The most important difference is th at Risk Management have been working on t his process specifically. Their process is more in-depth throughout – the testing process has started from the mitigation activity of test execution and grown from there. It seems to me th at there are things for testers to learn from risk managers.
Next time I will start to examine what lessons we might learn from it.
Link to original PR: https://expleoacademy.com/int/risk-based-testing/
All training courses at Expleo Academy
About Expleo Academy
The Expleo Academy enables you to acquire and develop the right skills by delivering a suite of accredited training courses. With a global presence and reach, we deliver hundreds of training events to thousands of participants each year. We bring the knowledge and real experience of working with global companies and the flexibility of delivering public workshops, custom in-house solutions and blended learning approaches incorporating digital learning capabilities.
The Expleo Academy offers training courses in Management Consultancy, Business Agility, Continuous Quality, Software Engineering or even Private Events with detailed Learning pathways in Business Analysis, Change Management, Project / Program Management, Software Quality Analysis, Software Quality Management and Software Engineering.
Contact the Expleo Academy
Expleo Technology Ireland Ltd
30 North Wall Quay,
Dublin D01 R8H7
Tel +353 87 2355902
Verantwortlicher für diese Pressemitteilung:
Frau Patricia McGuire
North Wall Quay 30
D01 R8H7 Dublin
Herr Peter Sreckovic