Risk-based Testing – An effective measure to deal with Risks in Software Testing
Before explaining Risk based testing, it is necessary to know what we mean by Risk in software testing. A Risk is the possibility of a negative or undesirable event or outcome. It is basically a possible problem. We need to handle risk because if it happens then it may cause a very negative impact.
Risk based testing is basically a testing done for the project based on risks. It uses risk to prioritize and emphasize the appropriate tests during test execution. In simple terms – Risk is the probability of occurrence of an undesirable outcome. This outcome is also associated with an impact. Since there might not be sufficient time to test all functionality, Risk based testing involves testing the functionality which has the highest impact and probability of failure. Risk-based testing also means managing project risks, which are possible events or outcomes that endanger successful completion of the project.
How to perform risk based testing?
- Make a prioritized list of risks.
- Perform testing that explores each risk.
- As risks evaporate and new ones emerge, adjust your test effort to stay focused on the current crop.
Risk based testing involves both mitigation and contingency:
Mitigation – Mitigation is done to reduce the likelihood of defects.
Contingency – In case if the risk becomes an outcome there should be a plan to reduce the risk impact.
Risk based testing also involves risk analysis to remove or prevent defects by non-testing activities and to select the testing activities to be performed.
For risk based testing you should start with product risk analysis. Techniques used for this are:
- Thoroughly reading the software requirements specification, design documents and other documents.
- Brainstorming with the project stakeholders.
Benefits of Risk-based Testing
- Improved quality – All of the critical functions of the application are tested.
- Running the tests in risk order gives the highest likelihood of discovering defects in severity order.
- Overall test goals, strategies and directions for testing can be focused and continuously adjusted against problem areas.
- Risks can be continuously monitored to know the status of the project and its quality.
- Associate the product risk to the requirement identifies gaps.
- Allocating test effort based on risk is the most efficient way to minimize the residual quality risk upon release (pick the right tests out of the infinite cloud of possible tests)
- Improve customer satisfaction – Due to customer involvement and good reporting and progress tracking.
- During testing, test reporting always takes place in a language (risks) that all stake-holder understands.
- Problem areas are discovered early. Preventive activities can be started immediately.
- Better strategies and test objects/cases can be selected.
- Provides a negotiating instrument to client and test manager similar when existing means are limited.
- Measuring test results based on risk will allow the organization to know the residual level of quality risk during test execution and to make smart release decisions.
- Give more focus on risks of the business project instead of the functionality of the information system.
- Less but more efficient test cases can be specified.
- A better and more focused tests and risk analysis are performed.
- If schedule requires, dropping tests in reverse risk order reduces the test execution period with the least possible increase in quality risk (give up tests you worry about the least)
- Projects are able to define when to stop testing.
- Test cases can be reduced and focused on the most critical areas.
Although risk-based testing has several advantages, it also includes some disadvantages:
- One disadvantage is that there may be unrecognized risks involved and risks that are assessed to be too low. However, this only causes problems if the risks will become a reality. This disadvantage also emphasizes the importance of risk identification and analysis processes as a basis of risk-based testing approach.
- Another weakness is that risk assessment can be based on too subjective criteria. The reason for that is simply the lack of reliable objective criteria and in that case it is quite common to trust to experts’ judgments. This fluently leads to the next weakness which is the difficulty to identify and select the right stakeholders for risk assessment.
Why do we use Risk-based Testing?
- Because there is never enough time to test everything.
- Test is at the end of the project
- There are always compromises about testing.
- The task of testing is to measure and fight risk.