Comprehensive Quality Risk Assessment

Assessment: Assessment One – Quality Risk Assessment

School of Computing, Engineering & Mathematical Sciences

CSE3SMT Assignment 1

Dr Tafline Ramos

Wei Jun Wong 21164935

Task 01 – Quality Risk Assessment
Customer Name: PaperBag
System Name: PaperBag E-Commerce Platform

System Description:
PaperBag is a company that focuses on selecting a wide variety of products from different Asian
nations. Their new E-Commerce Platform will function as an all-inclusive internet store providing a
variety of products in various categories, such as beauty products, snacks, home appliances, and
more. The goal of the platform is to offer a smooth shopping experience like that of an Asian
grocery store, meeting the needs of customers searching for genuine and unique products.

System Feature:
Impact (Consequence)
Customer Account
Product Catalogue Management Very Low Low High Very High
Shopping Cart and Checkout
Payment Processing Insignificant Minor Major Catastrophic
Order Tracking
Out-of-Stock Notification Very High Almost Certain Medium High High Critical
Product Enquiry
Likelihood

High Likely Medium Medium High High

Low Unlikely Low Medium Medium Medium

Very Low Rare Low Low Low Medium

Risk Register:
Quality Sub-
Risk
Characteristic Characteristic
Functional Functional The platform's order
Suitability Completeness tracking feature does not
include real-time shipment
updates, which many
customers expect to have.
Functional Product search returns
Correctness inaccurate results
Functional The checkout process
Appropriateness requires users to create an
account before purchasing,
even though many users
may prefer a guest
checkout option.
Performance Time Behaviour The system experiences
Efficiency slow response times during
peak shopping periods.
Impact
Customers may feel
frustrated if they cannot
track their shipments
accurately, leading to
dissatisfaction and a higher
volume of customer support
inquiries
Customers may struggle to
find products, leading to
frustration and decreased
sales
Increased cart abandonment
rates and reduced user
satisfaction
Users may experience
delays, potentially causing
frustration and loss of sales
Risk Level Risk Mitigations
Medium Meet with stakeholders to ensure all
product features are captured.
Testing to ensure all necessary features
are functioning correctly.
High Create and evaluate search algorithms in
collaboration with relevant parties.
Test the search functionality by using
different input data.
Medium Designing user experiences and
conducting studies on usability.
Implement a guest checkout option to
reduce unnecessary steps and improve
the user experience.
High Conducting performance testing, including
load and stress tests, in order to evaluate
page load speeds.
Implement scalable cloud infrastructure to
handle traffic spikes by adding resources
dynamically.
 Resource Excessive CPU usage
Utilisation leading to server
slowdowns
Capacity The e-commerce platform
cannot handle the
expected surge in
concurrent users during a
promotional event when
new stock is launched.
Compatibility Co-existence The platform conflicts with
other applications running
on the same server
Interoperability The platform fails to
integrate with third-party
payment systems
Reduced system
performance and increased
operational costs
The platform exceeds its
capacity, users may
experience slow response
times or outages, preventing
them from accessing the site
or completing purchases.
Potential application crashes
or performance issues
Users cannot complete
purchases, leading to loss of
sales
Medium Improve algorithms and optimize
database queries.
Monitoring and profiling resource usage
while conducting tests.
High Planning for scalability and designing
infrastructure.
Analyse historical data from previous sales
events to estimate expected user loads
and prepare the infrastructure
accordingly.
Medium Test the platform in a staging
environment that mimics the production
setup.
High Implement standard APIs and conduct
integration design reviews and integration
testing with third-party systems.
Interaction Appropriateness Users do not recognize Decreased user satisfaction Medium Design user interfaces based on user
Capability recognisability how to request new items and potential for users not research and feedback.
(Usability) on the platform due to fully utilizing the platform Ensure that the "Request New Item"
unclear navigation. feature is prominently displayed within
the user interface.

Learnability New users find it difficult Increased training costs and Medium Provide user guides and interactive
to learn how to navigate reduced user adoption tutorials.
the platform Conduct user testing with new users.

Operability The platform is not Users may have a poor Medium Design responsive interfaces and test
intuitive to operate on experience and abandon the across devices.
different devices. platform

User error The platform does not Increased user errors, Medium Implement input validation and error-
protection prevent invalid inputs or potential data corruption, handling mechanisms in the design.
actions by users and poor user experience Conduct user testing with invalid input
scenarios to identify error handling issues.
User The platform's interface is
engagement not engaging or
motivating, leading to low
user interaction
Inclusivity The platform does not
support diverse user
backgrounds, including
accessibility for users with
disabilities
User assistance The platform lacks
adequate help and support
features for users
Self- The platform’s features
descriptiveness and functions are not
immediately obvious or
intuitive to users.
Reduced user activity and
lower customer retention
rates
Exclusion of potential users
and legal or ethical issues
related to accessibility
Increased user frustration
and reduced ability to use
the platform effectively
Users may struggle to
understand how to use the
platform, leading to a poor
user experience.
Medium Design with engaging visuals, interactive
elements, and gamification techniques
based on user research.
High Adhere to accessibility guidelines by
implementing features such as screen
reader compatibility and customizable
text sizes.
Medium Investigate user assistance features by
testing them with actual users to
guarantee they fulfil requirements and
can be readily accessed.
Medium Design with clear labels, tooltips, and
context-sensitive help to make features
self-explanatory.
Perform usability testing to ensure users
can understand and navigate features.
Reliability Faultlessness The platform has frequent User frustration and High Conduct thorough code reviews and unit
bugs or crashes potential data loss testing.
Perform defect tracking and analysis
during testing.

Availability The platform experiences Users cannot access the High Implement redundancy and failover
downtime or unavailability platform, leading to loss of mechanisms.
sales and reputation damage Monitor uptime and perform regular
system health checks

Fault tolerance The system is unable to System outages or crashes, High Design the system with redundancy to
continue operating leading to loss of service and handle faults.
correctly in the presence of user dissatisfaction Conduct fault tolerance testing to ensure
faults or errors the system can handle errors without
significant impact

Recoverability The system fails to recover Extended downtime, loss of Medium Implement automatic backup and
quickly and effectively data, and disruption to user recovery processes and ensure the system
from failures or crashes activities can restore to a stable state after failure.
Security Confidentiality Unauthorized access to Data breaches and loss of High Deploy robust authentication and
user data customer trust encryption protocols.
Carry out security assessments and
penetration tests.

Integrity Data corruption or Loss of data accuracy and High Carry out validation of data and ensure its
unauthorized reliability integrity.
modifications Conduct testing and audits to ensure data
integrity.

Non-repudiation Users can deny their Difficulty in identifying the High Consistently check logs and audit trails to
actions within the system, malicious actions or errors verify that all activities are accurately
leading to disputes or documented and can be linked back to the
issues with accountability accountable user.

Accountability The system does not track Difficulty in enforcing Medium Design user roles and permissions
and attribute user actions policies, and inability to audit carefully, ensuring that all actions are
and system changes system activity logged and traceable.
 Authenticity The system cannot verify Unauthorized access to Critical Conduct security evaluations and
the identity of users sensitive data and cause penetration testing to uncover potential
data breaches vulnerabilities in authentication and data
integrity measures.

Resistance System is vulnerable to Security breaches, data loss, High Employ modern security measures like
malware and cyber attack and unauthorized access to encryption and anti-malware tools to
system resources safeguard the system from potential
threats.

Maintainability Modularity The lack of modularity in Increased cost and time to Medium Follow to coding guidelines and
the codebase presents implement updates or fixes methodologies.
difficulties in maintaining Perform code reviews and analyse
components. refactoring.

Reusability Components are not Increases development Low Create a shared component library to be
reusable across different inconsistency across the used across multiple features.
parts of the platform platform
 Analysability Poor error logging and Slow response to issues, High Implement comprehensive logging
monitoring, making it longer downtimes, reduced practices and monitoring systems and set
difficult to identify the root customer satisfaction. up real-time alerts for errors to catch
causes of issues potential issues

Modifiability Parts of the system are Risk of breaking other parts Medium Gradually update the code to make each
difficult to modify because of the system when making part more independent. Keep
components are too updates documentation of how parts are
dependent on each other connected

Testability Difficulty in testing due to Increased difficulty in Medium Create a design that is easily testable by
lack of testability features identifying and fixing defects incorporating clear interfaces and logging.
in the system Conduct assessments of testability and
test functions.

Flexibility Adaptability System is not easily Loss of competitive edge, Medium Use a modular, service-oriented
adaptable to new features failure to meet market architecture to enable easy feature
demands additions and updates.
 Scalability The platform cannot scale Performance degradation High Design for scalability and use scalable
to handle increased load and potential outages during cloud infrastructure.
peak times Perform load and stress testing.

Installability Difficulties during the Delays in deployment and Low Offer comprehensive installation
installation and setup user frustration instructions and automatic setup scripts.
process Perform test installations and collect
feedback.

Replaceability Difficulty in replacing or Increased downtime and Medium Design for modularity and ease of
upgrading the system with operational impact replacement.
minimal disruption Perform replacement and upgrade testing.

Safety Operational The platform operates Data breaches and loss of Critical Deploy robust authentication and
constraint outside safe operational customer trust encryption protocols.
limits Carry out security assessments and
penetration tests.
Risk Data corruption or Loss of data accuracy and High Carry out validation of data and ensure its
identification unauthorized reliability integrity.
modifications Conduct testing and audits to ensure data
integrity.

Fail safe Users can deny their Difficulty in identifying the High Consistently check logs and audit trails to
actions within the system, malicious actions or errors verify that all activities are accurately
leading to disputes or documented and can be linked back to the
issues with accountability accountable user.

Hazard warning The system does not track Difficulty in enforcing Medium Design user roles and permissions
and attribute user actions policies, and inability to audit carefully, ensuring that all actions are
and system changes system activity logged and traceable.

Safe integration The system cannot verify Unauthorized access to Critical Conduct security evaluations and
the identity of users sensitive data and cause penetration testing to uncover potential
data breaches vulnerabilities in authentication and data
integrity measures.
Project Risk Register:

Quality Characteristic Risk Impact Risk Level Risk Mitigations

Reputation Risk Frequent downtimes or Loss of customer loyalty, High Execute thorough testing and quality assurance
security vulnerabilities, negative reviews, and procedures.
leading to a damaged reduced sales. Create and implement a strategy for handling and
reputation. communicating during a crisis.

Resourcing Risk Testing staff may not Poor quality of testing Low Offer essential training and guarantee that personnel
have the required and potentially possess the necessary skills.
capabilities to deliver undetected defects. Administer skill evaluations and offer continuous
the recommended assistance.
testing.

Budget The testing budget may Incomplete testing Medium Create a thorough budget that includes extra funds for
be insufficient to cover leading to potential unforeseen expenses.
all necessary testing defects in the final Continuously assess and modify the budget in accordance
activities. product. with testing requirements.

Schedule The project schedule Reduced testing Medium Develop a comprehensive project timeline with
may not allow enough coverage, leading to designated time for extensive testing.
time for potential undiscovered Keep track of the progress and make changes to the
comprehensive testing. defects. schedule as necessary to meet testing requirements.
Environments The test environment Delays in testing and Medium Develop monitoring and maintenance strategies for the
may become potential disruptions in testing environment.
unavailable the project timeline. Ensure there is a backup system or plan for recovery in
unexpectedly. case of emergencies.

Defects Greater numbers of Increased development Medium Perform thorough testing and validation in order to
defects and lower and maintenance costs, discover and resolve any defects.
initial reliability due to potential user Execute iterative development and incorporate feedback
unproven software. dissatisfaction. loops.

Tools Testing tools are not Ineffective testing due to Medium Obtain required tools at the beginning of the project.
supported by the inadequate tools, leading Make sure that funds and resources are designated for
budget and resource to potential undetected obtaining and upkeeping tools.
capabilities. defects and project
delays.
Regulations & The system fails to Legal issues, fines, and High Recognize and incorporate all applicable rules into the
Compliance meet required project delays. project right at the beginning.
regulatory and Perform routine compliance audits and seek advice from
compliance standards professionals.
2f. Document your assumptions (minimum 5 assumptions).
Ans:
1. Stable Regulatory Environment:
Assumption: The regulatory and compliance requirements for e-commerce platforms remain stable throughout the project. Changes in
regulations are either minimal or managed in a timely manner.

2. Sufficient Resources and Budget:

Assumption: The project has access to adequate resources and budget to cover the costs of testing tools, compliance measures, and other
necessary elements. Any changes in scope or additional costs are managed within the project constraints.

3. Access to Key Stakeholders:

Assumption: Key stakeholders, including business users and technical experts, are available and responsive throughout the project. Their input
is essential for requirements gathering, testing, and compliance.

4. Availability of Testing Tools:

Assumption: The required testing tools are available and compatible with the project’s needs. Budget constraints or resource limitations do not
prevent the acquisition or effective use of these tools.

5. Effective Communication Channels:

Assumption: There are established and effective communication channels among project teams, stakeholders, and users. This ensures timely
feedback, issue resolution, and successful implementation of mitigations.
Task 02 – AI-Generated Quality Risk
Generative AI Tool: ChatGPT (https://chatgpt.com/)

Prompt:
1. I'm doing a risk register for an e-commerce platform name Paperbag that can buy variety products from Asian nations. Please
conduct a quality risk assessment based on the quality characteristics and sub-characteristics in the ISO/IEC 25010 product
quality model.

2. I need it with quality characteristics, sub-characteristics, risk, impact, risk level and risk mitigations (including preventative
and detective testing & QA activities that can mitigate each risk)

3. Now do 8 project risk types (Reputation, Resourcing, Budget, Schedule, Environments, Defects, Tools, Regulations &
Compliances.

4. Generate 3 risk types that you think could be add in to the ISO/IEC 25010 product quality model’s.
AI Risk Register:

Quality Sub- Risk

Risk Impact Risk Mitigations
Characteristic Characteristic Level
Functional Functional Missing critical Essential features missing High Preventative: Perform stakeholder
Suitability Completeness functionalities, such as from the platform may interviews to ensure that all required
out-of-stock notifications result in user frustration, functionalities are included.
or certain payment lower customer Detective: Execute functional testing
options. satisfaction, and lost sales. and use acceptance tests to confirm
completeness of features.
Functional Incorrect product pricing, Misleading prices or High Preventative: Implement unit testing
Correctness faulty order processing, incorrect order handling for critical features like pricing and
or improper inventory can lead to financial losses, order management.
management. customer complaints, and Detective: Perform manual and
damaged reputation. automated tests to ensure accuracy of
key functions.
*Functional Non-intuitive product Users may find it difficult to Medium Preventative: Conduct usability studies
Appropriateness search or checkout complete purchases, to evaluate the appropriateness of the
processes may not meet leading to a poor user platform for common tasks.
user expectations. experience and loss of Detective: Perform user acceptance
conversions. testing (UAT) and gather user feedback
for improvements.
Performance *Time Slow response times Slow page loads can High Preventative: Implement performance
Efficiency Behaviour during peak usage, frustrate users, increase optimizations like caching, database
especially during flash cart abandonment rates, indexing, and load balancing.
sales or promotions. and reduce overall sales. Detective: Conduct load and stress
testing to simulate high traffic and
evaluate system performance.

Resource Inefficient use of server Excessive server resource Medium
Utilisation resources leading to high consumption can increase
operating costs. costs and cause system
slowdowns during heavy
use.
Preventative: Optimize code and
architecture to ensure efficient use of
hardware resources.
Detective: Use monitoring tools to
analyse resource usage and adjust
infrastructure as needed.

*Capacity The platform may not Inability to scale can lead High Preventative: Implement cloud-based
scale to handle a large to downtime, missed sales, infrastructure that scales automatically
number of users, and frustrated customers. with demand.
particularly during sales Detective: Perform scalability testing to
or promotional events. evaluate how the platform behaves
under increasing loads.

Compatibility *Co-existence The platform may conflict System failures or service High Preventative: Ensure proper system
with other software or interruptions may occur architecture planning and isolation of
services running on the due to compatibility issues. services.
same infrastructure (e.g., Detective: Conduct integration testing
payment gateways). with all third-party systems.
 Interoperability The platform may not
integrate well with
external systems (e.g.,
third-party shipping
providers).
Interaction * Users may not
Capability (Usability) Appropriateness understand the purpose
recognisability of certain functions, such
as filters or account
features.
Learnability Users may find it difficult
to learn how to use the
platform quickly.
*Operability The platform may be
difficult to navigate on
mobile devices.
Lack of integration can lead
to inefficient workflows or
manual processes.
Poor usability may lead to
low engagement or high
abandonment rates.
Poor learnability can lead
to high bounce rates and
decreased customer
retention.
Poor mobile operability can
result in lost sales from
mobile users.
Medium Preventative: Use standard APIs and
integration protocols.
Detective: Test interoperability with all
external systems, including API testing.
Medium Preventative: Implement intuitive
design principles and user-cantered
design processes.
Detective: Conduct usability testing
with target users to ensure clarity of
functionality.
Medium Preventative: Provide clear guidance,
tutorials, or tooltips for new users.
Detective: Monitor user behaviour
through heatmaps and session
recordings to identify usability issues.
High Preventative: Follow responsive design
practices and optimize the UI for mobile
users.
Detective: Conduct cross-device and
cross-browser testing to ensure
operability across platforms.
User error Users may accidentally This can lead to failed Medium Preventative: Implement validation
protection submit incorrect orders and increased rules for inputs (e.g., address or
information during customer support payment information).
checkout (e.g., wrong demands. Detective: Perform user error testing
shipping address). scenarios to identify common issues

*User The platform's interface Low customer satisfaction, High Preventative: Implement user-cantered
engagement might not be engaging or decreased sales, and design (UCD) principles, focusing on
intuitive enough, reduced repeat customers. intuitive navigation, aesthetic design,
resulting in poor user and user feedback loops.
retention and high Detective: Conduct usability testing,
bounce rates. gather user feedback through surveys,
and analyse user behaviour metrics like
session duration and bounce rates.
Inclusivity The platform may not Excluding users with Medium Preventative: Adhere to WCAG
comply with web disabilities can lead to loss accessibility guidelines during design
accessibility standards, of potential customers and and development.
making it difficult for legal issues. Detective: Conduct accessibility audits
users with disabilities to and use screen readers to test
navigate. compliance.

User Assistance Insufficient or unclear Increased customer Medium Preventative: Implement clear user
guidance for users during support requests, assistance mechanisms such as tooltips,
their interaction with the abandoned carts, and FAQs, help chatbots, and guides for
platform, especially frustrated users who may critical functions (checkout, payment).
during complex tasks like not complete transactions. Detective: Perform heuristic
payment processing or evaluations and A/B testing on the
account creation placement and effectiveness of user
assistance features.
 *Self- Users may struggle to Poor user experience, Medium Preventative: Ensure all buttons, forms,
descriptiveness understand the purpose higher error rates, and and navigation elements are clearly
of certain actions or potential cart labelled and use familiar icons and
elements on the abandonment due to terminology.
platform, leading to confusion during checkout Detective: Conduct task analysis and
confusion and errors. or product selection. usability testing to identify areas where
users might be confused and make
improvements based on feedback.
Security *Confidentiality Unauthorized access to Data breaches can result in Critical Preventative: Implement encryption,
customer data (e.g., legal issues, loss of secure authentication (e.g., multi-factor
through weak password customer trust, and authentication).
protection) financial loss. Detective: Conduct regular security
audits and penetration tests to identify
vulnerabilities.

Integrity Data could be tampered Compromised data Critical Preventative: Implement checksum
with during transactions integrity can result in validation and transaction integrity
(e.g., order amounts financial loss and erode checks.
altered). customer confidence. Detective: Test for data integrity
through transactional testing and
validation processes.

*Non- Users may deny placing Lack of non-repudiation Medium Preventative: Implement digital
repudiation orders, leading to can result in legal and signatures and audit trails for all
disputes over financial issues. transactions.
transactions. Detective: Conduct tests to ensure
transaction logs are accurate and
tamper-proof.
 Accountability Actions taken on user Lack of accountability could Medium Preventative: Implement detailed
accounts (e.g., order result in disputes or fraud. logging and tracking for all user actions.
cancellations or returns) Detective: Audit system logs to ensure
may not be properly all actions are properly recorded and
attributed. attributed.

Authenticity Users or systems could Impersonation could lead Critical Preventative: Use strong authentication
impersonate other users, to fraudulent transactions protocols (e.g., OAuth, SSL certificates).
leading to unauthorized or data breaches. Detective: Monitor for suspicious login
actions. activity and enforce secure session
management.

Resistance The system may be High. Breaches in security High Preventative: Implement strong
vulnerable to can lead to loss of encryption protocols and firewalls to
unauthorized access, data customer trust, legal resist unauthorized access. Regular
breaches, or denial-of- penalties, and significant security audits and vulnerability
service (DoS) attacks, financial costs. assessments should be conducted.
compromising user data Detective: Continuously monitor for
or causing system security breaches using intrusion
downtime. detection systems (IDS) and conduct
penetration testing to identify
vulnerabilities.
Maintainability Modularity Poorly designed modules Increased development Medium Preventative: Use proper design
could lead to tightly time, higher maintenance patterns (e.g., modular and decoupled
coupled code, making it costs, and greater risk of architecture) to ensure separation of
difficult to maintain or introducing bugs during concerns.
update specific sections updates. Detective: Perform code reviews and
without affecting others. static code analysis to ensure modules
are properly designed.
*Reusability Code may not be
reusable across different
parts of the system,
leading to code
duplication and
maintenance challenges.
Analysability Difficulty in analysing and
identifying the root cause
of issues or defects within
the system due to lack of
proper logging or
documentation.
Modifiability Code may be difficult to
modify or extend,
especially if not designed
with future updates in
mind.
Testability The system may be
difficult to test, especially
if components are not
decoupled or unit tests
are not implemented.
Increased technical debt Medium
and complexity in
maintaining multiple
versions of similar
functionalities.
Increased time to resolve Medium
bugs, leading to downtime
and potentially lost
revenue.
High cost of implementing Medium
changes or fixing bugs,
leading to slower
development cycles.
Lower test coverage, High
increased likelihood of
defects going undetected,
and higher maintenance
costs.
Preventative: Implement reusable
components and libraries.
Detective: Conduct code reviews to
check for duplication and assess code
reusability.
Preventative: Implement robust logging
and documentation practices.
Detective: Use automated logging
analysis tools and perform regular
audits of system logs.
Preventative: Follow SOLID principles in
code design and development.
Detective: Use code analysis tools to
assess the modifiability of the system
during development.
Preventative: Implement unit tests and
ensure high test coverage for all
modules.
Detective: Conduct regular test audits
and automate testing processes where
possible.
Flexibility Adaptability The platform may not be
easily adaptable to new
business requirements or
changes in market trends.
*Scalability The system may not be
able to scale efficiently to
handle increased traffic,
orders, or product
offerings.
*Installability New updates or
installations of the
platform may be
complex, leading to
prolonged downtime or
errors during
deployment.
Replaceability It may be difficult to
replace certain
components or integrate
third-party solutions due
to tightly coupled code.
Increased costs and time
required to implement
changes, slowing down the
business's ability to
respond to opportunities.
Potential system downtime
during peak traffic, leading
to lost sales and poor user
experience.
Operational inefficiencies
and customer frustration
due to extended system
downtime during updates.
Increased cost and time in
replacing outdated or
underperforming
components, resulting in
operational delays.
Medium Preventative: Use a flexible
architecture (e.g., microservices) to
allow for easy changes and updates.
Detective: Regularly review system
architecture to ensure it can
accommodate new requirements.
High Preventative: Design for scalability by
using cloud infrastructure with auto-
scaling capabilities.
Detective: Perform scalability testing
under simulated peak loads.
Medium Preventative: Use automated
deployment pipelines (CI/CD) to
streamline installations.
Detective: Perform installation testing
in a staging environment before
deployment.
Medium Preventative: Design the system using
loosely coupled components and
standardized APIs.
Detective: Conduct integration tests to
ensure new components can be
replaced without issues.
Safety Operational The system may not
constraint handle operational
constraints well (e.g.,
server downtime, or
sudden loss of power),
leading to data loss.
Risk Inadequate identification
identification of potential risks, such as
vulnerabilities in payment
processing or data
storage.
Fail safe The system may not fail
safely in the event of a
critical error (e.g.,
incorrect transactions
during server crashes).
Hazard warning The system may not
provide timely hazard
warnings for operational
risks such as nearing
system capacity or
payment failures.
System failures or data
corruption can disrupt
operations and impact
customers.
Unidentified risks can
result in serious issues like
data breaches or financial
loss.
Data corruption or loss of
financial transactions could
lead to legal issues and
customer dissatisfaction.
Failure to address hazards
early can lead to system
outages or financial
discrepancies.
High Preventative: Implement redundancy
and failover systems to handle
operational constraints.
Detective: Conduct disaster recovery
testing to ensure systems can recover
after failures.
High Preventative: Conduct regular risk
assessments and threat modelling
during system development.
Detective: Perform security audits and
penetration testing to uncover hidden
risks.
Critical Preventative: Implement fail-safe
mechanisms (e.g., rollback transactions
in case of failures).
Detective: Simulate failure scenarios in
a controlled environment to verify fail-
safe mechanisms.
Medium Preventative: Implement real-time
monitoring and alert systems to warn
operators of potential issues.
Detective: Test the alert system
periodically to ensure it works
effectively in real-time.
 Safe integration Integration with external Poor integration security High Preventative: Use secure APIs and
systems (e.g., payment could result in data implement strict
gateways, third-party breaches or system authentication/authorization for
APIs) may not be secure, compromises. external system access.
leading to potential Detective: Conduct integration security
vulnerabilities. testing and regularly review third-party
system updates for vulnerabilities.

AI Project Risk Register:

Quality Risk
Risk Impact Risk Mitigations
Characteristic Level
Reputation Risk System failure could lead Severe impact on the Medium Preventative:
to negative publicity, loss company's reputation, Implement robust security measures (e.g., encryption,
of revenue, and loss of potential loss of market firewalls).
customers. share, and decreased Detective:
customer trust. Utilize real-time monitoring tools for system health.
Conduct post-incident reviews to identify root causes of
issues.
Resourcing Risk Insufficient staff to manage Missed deadlines and Medium Preventative:
testing activities, causing untested components. Ensure adequate staffing and training for test management
delays. roles. Cross train team members to cover for absences.
Detective:
Regularly review resource allocation and adjust as
necessary. Use project management tools to track
workload and progress.
Budget Budget limitations that Critical defects may go High Preventative:
restrict comprehensive undetected, leading to costly Allocate sufficient budget based on thorough risk
testing. fixes later. assessments. Prioritize testing activities in budget
planning.
Detective:
Regularly review budget utilization and adjust allocations
based on testing needs.
Schedule Inadequate time for Defective features may be Medium Preventative:
thorough testing, leading released, affecting customer Include buffer times for testing in the project schedule.
to insufficient test experience. Plan for iterative testing throughout the development
coverage. cycle.
Detective:
Track progress against timelines and adjust plans as
needed.
Environments Incomplete or inaccurate Defects may emerge in High Preventative:
test environments that production that were not Establish early setup of test environments that reflect
don’t mirror production. caught in testing. production settings. Use virtualization to create
production-like test environments.
Detective:
Regularly validate test environments to ensure they
remain accurate. Conduct environment readiness reviews
before testing phases.
Defects High number of defects in Delays due to extended bug High Preventative:
new customizations for the fixing and retesting phases. Implement continuous integration and continuous
platform. deployment (CI/CD) practices. Conduct code reviews and
static analysis during development.
Detective:
Utilize automated testing to catch defects early. Perform
regular defect analysis to identify common issues.
 Tools Limited access to Slower releases and more Medium Preventative:
automated testing tools or potential for human error Invest in reliable testing tools and ensure they are user-
inadequate expertise with during manual testing. friendly. Provide comprehensive training on tool usage for
the tools. the team.
Detective:
Monitor tool performance and usage metrics to ensure
effectiveness. Conduct regular reviews to identify areas for
tool optimization.
Regulations & Non-compliance with data Fines, legal actions, and High Preventative:
Compliance privacy regulations like damage to customer trust. Implement strict data handling and security policies.
GDPR, leading to legal Conduct regular training on compliance for the
penalties. development team.
Detective:
Perform audits and assessments to ensure ongoing
compliance. Use compliance tracking tools to monitor
adherence to regulations.

Task 03 – Compare the Results

5a. Did the AI tool generate any risks that were not included in your risk register?
Ans:
I found that many of the risks generated by the AI differed from what I originally anticipated. The AI covered a broader range of
risks, which actually encompassed some of the concerns I had previously identified. For example, the AI's emphasis on "user error
protection" was particularly insightful; it addressed the risk of users submitting incorrect information, which I hadn't considered.
Additionally, while I primarily focused on development-related risks, the AI highlighted several important testing-related risks that I
believe are also crucial to consider.

5b. Were any ISO/IEC 25010:2023 product quality sub-characteristics missed by the AI tool?
Ans:
The AI tool did not provide outputs for the following sub-characteristics:
• Usability: User Error, User Engagement, Inclusivity, User Assistance, Self-descriptiveness
• Reliability: Recoverability
• Security: Accountability, Authenticity, Resistance
• Maintainability: Modifiability, Testability
• Flexibility: Replaceability
• Safety: Hazard Warning, Safe Integration
I believe the AI missed these sub-characteristics because my prompts were not specific enough, leading it to generate only
basic information for the initial sub-characteristics. Every sub-characteristic is important for the overall quality of the system. Even if
some risks are considered low, they still exist. However, if I had to point out which one would most impact the system’s quality, I
believe “Security” would be the most critical. In today’s world, where cybercrime is rampant, any aspect of security could have a
significant effect on the system.

5c. Did the AI tool introduce any new risk types that were not included in the ISO/IEC 25010:2023 product
quality model?
Ans:
I was surprised that the AI seemed to already be aware of the risk types in ISO/IEC 25010, and as a result, it did not introduce any
new risk types. However, I did try asking ChatGPT if it could suggest new risk types, and it provided the following:
• Ethical and Legal Risks
o Definition: Risks related to ethical concerns or legal implications of the system’s behaviour. This could include issues
like data privacy violations, biased algorithms, or failure to meet regulatory requirements.
o Examples: Non-compliance with GDPR (General Data Protection Regulation), bias in AI recommendations, or use of
customer data in unethical ways.
• Sustainability Risks
 o Definition: Risks associated with the system’s environmental and economic sustainability. These risks could relate to
high resource consumption, lack of adaptability to more sustainable processes, or excessive waste (e.g., energy or
hardware).
o Examples: The system requires too much energy, increasing operational costs and environmental impact, or it
cannot be adapted to greener technologies.
Upon reviewing the suggestions, I found that Ethical and Legal Risks were already mostly covered by the existing quality model,
so I don’t believe they would add much value. However, the Sustainability Risk offers a fresh perspective on project risk,
particularly focusing on environmental sustainability. Therefore, I think sustainability is a valuable point to consider adding,
especially in the context of eco-friendliness and responsible resource management.

5d. Which approach to risk identification do you think could result in a higher-quality system – task 1,
task 2, or a combination?
Ans:
I would recommend a combination approach because my own experience may be limited, and the risks I can think of under the
quality model may not cover all possibilities. By using a combination, the AI tool can analyse the same characteristic from different
angles and reveal risks I might not have considered.
Therefore, combining both approaches is the best option, as the AI can help fill in the gaps in my experience and identify more
potential risks. This will contribute to developing a higher-quality system and prevent risks from occurring.