Risk and Testing

Software Quality
Assurance
Telerik Software Academy
http://academy.telerik.com
 The Lectors
 Snejina Lazarova
Project Manager
BI & Reporting Team

 Dimo Mitev
QA Architect
Backend Services Team

2
 Table of Contents
 Risk and Testing – Main Concepts
 Product Risks
 Project Risks
 Risk-Based Testing
 Risk Management
 Risk Identification
 Risk Analysis (Assessment)
 Risk Control

3
Risk and Testing
Main Concepts
 Risk
 Risk
 The possibility of a negative or
undesirable outcome or event
 Any problem that may occur would
decrease perceptions of product
quality or project success

5
 Types of Risk
 Two main types of risk are
concerned
 Product (quality) risks
 The primary effect of a potential
problem is on the product quality
 Project (planning) risks
 The primary effect is on the project
success
 Factors relating to the way the work
is carried out
6
 Levels of Risk
 Not all risks are equal in
importance
 Factors for classifying the level of
risk:
 Likelihood of the problem occurring
 Arises from technical considerations
 E.g. programming languages used,
bandwidth of connections, etc.
 Impact of the problem in case it
occurs
 Arises from business considerations 7
 Levels of Risk - Chart

RISK

Impact Likelihood
(Probability of
(damage)
failure)

Use Lack of
frequency quality

8
Product Risks
 Product Risk
 What is a product risk?
 The possibility that the system or
software might fail to satisfy some
reasonable customer, user, or
stakeholder expectation
 Also referred to as "quality" risk

10
 Typical Product Risks
 What does "unsatisfactory
software" mean?
 Omitted key functionality
 Unreliable and frequently fail to
behave normally
 Might cause financial or other
damage to users
 Poor software characteristics
 Low security, usability,
maintainability or performance
11
Project Risks
 Typical Project Risks
 Organizational factors:
 Skill, training and staff shortages
 Complexity of the project team /
organization
 Inadequate expectations or
improper attitude toward testing
 E.g., not appreciating the value of
testing

13
 Typical Project Risks (2)
 Technical issues:
 Ambiguous, conflicting or non-
prioritized requirements
 Excessively large number of
requirements
 High system complexity
 Quality problems with the design,
the code or the tests
 Insufficient or unrealistic test
environments
14
 Typical Project Risks (3)
 Supplier issues:
 Failure of a third party
 Contractual issues

15
Risk-Based Testing
 Risk-Based Testing
 What is Risk-based testing?
 An approach to testing that aims to:
 Reduce the level of product risks
 Inform stakeholders on their status
 Starts in the initial stages of a
project
 Involves the identification of
product risks and their use in
guiding the test process

17
Risk Management
 Primary Activities
 Risk management includes three
primary activities:
 Risk identification
 Risk analysis
 Assessing the level of risk
 Risk control
 Mitigation
 Contingency
 Transference
 Acceptance
19
Risk Identification
 Risk Identification
Techniques
 Product and quality risks can be
identified
 Expert interviews
 Project retrospectives
 Risk workshops and brainstorming
 Checklists
 Calling on past experience

21
 Include Stakeholders
 Include representatives of all
(possible) stakeholders in risk
identification
 The broadest range of stakeholders
will yield the most complete,
accurate, and precise risk
identification

22
 Risk Analysis
or Risk Assessment
 Risk Assessment
 Risk analysis (assessment)
involves the study of the identified
risks
 Categorize each risk item
appropriately
 Important for complex projects
 Assign each risk item an
appropriate level of risk
 Involves likelihood and impact as key
factors
24
 Technical Factors for
Assessing Likelihood
 Complexity of technology and
teams
 Personnel and training issues
 Supplier and vendor contractual
problems
 Geographical distribution of the
development organization
 E.g., out-sourcing

25
 Technical Factors for
Assessing Likelihood
(2)
 Legacy (established) versus new
designs and technologies
 The quality (or lack of quality) in
the tools and technology used
 Bad managerial or technical
leadership
 Time, resource, and management
pressure
 Especially when financial penalties
apply 26
 Technical Factors for
Assessing Likelihood
(3)
 Lack of earlier testing and quality
assurance tasks in the lifecycle
 High rates of requirements, design,
and code changes in the project
 High defect rates
 Complex interfacing and
integration issues

27
 Business Factors for
Assessing Impact
 Potential damage to image
 Loss of customers and business
 Potential financial, ecological, or
social losses or liability

28
 Business Factors for
Assessing Impact (2)
 Civil or criminal legal sanctions
 Loss of licenses, permits, etc.
 The lack of reasonable
workarounds
 The visibility of failure and the
associated negative publicity

29
 How Do We Determine
the Level of Risk
 Quantitatively
 Using numerical ratings for both:
 Likelihood (usually percentage)
 Impact (often a monetary quantity)
 Both can be calculated to a common
risk index
 Qualitatively
 E.g., very high, high, medium, low,
very low
30
Risk Control
 Risk Control
 Risk control has four main options:
 Mitigation
 Taking preventive measures to
reduce the likelihood and/or the
impact of a risk
 Contingency
 Where we have a plan or perhaps
multiple plans to reduce the impact if
a risk should it occur

32
 Risk Control (2)
 Risk control has four main options:
 Transference
 Getting another party to accept the
consequences of a risk should it
occur
 Accepting (ignoring) the risk
 A final option

33
 Techniques for Risk
Control
 Various techniques can be used for
risk control:
 Choosing an appropriate test design
technique
 Reviews and inspection
 Reviews of test design

34
 Techniques for Risk
Control (2)
 Various techniques can be used for
risk control:
 Setting appropriate levels of
independence
 For the various levels of testing
 Using the most experienced person
on test tasks
 Using strategies for confirmation
testing (retesting) and regression
testing
35
 Risk and Testing

?
?
?
Questions
?

?
?
?
?
? ?
 Free Trainings @ Telerik
Academy
 C# Programming @ Telerik
Academy
 csharpfundamentals.telerik.com
 Telerik Software Academy
 academy.telerik.com
 Telerik Academy @ Facebook
 facebook.com/TelerikAcademy
 Telerik Software Academy Forums
 forums.academy.telerik.com