Risk Based Testing & Risk Management
reply and report to an article
Reading the article on ISTQB LinkedIn: Risk Management in Testing, I want to share some insights.
Risk based testing is a part of the over all risk management, which is crtiical for running any project. in that perspective, it is - and should be - used for identifying risks (process, project and product ones), and should start indentifying those on the requirements and specification level (when talking product risks).
Testers, focus mainly on the product risks, while having Process nad Project risks as well. most things that relate to the SW or the system technical aspects and quality or most probably product risks.
We should try to avoid using lack of time and resources as risks as they appear to be there for most projects, and rather focus on the quality aspects, and product risks more as testers, and test managers. Of course, impacts appear to be on the other aspects of risk - in the process or project areas.
Mitigation planned actions are to help us Prevent the risks from happening, and we should also evaluate (after the fact) if they were successful in doing that. Contingency planned actions are to minimize the damage - if the risk has materialized.
Risk management and risk based testing should alsways handle the test execution. In fact, risk management is an on going activity, that evolve over time, as risks evolve over time as well. It is not a one time activity, but rather a continuous process of evluating risks, mitigating them or handling their impact, meantime identifying new ones, etc.
a Feedback loop, evaluating how we managed our risks in last releases, is to be set up and in place. Enabling us to evaluate how we subjectively estimated risks, and handled them. A lessons learned session is always good to do that, adjusting the way we look at risks in the future, and injecting new inshghts into our risk based testing process.
Risks are to be managed regardless of what is the development model in use - whether it is Agile or Traditional - we should manage risks. Of course we manage them differently, as the short cycles of Agile, require us to take a more immidate action.
Risks also have to be listed and handled in two seperate threads: short term and long term. The short term would be to ACT now, and the long term would be - How we can change the process of other factors, in order Not to be in that same situation in the next release.
Learn more about Risk Based Testing at one of our workshops at QualityWize.