What is Risk Management?
Risk management is the process of identifying, assessing, and managing risks. It is performed in both planning and execution phases. An effective risk management strategy and application drastically reduces the chances of execution failures in software development.
Watch this Selenium Tutorial video
The main phases of risk-based testing are:
- Risk Mitigation
- Risk Identification
- Risk Impact Analysis
Risk Management in Software Development Life Cycle
The entire process of risk management is divided into three important steps, which described below in detail:
Risk Identification
Risk identification is the simple identification process that lists out the probable factors that may disrupt the smooth functioning of the software. This listing process includes all possible instances, including external errors that might disrupt the functioning of the software.
The most identified risks are late errors, lack of defined scopes, unavailability of independent test environment and workspaces, tight test schedule due to impending demand, etc. The identification process is often a prerequisite to ensure that the software has authenticity in the testing reports. The developers are also informed about the risk factors to avoid such loopholes in the future.
Get 100% Hike!
Master Most in Demand Skills Now!
Risk Impact Analysis
Once the risk is identified, we move on to the risk impact analysis. This step involves the classification of the identified risks based on their probability and force of impact on the entire project. The three classifications for impact analysis are high, medium, and low. A systematic structure is followed to analyze the risk before it gets materialized.
Impact analysis is done financially as well because the impact in that sector can have direct results on the development of the software. Major issues such as tight testing schedule and delay caused due to design issues could be a considerable hindrance; hence, getting assigned to the high-risk category after the risk impact analysis. An issue like the probability of natural disasters is classified as a low risk.
Risk Mitigation Process
The next is the most important step, the risk mitigation process. The idea is to find feasible solutions for the analyzed risk, keeping high category risk mitigation as a priority. Finding the proper risk mitigation technique is also crucial. The techniques used should be harmless for the other stages of development.
The risk mitigation factors include finding the most suitable solution that can be arranged in a limited time frame and thus, does not induce the risk of delaying the entire project. For example, the high-risk factor of tight testing schedule, causing delay, can be mitigated by informing the development and testing team to control the preparation tasks in advance as a preventative measure.
Preparing for a Job Interview! Check out our blog on Selenium Interview Questions now.
Test Execution
Risk management, at times, extends to the test execution phase. The execution of time risk management is a fast task to accomplish, as it is constructed in a very short time frame. Therefore, usually, the impact analysis classifies the risk probability based on individual modules and ranks them accordingly, making it easier for the testing team to mitigate the risk by prioritizing the module tests, finding the solutions with the highest-ranked module, and saving a lot of time and energy.
Ready to excel in your Manual Testing interview? Get access to our comprehensive guide to Manual Testing Interview Questions.
Ways to Carry Out Risk Analysis in Software Risk Management
There is no standard process for risk analysis. Different companies carry out the process in different ways. Risk analysis is also carried out on different items of a project. This is important to identify the risks and to implement the risk-based testing analysis approach. The different items in a project are as follows:
- Functionalities
- Features
- User Stories
- Use Cases
- Requirements
- Test Cases
In this blog, we will only be focusing on the test cases to understand the risk-based testing approach.
Want to learn Selenium Testing from the experts, here’s an opportunity for you; Selenium Training Course!
Procedure of Risk Analysis in Risk Management
Stakeholders from the technical and business team are involved in risk analysis. These stakeholders discuss and identify the importance of each feature of a product. This will then be made into a list of priorities, based on the risk of failure and how it will impact the end-user experience.
A few important things that shape the discussion include:
- Project documents such as technical specification documents, architecture documents, use case documents, etc.
- Most-used functionality
- Consultation from a domain expert
- Previous version data
During this discussion, the risk factors associated with each feature are identified. The risks could be technical, business-related, or operational. The likelihood of risk occurrence and its impact helps in weighing all tests and scenarios.
The risk occurrence likelihood could be due to:
- Improper understanding of the feature by the development team
- Poor design and architecture
- Not enough time to design
- Team’s incompetency
- Not enough resources
The impact of the risk could be as follows:
- Cost impact
- Business impact; losing business or market share
- Quality impact
- Bad user experience
The focus is of examining the risk of a feature or product could be:
- Business criticality of the functionality
- Features that are most used and important functionality
- Areas that are prone to defects
- Functionalities that bear the impact of security and safety
- Complex design and architecture areas
- Changes that were made from the previous versions
You can take up this Selenium Online Training in Bangalore by Intellipaat to learn Selenium!
Risk Analysis Methodology in Risk Management
We can now talk about the risk-based testing methodology in detail. RISK is the criteria in all the test cycles and phases, under the risk-based testing methodology. We can design several combinations of test case scenarios. The tests are ranked on the basis of the severity of risks. This helps find out the riskiest area of failure.
The main goal of risk analysis is to find the high-value items, such as product functionalities, features, etc., and the low-value items. This is done to ensure that the primary focus is always on the high-value items. This is the first step in risk analysis, before we can start with the risk-based testing methodology.
The categorization of high- and low-value items is done by following the steps given below:
Using a 3×3 Grid
Risk analysis is conducted by using a 3×3 grid. The stakeholders assess all functionalities, non-functionalities, and test cases for the “likelihood of failure” and “impact of failure”.
The “likelihood of failure” is categorized into “likely”, “quite likely”, and “unlikely”, along the vertical axis of the grid. This is done by a team of technical experts.
The “impact of failure” is categorized into “minor”, “visible”, and “interruption”, along the horizontal axis of the grid. This is generally assessed by the end customer, but if for some reason that is not possible, a group of business specialists carry out the assessment.
Likelihood and Impact of failure
Test cases are positioned in the quadrants in the grid. This is based on the identified values of the likelihood and impact of failure. These are shown as dots.
The test cases with high likelihood of failure and high impact of failure are grouped on the top right corner of the grid; they are the high-value items. While the low-value items are grouped together in the bottom left corner of the grid.
Testing Priority Grid
The tests are prioritized based on their positioning on the grid. They are labeled numerically according to their priority. The tests are executed according to their priority. The high priority tests are executed first and the low priority tests are executed last or just chucked out.
Details of Testing
Now, the level of details of testing has to be decided. The scope of the testing is decided based on the ranking in the grid.
High priority tests that rank 1, are tested “more through(ly)”. Experts are deployed to execute these test cases. The rest of the test cases are also labeled according to their priority. The least priority test cases can be executed, if there is enough time and resources left.
This entire process helps testers identify the high-value tests and also guides them on the details of testing to be conducted.
Risk Management Process
The risk management process involves three stages:
- Risk Identification
- Risk Assessment or Impact Analysis
- Risk Mitigation
Risk Identification
A risk has to be first identified before it can be solved. The first step in the risk identification stage is to make a list of everything that could go wrong.
This step is usually led by a QA manager, lead, or representative, but the entire QA team’s contribution is important.
Let us take a look at a sample list of risks; the application that is being tested is not the focus here; the focus is how the QA phase will pan out:
- The testing schedule has been tight.The test started late because of design tasks and, now, it cannot be extended beyond the user acceptance testing (UAT) start date.
- The resources weren’t enough, and the onboarding took a lot of time.
- The defects were found late and they are going to take a lot of time to resolve.
- The scope was not completely defined.
- The occurrence of any natural disaster.
- The unavailability or inaccessibility to an independent test environment.
- The emergence of new issues causing the testing to be delayed.
Once we get the complete list of risks, we can move on to the next stage.
Risk Assessment or Impact Analysis
In this stage, all the risks are quantified and prioritized. Each risk’s probability and impact is determined systematically. Values are assigned to the probability and impact of the risks as high, medium, or low. High-priority risks are taken care of first, followed by medium- and low-priority risks.
If we create a sample table for the list of risks we mentioned above, it would look something like this:
Risk | Probability | Impact |
The testing schedule has been tight.The test started late because of design tasks and, now, it cannot be extended beyond the UAT start date. | High | High |
The resources weren’t enough, and the onboarding took a lot of time. | Medium | High |
The defects were found late and they are going to take a lot of time to resolve. | Medium | High |
The scope was not completely defined. | Medium | Medium |
The occurrence of any natural disaster. | Low | Medium |
The unavailability or inaccessibility to an independent test environment. | Medium | High |
The emergence of new issues causing the testing to be delayed. | Medium | High |
Get a clear understanding and enhance your knowledge about the software testing courses online by Intellipaat
Risk Mitigation
The last stage of the risk management process involves coming up with solutions to handle each of the listed risks. Here is a sample of what the list of risks mentioned-above would look like after this stage:
Risk | Probability | Impact | Mitigation Plan |
The testing schedule has been tight.The test started late because of design tasks and, now, it cannot be extended beyond the UAT start date. | High | High | The testing team can control the tasks in advance.Some buffer time can be added to the schedule. |
The resources weren’t enough, and the onboarding took a lot of time. | Medium | High | Vacations and holidays have been built into the schedule. |
The defects were found late and they are going to take a lot of time to resolve.. | Medium | High | Defect management plan has to be put in place for quick communication and fixing bugs. |
The scope was not completely defined. | Medium | Medium | The scope has to be well defined. |
The occurrence of any natural disaster. | Low | Medium | The teams have to be distributed into two geographical areas. This way, in case a natural disaster happens, the other team can continue the process further. |
The unavailability or inaccessibility to an independent test environment. | Medium | High | This will impact the schedule of test execution and cause delay. |
The emergence of new issues causing the testing to be delayed. | Medium | High | Defect management and issue management procedures are put in place to provide a quick resolution. |
Best Practices for Risk Management in Software Testing
Let us take a look at some of the best practices for risk management in software testing:
- Involve stakeholders in every step of the risk management process.
- Build a strong risk culture in the company; this includes attitudes, values, and beliefs. The importance of risk awareness should be instilled in the employees so that everyone is prepared.
- Communicate risks throughout your company. High-value risks should be monitored by all departments.
- Clearly document the company’s risk management policy. It should be further communicated to the employees.
- Clear risk monitoring processes must be in place.
Conclusion
Risk management in testing is a crucial step in delivering the final product to the customers. It helps in improving the planning and execution process as well as reducing the potential of failures.
In this blog, we have discussed the stages involved in risk analysis and management. If carried out effectively, these are definitely going to help improve the software development cycle. Therefore, make sure to identify and manage risks before the final testing. Good luck!
Preparing for a job Interview! Check out our blog on Software Testing Interview Questions now!