Risk-based testing is finding out the risk involved in the application based on application usage, the complexity of the application, criticality.
Risk can have a positive or negative impact on the success of the project and its occurrence is very uncertain. It can be the repetitive event from past or it can be the event which is likely to happen in future. These events can have an effect on many things like functionality, technicality, and cost.
As risks can be positive and negative, positive risks help the business process whereas negative risks are not good for the success of the projects and should be eliminated immediately.
Risk-based testing helps to prevent the issues which are likely to affect the application in future, so it allows the team to address the risks before the application is affected.
Risk-Based Testing Process:
- Identifying the Risk: Testing team needs to identify functional modules which are applicable to the application. It can be done through workshops, checklists, learnings from previous projects, RCA, interviewing etc.
- Impact to functional modules: The next step is to analyze the risk and filter them depending on the significance. This includes both qualitative and quantitative risk analysis.
- Risk response planning: On the basis of the analysis, it can be decided that if the response is needed or not. It’s the owner’s responsibility for checking options to reduce the impact of risks.
- Risk Monitoring: Risk monitoring and control process is used for the identification of risks, track identified risks, update risks, and monitor risk triggers. This can be done by retrospective meeting, risk audit, performance measurement
Risk and its impact:
What is impact and impact on business, this needs to be understood by everyone in the team. There are multiple factors considered while calculating risks. So basically,
Risk = Impact * Probability of failure
Impact needs to be categorized because if any functionality fails, it helps to understand the impact on business. Appropriate categorization needs to be done of the requirement by the business team. For example: If the test scripts which are categorized as high fails, the impact will be more and if the test script categorized as low fails, the impact will be less, that is why categorization is very important. So defining impact has the following benefits:
- High-risk areas can be identified in the application.
- Controlled risk-taking approach.
- Reduce the scope of retesting the test scripts.
- The severity of the defects can be identified.
- Regression test scripts are easy to prepare
If a defect related to change was found, the following is an estimate of the overall scale of impact:
- Critical impact – 5: When all the major and critical functionality fails. This results in loss of revenue/data.
- High Impact – 4: in this, the customers are not affected but the issue is in the backend system
- Medium impact – 3: To resolve this time and research is needed, again customers are not affected by this, but the change has affected the other code. Here the progress is interrupted with a large extension to project cost.
- Moderate Impact – 2: Customers are not affected and the changes made are short-term and manageable.
- Marginal Impact – 1: This can be spelling mistakes or minor UI issue.
Also, the probability of failure has different categories:
- Critical -5: The likelihood of failure is too high and impact to the peripheral system is possible.
- High-4: The likelihood of failure is high and impact on the peripheral system is also high.
- Medium-3: The likelihood of failure is medium and impact to the peripheral system is also medium.
- Moderate-2: The likelihood of failure is moderate and impact to the peripheral system is also moderate.
- Marginal-1: The likelihood of failure is low and impact on the peripheral system is also low.
Risk-Based Testing Approach:
- Understanding and analyzing requirements.
- Reviewing documents.
- Accessing the risk by calculating the impact of each requirement on the project.
- Identifying high-risk areas using risk assessment matrix.
- List of identified risks.
- Requirement prioritization.
- Critical risks can be considered for implementation
- Define test according to the rating.
- Design test scrips in a way that high-risk items retested first.
- For low-risk test items, different test design techniques can be used like equivalence partitioning.
- Reviewing test plan and test scenarios created by the testing team.
- Peer review for defect identification.
- Execution of test cases according to the priority of risk.
- Evaluating exit criteria
- Defect analysis and defect prevention to eliminate the defects.
- Regression and retest to validate defect fixes.
- Risk control and monitoring.
- Risk reassessment and customer feedback.
Advantages of Risk-Based Testing:
- The higher priority areas are tested first which leads to improved quality of the end product. So with the risk-based testing tests can be prioritized against deadlines.
- Testing becomes more organized.
- Improved customer satisfaction.
- Risk areas can be discovered early so that preventive measures can be taken when required.
- This is a cost reduction method.
Disadvantages of Risk-Based Testing:
- If some risks are assessed too low or if there are any unrecognized risks, this can cause a problem if it becomes reality.
Risk-Based Testing Process:
- Identifying Risk: Consulting Business and Technical teams and preparing list of risks
- Analyzing Risk: Discussing risks and assigning them a probability.
- Risk Response: Documenting dependencies and assigning test effectiveness score
- Test Scoping: This is reviewing the scope of risks to be addressed by testing
- Test Process Definition: Drafting the test process.
Summary:
- Test scripts are executed according to risk priority order.
- Organized testing efforts and level of priority of each risk item are rated.
- This testing is most efficient way of projects based on risks.
- Helps to identify the positive or negative impact
- Helps preventive the issues which are likely to happen in future.
- Sanity Testing
- Functional Testing
- What is Installation Testing?
- Functional Testing Vs Non-Functional Testing
- A Better Approach to Usability Testing
- Model Based Testing: Testing Type You Must Know!
- Accessibility Testing In Software Testing
- How to do Backend Testing?
- Is Crowdsourcing Good For Quality Assurance?
- What is Interoperability Testing in Software Testing?