5.2.Risk Management

Question 1

How is risk defined in testing?

Answer 1

A potential event, hazard, threat, or situation whose occurrence can cause an adverse effect, characterized by its likelihood and impact.

Question 2

What are the main activities in risk management?

Answer 2

Risk analysis (identification and assessment) and risk control (mitigation and monitoring).

Question 3

What is risk-based testing?

Answer 3

A test approach where test activities are selected, prioritized, and managed based on risk analysis and control.

Question 4

How is risk level expressed and what does a higher risk level indicate?

Answer 4

Risk level is expressed by the likelihood and impact of the risk. A higher risk level indicates a greater need for treatment.

Question 5

What are project risks in software testing?

Answer 5

Risks related to the management and control of the project, such as organizational, people, technical, and supplier issues.

Question 6

Give examples of project risks.

Answer 6

Organizational issues (delays, inaccurate estimates, cost-cutting)
people issues (insufficient skills, conflicts, communication problems)
technical issues (scope creep, poor tool support)
supplier issues (third-party delivery failure).

Question 7

What can project risks affect?

Answer 7

They can impact the project schedule, budget, or scope, affecting the project’s ability to achieve its objectives.

Question 8

What are product risks in software testing?

Answer 8

Risks related to product quality characteristics, such as missing functionality, incorrect calculations, runtime errors, poor architecture, security vulnerabilities, and poor user experience.

Question 9

What are some potential consequences of product risks?

Answer 9

User dissatisfaction, loss of revenue/trust/reputation, damage to third parties, high maintenance costs, criminal penalties, and in extreme cases, physical damage or injuries.

Question 10

What is the goal of product risk analysis in testing?

Answer 10

To provide awareness of product risk to focus testing efforts and minimize residual product risk.

Question 11

What techniques are used for risk identification?

Answer 11

Brainstorming, workshops, interviews, and cause-effect diagrams.

Question 12

What does risk assessment involve?

Answer 12

Categorization of risks, determining their likelihood and impact, prioritizing risks, and proposing ways to handle them.

Question 13

How do quantitative and qualitative approaches to risk assessment differ?

Answer 13

Quantitative calculates risk level as the multiplication of likelihood and impact, while qualitative uses a risk matrix to determine risk level.

Question 14

How does product risk analysis influence testing?

Answer 14

It determines the scope of testing, test levels, test types, test techniques, coverage, test effort, and prioritization of testing.

Question 15

What does product risk control involve?

Answer 15

Risk mitigation and risk monitoring to reduce risk levels and ensure the effectiveness of mitigation actions.

Question 16

What actions can be taken to mitigate product risks by testing?

Answer 16

Selecting experienced testers, applying independent testing, conducting reviews, performing static analysis, using appropriate test techniques, and performing dynamic and regression testing.

Question 17

What is the aim of risk monitoring in product risk control?

Answer 17

To ensure mitigation actions are effective, improve risk assessment, and identify emerging risks.

Question 18

What are the possible responses to identified risks?

Answer 18

Risk mitigation by testing, risk acceptance, risk transfer, or contingency planning.