Module 2: The Test Analysts Tasks in Risk-Based Testing

Question 1

Risk Based Testing - Intro (2.1)

Test Managers often have overall responsibility for…

They will usually request the involvement of a…

Answer 1

Establishing and managing a risk-based test strategy.

Test Analyst to ensure the risk-based approach is implemented correctly.

Question 2

Risk Based Testing - Intro (2.1)

Test Analysts should be actively involved in the following risk-based testing tasks:

Answer 2

• Risk identification
• Risk assessment
• Risk mitigation

Question 3

Risk Based Testing - Intro (2.1)

Risk based testing tasks are performed…

In Agile software development…

Answer 3

iteratively throughout the SDLC to deal with emerging risks, changing priorities and to regularly evaluate and communicate risk status (see [vanVeenendaal12] and [Black02] for further details).

The three tasks are often combined in a so-called risk session with focus on either an iteration or a release.

Question 4

Risk Based Testing - Intro (2.1)

Test Analysts should work within the…

They should contribute…

Answer 4

Risk-based test framework established for the project by the Test Manager.

Their knowledge of the business domain risks that are inherent in the project such as risks related to safety, business and economic concerns, and political factors, among others.

Question 5

Risk Identification (2.2)

By calling on the broadest possible sample of stakeholders, the risk identification process is…

Answer 5

most likely to detect the largest possible number of significant risks.

Question 6

Risk Identification (2.2)

Test Analysts often possess…

This means they are particularly well suited to the following tasks:

• Conducting expert interviews with…
• Conducting…
• Using…
• Participating in…
• Participating in brainstorming sessions with…
• Defining…
• Calling on past experience with…

Answer 6

unique knowledge regarding the particular business domain of the system under test.

• The domain experts and users
• Independent assessments
• Risk templates
• Risk workshops
• Potential and current users
• Testing checklists
• Similar systems or projects

Question 7

Risk Identification (2.2)

In particular, Test Analysts should work closely with…

In Agile software development this close relationship with stakeholders enables…

Answer 7

the users and other domain experts (e.g., requirement engineers, business analysts) to determine the areas of business risk that should be addressed during testing.

Risk identification to be conducted on a regular basis, such as during iteration planning meetings.

Question 8

Risk Identification (2.2)

Sample risks that might be identified in a project include:

Answer 8

• Issues with functional correctness, e.g., incorrect calculations
• Usability issues, e.g., insufficient keyboard shortcuts
• Portability issues, e.g., inability to install an application on particular platforms

Question 9

Risk Assessment (2.3)

While risk identification is about identifying as many pertinent risks as possible, risk assessment is…

Answer 9

The study of these identified risks. Specifically, categorizing each risk and determining its risk level.

Question 10

Risk Assessment (2.3)

Determining the risk level typically involves …

The risk likelihood is usually interpreted as…

Technical Test Analysts should contribute to…

Answer 10

Assessing, for each risk item, the risk likelihood and the risk impact.

The likelihood that the potential problem can exist in the system under test and will be observed when the system is in production.

Finding and understanding the potential likelihood for each risk item whereas Test Analysts contribute to understanding the potential business impact of the problem should it occur (in Agile software development this role-based distinction may be less strong).

Question 11

Risk Assessment (2.3)

The risk impact is often interpreted as…

In other words, it arises…

Test Analysts should contribute to…

Answer 11

The severity of the effect on the users, customers, or other
stakeholders.

From business risk.

Identifying and assessing the potential business domain or user impact for each risk item.

Question 12

Risk Assessment (2.3)

Factors influencing business risk include the following:

Answer 12

• Frequency of use of the affected feature
• Business loss
• Financial damage
• Ecological or social losses or liability
• Civil or criminal legal sanctions
• Safety concerns
• Fines, loss of license
• Lack of reasonable workarounds if people cannot work any more
• Visibility of the feature
• Visibility of failure leading to negative publicity and potential image damage
• Loss of customers

Question 13

Risk Assessment (2.3)

Given the available risk information, Test Analysts need to establish the levels of…

These could be classified using…

Once the risk likelihood and risk impact have been assigned, Test Managers use…

That risk level is then used to…

Answer 13

business risk according to the guidelines provided by a Test Manager.

An ordinal scale (actual numeric or low/medium/high), or traffic signal colors.

These values to determine the risk level for each risk item.

Prioritize the risk mitigation activities.[vanVeenendaal12].

Question 14

Risk Mitigation (2.4)

During the project, Test Analysts should seek to do the following:

Answer 14

• Reduce product risk by designing effective test cases that demonstrate unambiguously whether tests pass or fail, and by participating in reviews of software work products such as requirements, designs, and user documentation
• Implement appropriate risk mitigation activities identified in the test strategy and test plan (e.g., test a particularly high risk business process using particular test techniques)
• Re-evaluate known risks based on additional information gathered as the project unfolds, adjusting risk likelihood, risk impact, or both, as appropriate
• Identify new risks from information obtained during testing

Question 15

Risk Mitigation (2.4)

When one is talking about a product risk, then testing makes an…

By finding defects…

If the testers find no defects, testing then…

Test Analysts help to determine risk mitigation options by…

Answer 15

Essential contribution to mitigating such risks.

testers reduce risk by providing awareness of the defects and opportunities to deal with the defects before release.

Reduces risk by providing evidence that, under certain conditions (i.e., the conditions tested), the system operates correctly.

investigating opportunities for gathering accurate test data, creating and testing realistic user scenarios and conducting or overseeing usability studies, among others.

Question 16

Risk Mitigation - Prioritising Tests (2.4.1)

The level of risk is also used to…

A Test Analyst might determine that there is…

As a result, to mitigate the risk the tester may…

Similarly, a Test Analyst might…

Rather than wait for a user acceptance test to discover any issues, the Test Analyst might…

This prioritization must be…

Answer 16

Prioritize tests.

A high risk in the area of transactional accuracy in an accounting system.

work with other business domain experts to gather a strong set of sample data that can be processed and verified for accuracy.

Determine that usability issues are a significant risk for a new test object.

Prioritize an early usability test based on a prototype to help identify and resolve usability design problems early before the user acceptance test.

Considered as early as possible in the planning stages so that the schedule can accommodate the necessary testing at the necessary time.

Question 17

Risk Mitigation - Prioritising Tests (2.4.1)

In some cases, all of the highest risk tests are…

In other cases a….

Answer 17

run before any lower-risk tests, and tests are run in strict risk order (called “depth-first”);

Sampling approach is used to select a sample of tests across all the identified risk areas using risk level to weight the selection while at the same time ensuring coverage of every risk at least once (called “breadth-first”).

Question 18

Risk Mitigation - Prioritising Tests (2.4.1)

Whether risk-based testing proceeds depth-first or breadth-first, it is possible that the time allocated for testing might be…

Risk-based testing allows testers to…

Answer 18

consumed without all tests being run.

Report to management in terms of the remaining level of risk at this point, and allows management to decide whether to extend testing or to transfer the remaining risk onto the users, customers, help desk/technical support, and/or operational staff.

Question 19

Risk Mitigation - Adjusting Testing for Future Cycles (2.4.2)

Risk assessment is not a…

Each future planned test cycle should be subjected to new risk analysis to take into account such factors as:

Answer 19

one-time activity performed before the start of test implementation; it is a continuous process.

• Any new or significantly changed product risks
• Unstable or failure-prone areas discovered during the testing
• Risks from fixed defects
• Typical defects found during testing
• Under-tested areas (low requirements coverage)