Risk Management Methods for Test Projects

Course available as online self-paced

Course available to schedule onsite

Learn More

Concepts

Testing is our primary means of reducing risks related to systems and software. All testing is risk-based in that there are more potential tests than we have time and resources to run, so we choose those that address higher risks. The difficulty is adequately identifying the potential risks, for which a number of structured techniques are described. Risk management involves obtaining, directing, and controlling resources for continuously planning, strategizing, identifying, analyzing, prioritizing, preventing, responding to, mitigating, monitoring, controlling, and reporting risk. Key types of risks and identification approaches are distinguished. Powerful Proactive Testing Ô techniques are demonstrated that enhance conventional reactive testing risk analysis to enable testing higher risks not only more but earlier. Exercises aid learning by allowing participants to practice applying practical methods to realistic examples.

Participants will learn:

The elements of risk and risk response, and their relation to software development and testing.
Importance of distinguishing business, management, functional, and technical risk causes and effects.
Alternative methods for identifying, analyzing, classifying, and prioritizing the several types of risks.
Proactive Testing™ methods that enhance conventional reactive testing risk identification, response.
Monitoring, evaluating, adjusting, and reporting on risk activities, findings, and results.

Outline

NATURE AND IMPORTANCE OF RISK
- Murphy's Law; O'Brien's Law
- Relation of risk to software and testing
- Classical risk management
- Elements of risk and exposure
- Classical risk-response techniques
- Costs, ease of detecting, controlling vs. harm
- Quantifying qualitative risk, tricks and traps
- Types, classifications of risks
- Threats, vulnerabilities, triggers
- Risk identification approaches
- Business, functional, and operational risks
- Direct and indirect forms of injury
- Management and technical risks
- Window of market opportunity
- Effects vs. causes risk identification
PROJECT MANAGEMENT RISKS
- Most frequently encountered risks
- Changing requirements and scope creep
- Lack of management support, priorities
- Typically unrecognized interrelationships
- Features/quality, resources, schedule risks
- Software risks--or just poor management
- Implications for software and QA/testing
- Traditional checklists for project managers
- Fraud, security breaks, and sabotage
- Evaluating risk factor checklists usefulness
- Software risk taxonomy
CONVENTIONAL RISK ANALYSIS
- Testing riskier features, components more
- System, development practices checklists
- Security and compliance emphasis
- Defect categorization, root causes, trends
- Design analysis vs. prioritizing test cases
- Why typical risk-based testing is reactive
- Common subjective risk judgment methods
- Strengths and weaknesses, what's missed
PROACTIVE RISK-BASED TESTING
- Proactive Testing™ Life Cycle
- Structured model of test planning
- Multiple levels, points of risk analysis
- Prioritization demands knowing the choices
- Project-level proactive risk analysis
- Identifying overlooked project-specific risks
- Refocusing on tests that reduce the key risks
- Letting testing drive development
- Gaining user, manager, developer support
- Identifying and analyzing lower-level risks
- Differentiating user and technical views
- Risk analysis in test designs and test cases
- Risks of not testing some things
- Metrics to monitor effectiveness, efficiency
- Anticipating and measuring operational risks
- Risk management roles and responsibilities
- Reporting risk status, expected and actual
- Improving over time