A few years ago, I was reading a paper that mentioned Risk Based Testing and it said:
Risk Based Testing is:
This started a series of thoughts for me. First – I recognised those words, they are the simplified, generic stages of Risk Management that you might read in any material dealing with risk management. Secondly, I have been in testing for over 20 years, I have worked in teams that called themselves Risk Based many times but, although we spoke of risk often, we did not use these words to describe our activities. So … is it right to say that this is the Risk Based testing process? I had to have a pretty good think.
Well, in Risk Identification one examines the context, realises that there are far too many risks to be able to identify and manage them all, so we work to select the significant, important risks and manage those. In testing we have an activity where we examine the context of the application to be developed, realise that there are too many tests to be able to identify and run them all (exhaustive testing is impossible) and select the significant, important tests and work on those. We call this – Test Analysis.
Risk Identification = Test Analysis
When we identify a test, we are identifying a risk. When we create a test to ensure that the Log On function works, we do so specifically because there is a risk that it will not work.
In Risk Assessment we put values on the likelihood and impact (at least) of the risks in order to put the list of risks identified into a meaningful order so that we can manage the most serious ones first. In testing we examine which tests will cause more damage to the business (impact) and where in the system defects are more likely to appear (likelihood) and order our tests to address the most significant ones first. We call this Test Prioritisation.
Risk Assessment = Test Prioritisation
In Risk Mitigation we take actions to reduce the impact, or likelihood, or both, of the risks to bring the level of risk down to an acceptable level. In testing we act to reduce the probability of undetected defects going live down to an acceptable level (we can never guarantee that software is defect free). We call this action Test Execution. Test Execution reduces risk – Risk Management teaches us that risks are unknowns; testing provides information and therefore reduces the unknowns.
Risk Mitigation = Test Execution.
So – the words all map to testing. Are they therefore correct – that Risk Based Testing is Risk Management? Yes … and No.
The activities identified are not activities that we only perform in Risk Based Testing, they are activities that we perform in all forms of testing, therefore:
All testing is Risk Management.
We decided to put this hypothesis to the test. I booked onto a risk management training course and qualification: M_o_R by Axelos. This is a risk management method and qualification aimed at anyone involved in organisation / corporate risk management (and indeed any other form of risk management) and the other participants in the course were company directors, charity directors and civil servants.
My theory was that, because testing is risk management and the activities of testing map to risk management activities, I would find that this mapping continued all the way through an in-depth risk management process. Because I am well versed in test management and testing principles, I should therefore find the course quite straight forward.
To cut the long story short the theory was proven correct – I found the course enjoyable and straight forward and I passed the foundation and practitioner exams with the highest scores in the class. The activities that course took us through are the things that we have slowly, over the 40 or so years since Myers wrote The Art of Software Testing, introduced to the testing process. Including scope definition, stakeholder management and the stages mentioned above. The most important difference is that Risk Management have been working on this process specifically. Their process is more in-depth throughout – the testing process has started from the mitigation activity of test execution and grown from there. It seems to me that there are things for testers to learn from risk managers.
Next time I will start to examine what lessons we might learn from it.
Link to original PR: https://expleoacademy.com/int/risk-based-testing/
All training courses at Expleo Academy
bcs intermediate certificate in software testing
change management fundamentals
isqi certified agile business analysis caba revision session and exam 1500
flow ambassador excelling at business agility masterclass
estimating for testers
dasa certified devops fundamentals
istqb certified tester advanced level security tester
istqb certified tester advanced level technical test analyst
istqb certified tester advanced level test manager
project management professional pmp preparation course
agile certified practitioner pmi acp preparation course
using selenium in csharp with workshop
apmg certified change management in an agile environment foundation and practitioner
risk management professional pmi rmp certification preparation course
project management fundamentals
program management professional pgmp preparation course
istqb certified tester foundation level extension agile tester
bcs certificate in modelling business processes
isaqb certified professional for software architecture foundation level cpsa f
bcs foundation certificate in business analysis
icagile certified product ownership
writing user stories workshop
bcs certificate in requirements engineering
bcs international diploma in business analysis exam preparation workshop
bcs certificate in business analysis practice
agile requirements engineering
certified disciplined agile scrum master dasm
icagile certified agile fundamentals
istqb certified tester advanced level test analyst
certified disciplined agile senior scrum master dassm
isqi certified agile business analysis caba
certified associate in project management capm preparation course
performance testing fundamentals
agile process tools a look into scrum kanban and safe
scrum master bootcamp
product ownership bootcamp
a4q certified selenium tester foundation
psychology of communication intelligence
test automation fundamentals
using cucumber with selenium
using selenium with workshop
asqf certified professional for project management
istqb certified tester foundation level
About Expleo Academy
The Expleo Academy enables you to acquire and develop the right skills by delivering a suite of accredited training courses. With a global presence and reach, we deliver hundreds of training events to thousands of participants each year. We bring the knowledge and real experience of working with global companies and the flexibility of delivering public workshops, custom in-house solutions and blended learning approaches incorporating digital learning capabilities.
The Expleo Academy offers training courses in Management Consultancy, Business Agility, Continuous Quality, Software Engineering or even Private Events with detailed Learning pathways in Business Analysis, Change Management, Project / Program Management, Software Quality Analysis, Software Quality Management and Software Engineering.
Academy is part of the Expleo Group , that offers Engineering, Consultancy- and IT-Services to the industry. At https://products.expleogroup.com/ one could find a bunch of products which Expleo developed over the years, among them Testona (Features, Klassifikationsbaum-Methode, Training & Tutorial, References, Download & Price), Modica (MBT Process, Modelling, Object Definition, Generation, Automation, Training & Tutorial), Messina, (Camera-Hil-System, Ancona-Hil-System, Messina RS-UI Test Automation, Modular-Hil-System), Trentino, Persim, Savona, Bergamo, Meran, Powerdiff, and also Powerdiffmerge, and of course the Aerospace Products like Crew Rest Unit, Crew Rest Couch and ALM (3D Printed) parts.
Contact the Expleo Academy
Expleo Technology Ireland Ltd
30 North Wall Quay,
Dublin D01 R8H7
Tel +353 87 2355902