Risk Based Testing part I.

Is Risk based testing effective way to drive and manage tests on the project?

Testing is usually the last thing done in a project thus testing is always under pressure. If you, as a Test Manager, have enough time to execute all planned tests, you are one of the few lucky ones.

There might be several approaches how to manage and mitigate those challenges and risk based testing approach could be an answer.

In general, and very simple view of the topic is….

No risk = > No test

Applying this strong and very powerful statement, you might always come to a correct answer if and how important the testing is for your project.

A little bit more sophisticated definition is following: “Risk based testing is a testing done for a project based on the risks, using risk assessment to prioritize and use appropriate tests during the test execution. As mentioned above, since there might not be sufficient time to test all functionality, Test Manager must be able to cut down the least important things. Risk Based Testing involves testing the functionality which has the highest impact and probability of failure.

Time aspect is one of the reason why to consider risk based testing approach in your project. Another reason is, that you have a big chance to find most important defects in most important modules as early as possible at the lowest price.

Let’s have a short look on the Risk itself

Wikipedia is defining risk as a potential of gaining or losing something of value or an uncertain event or condition that, if it occurs, has an effect on at least one [project] objective.

ISTQB defines risk as the chance of an event, hazard, treat or situation occurring and resulting in undesirable consequences or potential problems.

I would say that Risk is a relation between chance that something will fail and the damage that will be caused by the failure.

Chance = probability, likelihood that something happen

Damage = impact. In our IT terminology, it is usually a business impact that we are trying to consider.

Product risk = Probability * Impact

Good thing is that we, as testers, do not need to bother of all risks that might occur on project.

In fact ISTQB defines 2 types of risks

Project Risk and Product Risk

Project risk is the risk that surrounds the project’s capability to deliver its objectives. E.g.

  • Organizational factors: Skills, personnel issues
  • Technical issues: Low quality of design documentation, Availability of environments and tools
  • Supplier issues: Contractual issues, Failure of third party

Product risk is Potential failure in software or system, product that is a subject of the delivery to the customer.

  • Software doesn’t support the intended functionality and requirements. E.g.
  • Functionality
  • Data integrity and quality
  • Usability,

Before we finish today, let me do short wrap up

Being part of the implementation project, we cannot ignore the fact that risks are always present and well-bundled, regardless if we want them or not. A Risk Based Testing approach gives us a tool and opportunity to reduce the level of risks to acceptable minimum. Risk based testing approach may be used to:

  • Determine test techniques to be applied
  • Determine the extent of testing and
  • Prioritize testing activities during the test preparation phase as well as test execution phase.

At the end of the day, there is only one goal for testers. Find defects as early and as effectively as possible.

Good luck


In my next post:

I will continue in Risk Based Testing topic giving you some useful hints and tips:

  • how to prepare for a risk assessment meeting,
  • which project roles are taking part,
  • how to determine the probability and impact as well as overall score table

Do not hesitate to contact me in case of any query. I will come back to you. 

Or leave a comment / feedback down bellow.

Leave a Comment

Your email address will not be published. Required fields are marked *