Risk-based Testing

• Do your testers always need more time to finish?
• Are you confident your testers focus on what is important?
• When the time comes to release, do you know whether you've done enough testing?
• Practical risk assessment, measurement and reduction techniques for Risk-Based Testing

Background and Objectives

In the last decade, Risk Management has emerged as an essential discipline that helps managers to keep their projects on track. By anticipating problems, risks can be monitored and controlled before they become disasters.

Risk management methods tend to emphasise project and process risks. Planning and estimation problems, resource constraints, scheduling issues, external dependencies, contractual obligations are the most visible risks to management and because they are relatively small in number can be managed at the project level. Product risk is another matter. With current methods, the sheer number of ways a product can fail makes product risk impossible to manage, except at an abstract level.

Traditional views of testing put fault detection at the top of the testing agenda and rightly so. Testing has a much greater contribution to make to the development lifecycle if the fundamental testing principles are applied at all stages of software development. In particular, the assessment and control of product risk become natural by-products of good test practices if testers use risk management disciplines to influence the test process.

Testing reduces risk by detecting software faults and that is of course essential. Testing can also reduce risk by preventing software faults, if we test early project deliverables as well as the software. Front-loaded testing techniques mean that "testing throughout the lifecycle" can be practiced to good effect and not just preached as a consultant's mantra.

Testing can be used to measure risk if quantifiable test objectives can be set and met. In today's rapidly-changing environment, where organisations are racing towards internet-based trading, where technical complexity has overtaken our ability to understand it, and speed to market dominates peoples thinking testers need to use risk to focus and scale their test activities.

This tutorial introduces risk management for testers and gives attendees insights into how risk can be used to define test objectives, scale the testing according to risk and assess the risk of release, when the go-live deadline approaches.

Presenter of E-Business Testing and Risk-Based Testing
Paul Gerrard - Systeme Evolutif Ltd
Paul is the Business Development Manager and a principal consultant for Systeme Evolutif. He has conducted consultancy and training assignments in all aspects of Software Testing and Quality Assurance. Previously, he has worked as a developer, designer, project manager and consultant for small and large developments using 3 and 4GLs. Paul has degrees from the Universities of Oxford and London, is Special Projects Secretary for the BCS SIG in Software Testing and a member of the BCS Software Component Test Standard Committee. He is a regular speaker at seminars and conferences in Europe and the US, and won the 'Best Presentation' award at EuroSTAR '95. Paul is the author of all the training material presented by Systeme Evolutif.

Who should attend?

• IT Managers
• Project Managers
• Test Managers
• Software Testing Specialists

Benefits of attending
This workshop explores the relationship between product, process and project risk. Typically, product risks are the biggest concerns of users once a system is delivered and there are an infinite number of ways a system can fail. Most practitioners acknowledge the importance of testing in risk reduction, but few can apply risk management disciplines to their test activities. This workshop describes a methodology for Risk-Based Testing and gives attendees practical tools for measuring and reducing product risk.

Topics Covered

Introduction to Risk

• What is a risk?
• Project, process, and product risks
• Risk management: assessment, monitoring and reduction
• Role of testing in product risk management

Testing and Risk

• How much testing is enough?
• Identifying product risks
• Differing viewpoints
• Prioritising risks
• Risks and test evidence.

Using Risk to Define the Test Process

• Defining objective acceptance criteria
• Designing tests to address risks
• Using risk to define test objectives
• Test objectives and the test process.

Using Risks to Prioritise Testing

• Testing as a sampling activity
• Choosing test techniques
• Focusing test effort using risk
• Deciding the amount of testing based on risk.

The Release Decision

• Who should make the release decision?
• What information is required to make the decision?
• Quantifying the testing
• Have we done enough testing?
• What are the risks of release?