Agile Testing Quadrants: Risk-Based Testing (RBT) | David Tzemach

Risk-based testing is a testing approach that uses risk to prioritize, design and execute test scenarios. Risk-based testing helps the team understand the risks of the application. What negative impact they may have is identified by the customer.

Risk-based testing is most suitable in the following scenarios:

  • Agile projects that use incremental releases and short sprints.

  • Projects with high-risk factors (low domain knowledge, lack of experience etc.).

  • Any project with low testing timeframe and resources.

Risk-based testing process

The process of risk-based testing is like any other risk management process, with a few small tweaks:


Phase 1: Risk identification

This is probably the most crucial phase of the entire process. During the risk identification process, the team collaborates to define the potential risks. This can be based on interviews, team experience, dedicated workshops or the retrospectives from previous projects.



Phase 2: Analyze the impact on the system

The next step is to analyze the potential impact of risks and determine their priority. One simple way to do it is by using a score system based on potential damage and probability to occur (risk = impact * probability of failure), for example:


Impact Score – Impact refers to the potential damage that the business will suffer if the intended behavior of a given functionality is not delivered as the customer expects it to be.

Here are a few simple examples of leading questions to use when assigning an impact score:

  • Will it lead to any unrecoverable data loss?

  • How does this influence the customer and the business?

  • What is the direct impact on a given functionality?

  • Does any other business process depend on it?

  • Will it cause any downtime of customer service?

Probability Score – There are two aspects to the probability score. Most important is the probability of the risk to materialize in the customer environment. The second is related to project risks that occur during the development process and affect the project, like not meeting deadlines.


Here are a few simple examples of useful indicators to use when assigning a probability score:

  • The complexity of the solution.

  • The experience of the development teams.

  • The customer’s environmental parameters.

  • Tight deadlines that add room for critical mistakes.

  • Ambiguity in technical requirements.

  • New technologies.

  • Dependencies on external providers.

Phase 3: Risk mitigation planning

On the basis of the analysis and prioritization done in the previous phase, the team starts to build the mitigation plan for each risk. The mitigation plan should resolve the risk completely, or at the very least reduce its impact.


Phase 4: Risk monitoring

Risk monitoring is used to ensure that the mitigation plan meets its purpose and handles the risk as it is supposed to.


Risk-based testing in Agile development

Delivering high-quality software is hard due to the frequent releases and the risks involved. This is where testing becomes imperative. Yet testing is not always the team’s main goal, especially when they fail to see its value or when it slows them down.


Because the Agile manifesto and most of the Agile frameworks (except Extreme Programming) don’t specify the place of testing and its importance, people think that it can be neglected. This goes against the true Agile mindset and the values it represents.


To close the gap and to make testing more valuable, risk-based testing (along with exploratory testing) is probably the most efficient testing approach for Agile projects and teams, as it allows them to increase the quality of the product without the overhead of regular testing activities.


There are many reasons why risk-based testing is so efficient in the Agile environment. The main reason is that it allows the team to focus on things that really matter, and which once tested will have the biggest contribution to the quality of the release.


The benefits of RBT in the Agile environment

These are some other benefits of risk-based testing to Agile teams:

  • Cost efficient – Risk-based testing is an extremely effective way to optimize team resources.

  • Increases collaboration – Risk-based testing involves different stakeholders working together to understand the risks and how important it is to mitigate them.

  • Increases quality awareness – Risk-based testing allows both the engineering and business teams to understand the project risks, their impact on the customer and what should be done to handle them.

  • Balances speed with quality – Risk-based testing provides an effective framework for setting priorities when conducting tests in the pressure of tight time frames.

  • It actually works Risk-based testing provides a proven technique that actually works in the Agile environment. It’s not just another theoretical exercise.

  • You know when you’re done – Risk-based testing allows Agile teams to understand when they can stop their tests, as they are based on deep analysis and prioritization and have a specific set of tests aimed at removing risks.