Risk-Based Testing (RBT) | David Tzemach

Risk-based testing is a testing approach that uses risk to prioritize, design and execute test scenarios. Risk-based testing helps the team understand the risks of the application. What negative impact they may have is identified by the customer.

Risk-based testing is most suitable in the following scenarios:

• Agile projects that use incremental releases and short sprints.

• Projects with high-risk factors (low domain knowledge, lack of experience etc.).

• Any project with a tight testing timeframe and resources.

Risk-based testing process

The process of risk-based testing is like any other risk management process, with a few minor tweaks:

Phase 1: Risk identification

This is probably the most crucial phase of the entire process. The team collaborates to define the potential risks during the risk identification process. This can be based on interviews, team experience, dedicated workshops or retrospectives from previous projects.

Phase 2: Analyze the impact on the system

The next step is to analyze the potential impact of risks and determine their priority. A straightforward way to do it is by using a scoring system based on potential damage and probability to occur (risk = impact * probability of failure), for example:

Impact Score – Impact refers to the potential damage that the business will suffer if the intended behaviour of a given functionality is not delivered as the customer expects it to be.

Here are a few simple examples of leading questions to use when assigning an impact score:

• Will it lead to an unrecoverable data loss?

• How did this influence the customer and the business?

• What is the direct impact on a given functionality?

• Does any other business process depend on it?

• Will it cause any downtime of customer service?

Probability Score – There are two aspects to the probability score. Most important is the probability of the risk to materialize in the customer environment. The second relates to project risks during the development process and affect the project, like not meeting deadlines.

Here are a few simple examples of useful indicators to use when assigning a probability score:

• The complexity of the solution.

• The experience of the development teams.

• The customer’s environmental parameters.

• Tight deadlines add room for critical mistakes.

• Ambiguity in technical requirements.

• New technologies.

• Dependencies on external providers.

Phase 3: Risk mitigation planning

Based on the analysis and prioritization done in the previous phase, the team builds the mitigation plan for each risk. The mitigation plan should resolve the risk entirely, or at the very least, reduce its impact.

Phase 4: Risk monitoring

Risk monitoring is used to ensure that the mitigation plan meets its purpose and handles the risk as it is supposed to.

Risk-based testing in Agile development

Delivering high-quality software is challenging due to the frequent releases and the risks involved. This is where testing becomes imperative. Yet testing is not always the team’s main goal, especially when they fail to see its value or when it slows them down.

Because the Agile manifesto and most Agile frameworks (except Extreme Programming) don’t specify the place of testing and its importance, people think it can be neglected. This goes against the proper Agile mindset and the values it represents.

To close the gap and make testing more valuable, risk-based testing (along with exploratory testing) is probably the most efficient testing approach for Agile projects and teams. It allows them to increase the quality of the product without the overhead of regular testing activities.

There are many reasons why risk-based testing is so efficient in the Agile environment. The main reason is that it allows the team to focus on things that matter, and which once tested, will have the most significant contribution to the quality of the release.

The benefits of RBT in the Agile environment

These are some other benefits of risk-based testing to Agile teams:

• Cost-efficient – Risk-based testing is a highly effective way to optimize team resources.

• Increases collaboration – Risk-based testing involves different stakeholders working together to understand the risks and how important it is to mitigate them.

• Increases quality awareness – Risk-based testing allows both the engineering and business teams to understand the project risks, their impact on the customer, and how to handle them.

• Balances speed with quality – Risk-based testing provides a practical framework for setting priorities when conducting tests in the pressure of tight time frames.

• It works – Risk-based testing provides a proven technique that works in the Agile environment. It’s not just another theoretical exercise.

• You know when you’re done – Risk-based testing allows Agile teams to understand when they can stop their tests, as they are based on deep analysis and prioritization and have a specific set of tests aimed at removing risks.