Saturday, August 19, 2017

Risk Based Testing (RBT) | David Tzemach

תמונה קשורה

To make it simple, we can define RBT as an approach were the testing on a project is done based on risk calculation. RBT is used to priorities the tests needed to be done based on the risk of failures, the importance of the area/function and likelihood or impact of the failure on the system.

By using Risk-Based testing we will design the projects tests after a deep analyzing of the risks related to the application under test. This approach will help us to prioritized our tests and focus the testing effort on the most important areas of the application which will allow us to reduce the major risks first. 


When to implement Risk-Based Testing

Risk-Based Testing is a great testing methodology, but when organizations should use it?
  1. Agile projects that uses incremental releases and short iterations.
  2. Projects with high risk factors (Low domain knowledge, lack of experience Etc.).
  3. Any projects with low testing timeframe and resources.  

Types of software risks

Risk Type
Responsibility
Description
Project Risk
Management
Market, legal, Resources, Timelines, Project scope, Costs Etc.
Process Risk
Engineering (Planning and Development process)
Planning, Strategy, time estimations, Quality and Development Strategies Etc.
Product Risk
Engineering from a quality perspective
Low domain knowledge, low quality requirements, complexity, coding quality Etc.

Risk Management as the bassline for Risk-Based Testing

Risk-Based Testing is based on a list of risks, but what is the process that software teams are using to identify them? Well to answer that question we should follow the three high level phases performed during Risk-Based Testing:

Phase 1 - Risk identification

This is the first and probably the most crucial phase of the entire process, during the Risk identification process, we will define a list of Risk that may occur in case that a specific component/Function hadn’t been tested as it should be during the testing process.

To be able to uncover the major risks, the tester must have knowledge in all requirements of the project, Process and the software that under test. In addition, the Risk identification process will be more effective once the tester has the knowledge and expertise in the technology and the environmental elements that may affect the software once it’s deployed.

Phase 2 - Risk Analysis

In this stage we need to determine the level of risk for each item in the list we prepared on stage one, the level of risk is determined by the likelihood of the risk to occur and on the impact that he has on the project.

RISK = Damage * Probability  

Damage – What is the amount of damage that this risk can do to the system, Example:

Severity
Description
Score
Critical
The Risk will lead to a business objective that cannot be accomplished
3
Normal
The Risk will affect a business objective
2
Low
The Risk will have a minor effect on a business objective
1

Probability – What is the probability that this risk will actually occur once the system is used by a customer, Example:

Probability
Description
Score
>75%
There is almost certain chance that the error will occur
4
51-75%
There is a 50/50% that the risk will occur
3
26-50%
There is a low chance to the Risk to happened
2
1-25%
There is a slight/minor chance to the Risk to happened
1


Phase 3 -Mitigation Plan

Based on the analyzed information and the Numeric values that used in the formula, a test design can now be made to remove the identified risks based on their Risk factor that was determined in the Analysis phase.  

When do we start Risk-Based Testing?

Similar to any testing technique, Risk-Based testing must be started early in the Software Development Life Cycle (SDLC), the key to success in RBT, is to succeed identifying the risks early as possible to prepare an appropriate mitigation plan.

The Goals of Risk-Based Testing

The main and most important goal in Risk-Based Testing is to design and execute the testing effort with similar guidelines and Best practices used during risk management process, if we succeed to forecast the main risks of the project, we will be able to increase the pretenses of delivering a goof quality product.

The Advantages and Benefits of Risk-Based Testing
Once an organization decided to use Risk-Based Testing as the preferred testing technique for a project, he can enjoy some major the following benefits, such as:

  1. Risk-Based Testing provides a proven technique to make an efficient testing process because it allowing the test team to prioritize the testing effort against deadlines.
  2. Risk-Based Testing will allow the test teams to understand when they can stop their tests (the tests are stopped once all Risks are removed based on the preliminary analysis).
  3. Using Risk-Based Testing, the organization can make a better utilization of the testing resources invested in the testing process, which will lead to shorter release cycles, less testing resources and a major reduce in long regression cycles.
  4. Once the organization is using agile methodologies that reduce the release cycles (Two-Four weeks) and as a result the long traditional regression tests are becoming not relevant, to handle this gap we will use Risk-Based Testing as the new testing approach.
  5. Risk-Based Testing will allow the organization to achieve a better-quality due to the fact that testing is done based on Risks and not per specific functionality.
  6. Risk-Based Testing will reduce the need to run an endless test cases as testing team using during regression cycles and focus on the things that really matters.
  7. Risk-Based Testing will allow the testing team to achieve a better and smarter test coverage that is determined based on real analysis of the risks
  8. Risk-Based Testing, will allow the test teams to monitor and understand the status of each identified risks.

Disadvantages of Risk-Based Testing
Although Risk-Based Testing is a great method for project testing, it’s still have some disadvantages that we must recognize once we decide to use it:
  1. Risk-Based Testing should be made by experienced testers that understands the application and the environmental variables that can affect the software.
  2. The starting point of Risk-Based Testing is to understand and uncover the risks, which is always difficult to understand them at the beginning of the project. 

No comments:

Post a Comment

My Presentations