Project Risk Analysis & Solutions in Software Testing
What is Risk Analysis?
Risk is the probability of occurrence of an undesirable event.
Risk Analysis in Software Engineering is the process of analyzing the risks associated with your Testing Project.
For the success of your project, Risk should be identified and corresponding solutions should be determined before the start of the project. Risk Identification in Software Engineering helps you to identify probable risks in the early stages.
In this tutorial, we will discover the first step in Test Management process: Risk Analysis and Solution with the help of a case study.
In this topic, we will discover the first step in Test Management process: Risk Analysis in Software Testing and Solution with the help of a case study.
The application under test is http://demo.guru99.com/V4/
, you can refer the Software Requirement Specification here.
The Guru99 Bank will have two roles
- Manager
- Customer
Following features/modules will be available to these two different roles
Here is a little tour of the website
After reading the requirements documents, you may have realized that the website has too many functional and complex scenarios.
Here is the situation –
- The Guru99 banking website has already finished the development phase. Now it starts the Testing phase. Sadly, you were not involved early during the requirements phase
- Your boss needs you finish the testing in one month only with a limited budget, but expects great quality.
- A team member who is an experienced engineer, tells you
- In such case, what should you do?
A) It seems to be a big problem. We need to deal with ASAP!!!
B) I don’t care. We need to start working right now.
- The project is a mess and took all of your resources and time. The employee’s workload increased drastically & they feel stressed and overloaded
- – Your project is delayed so you could not release product on the decided deadline as you promised to your boss. As your team member said, the schedule of this project is too tight compare to the current resource allocation.
The above example illustrates the importance of Risk analysis in Test Management.
Risk management helps you in –
The risk, which was mentioned in above example, is just one of many potential risks that may occur in your project. You should identify them and make the decision to deal with them ASAP!!! So, the correct action in that example is action A.
Hence, Risk Analysis in Testing is important
How to Perform Risk ANALYSIS?
It’s a 3-Step process
- Identify the Risks
- Analyze Impact of each Identified Risk
- Take counter measures for the identified & Analyzed risk
Step 1) Identify Risk
Risk can be identified and classified into 2 types in software product
Project Risk
Project risk can be defined as an uncertain event or activity that can impact the project’s progress. The impact has a positive or negative effect on the prospects of achieving project objectives.
There are primarily 3 categories of Project Risks
Organizational Risk
It is a risk related to your human resource or your Testing team. For example, in your project, lack of technically skilled members is a risk. Not having enough manpower to complete the project on time is another risk.
To identify the Organizational Risk, you should make a list of few questions and answer them as self-exercise. Here are some recommended questions.
A) Yes
B) No
A) Yes
B) No
A) Yes
B) No
If you answer all the above questions, you will easily identify the potential risks, which may affect to your project.
Technical Risk
Technical Risk is the probability of loss incurred during the execution of a technical process such as untested engineering, wrong testing procedure…etc. Here is an example of technical risk
- Your task in this project is testing a banking website. You have to set up proper test environments which mirror real business environments. If the Test Environment is not setup properly, the product will be not be tested correctly and many defects will not be detected.
Business Risk
The risk involves an external entity. It is the risk which may come from your company, your customer but not from your project.
The following picture shows you an example of business risk.
In such case, the Test Manager has to find out the solutions to deal with the risk such as:
- Set priority for the testing phases, focus on testing the main features of website
- Utilize a testing tool to increase the productivity of testing
- Apply process improvement to reduce the management effort.
Product Risk
Product risk is the possibility that the system or software might fail to satisfy or fulfill the expectation of the customer, user, or stakeholder. This Risk in Test Plan is related to the functionality of the product such as Performance Issues, Security Issues, Crash Scenarios, etc.
Following are examples of a few product risks –
- The software skips some key function that the customers specified in the users’
requirement - The software is unreliable and frequently fails to work.
- Software fail in ways that cause financial or other damage to a user or the company that uses the software.
- The software has problems related to a particular quality characteristic such as security, reliability, usability, maintainability or performance.
Now back to your project, is there any product risk in the Guru 99 Bank website? To answer this question, you should follow the following steps
Once you are done with above 3 steps, take a small quiz below to identify product risks
A) Yes
B) No
C) I am not sure
A) Yes
B) No
A) Secure Fund transfer
B) User can register new account
C) No need more functions
Step 2) Analyze the impact of the risk occurring
In the previous topic, we already identified the risks which may hamper your project. Here is the list of risks identified:
- You may not have enough human resource to finish the project on the deadline
- The Testing environment may not be setup properly like real business environment.
- Your project budget may cut by half because of business situation
- This website may lack security functions
Next, you should analyze these risks.
Each risk should be classified on the basis of following two parameters
- The probability of occurrence
- The impact on the project
Using the matrix below, you can categorize the risk into four categories as High, Medium, and Low or values 3,2, 1
Probability |
|
---|---|
High (3) |
Has very high probability to occur, may impact to the whole project |
Medium (2) |
50% chance to occur |
Low (1) |
Low probability of occurrence |
Impact |
|
---|---|
High (3) |
Cannot continue with project activity if it is not solved immediately |
Medium (2) |
Cannot continue the project activity if it is not solved |
Low (1) |
Need to solve it but it is possible to take alternative solution for a while |
Consider the following Risks
Risk |
Probability |
Impact |
Priority = Probability* Impact |
---|---|---|---|
Project deadline not met |
3 |
3 |
9 |
Electricity Failure |
1 |
2 |
2 |
Based on the above priority you can take the Risk Mitigation in Testing or counter measures mentioned in below table
Priority |
Risk Management Method |
|
---|---|---|
High |
6 -9 |
Take mitigation action immediately and monitor the risk every day until its status is closed. |
Middle |
3-5 |
Monitor the risk every week at internal progress meeting |
Low |
1-2 |
Accept the risk and monitor the risk on milestone basis. |
It’s now time for an exercise, we have 4 risks identified in the Guru99 Banking project. Classify them yourself
Risk | High | Medium | Low | Status |
|
|
|
|
Correct.
Incorrect.
|
|
|
|
|
Correct.
Incorrect
|
|
|
|
Correct.
Incorrect
|
|
|
|
|
|
Correct.
Incorrect.
|
Step 3) Take COUNTERMEASURES to mitigate the risk
This activity is divided into 3 parts
Risk response
The project manager needs to choose strategies that will reduce the risk to minimal. Project managers can choose between the following four risk response strategies
Back to the 4 risks identified earlier, we have to find the Risk and Mitigation in Testing or countermeasure to avoid or eliminate them.
B) The Testing environment may not be setup properly like real business environment
C) Your project budget may cut by half because of business situation
D) This website may lack security features
This risk cannot be avoided because of company’s situation; you cannot request more human resource for the project. In such case, you can reduce the impact of risks by choosing some options below
- Select the talented and experienced member to join the Project Team
- Create the training course to skill up the member, help them to improve the productivity
B. The testing environment may not be setup properly like real business environment
This risk could be avoided if you do the following activities
- Ask the development team for their help to build up the test environment
- Prepare all the equipment or materials (Server, database, PC..) needed for setting up environment
C. Your project may cut by half because of business situation
This risk is a critical; it may prevent the whole project from proceeding. In that case, you should do
- Re-define the project scope, identify what will be tested and what will be ignored in such case
- Negotiate with customer about the term of project to fit for the project budget
- Improve the productivity of each project phase such as testing, making test specs,…If you can save time, you can save cost
D. This website may lack security features
This risk is considered as Medium priority, because it doesn’t affect to the whole project and could be avoided. You can request the development team to check and add these functions to the website.
Register Risk
All the risk must be recorded, documented and acknowledged by project managers, stakeholder and the project member. The risk register should be freely accessible to all the members of the project team.
There’re some useful to register risk such as Redmine, MITRE… etc.
Monitor and Control Risk
Risks can be monitored on a continuous basis to check if any changes are made. New risk can be identified through the constant monitoring and assessing mechanisms.
For better risk management, you can refer Risk Management template include in this article