Project Risk Analysis & Solutions in Software Testing

What is Risk Analysis?

Risk is the probability of occurrence of an undesirable event.

Risk Analysis in Software Engineering is the process of analyzing the risks associated with your Testing Project.

For the success of your project, Risk should be identified and corresponding solutions should be determined before the start of the project. Risk Identification in Software Engineering helps you to identify probable risks in the early stages.

In this tutorial, we will discover the first step in Test Management process: Risk Analysis and Solution with the help of a case study.

In this topic, we will discover the first step in Test Management process: Risk Analysis in Software Testing and Solution with the help of a case study.

The application under test is, you can refer the Software Requirement Specification here.

The Guru99 Bank will have two roles

  • Manager
  • Customer

Following features/modules will be available to these two different roles

Risk Analysis

Here is a little tour of the website

Risk Analysis

After reading the requirements documents, you may have realized that the website has too many functional and complex scenarios.

Here is the situation –

  1. The Guru99 banking website has already finished the development phase. Now it starts the Testing phase. Sadly, you were not involved early during the requirements phase
  2. Your boss needs you finish the testing in one month only with a limited budget, but expects great quality.
  3. A team member who is an experienced engineer, tells you

Risk Analysis

  1. In such case, what should you do?

A) It seems to be a big problem. We need to deal with ASAP!!!

B) I don’t care. We need to start working right now.

If you choose the action B, here are the results after one month

  • The project is a mess and took all of your resources and time. The employee’s workload increased drastically & they feel stressed and overloaded
  • Risk Analysis

  • – Your project is delayed so you could not release product on the decided deadline as you promised to your boss. As your team member said, the schedule of this project is too tight compare to the current resource allocation.
  • Risk Analysis

If you choose the action A, here are the results after one month

Risk Analysis

The above example illustrates the importance of Risk analysis in Test Management.

Risk management helps you in –

Risk Analysis

The risk, which was mentioned in above example, is just one of many potential risks that may occur in your project. You should identify them and make the decision to deal with them ASAP!!! So, the correct action in that example is action A.

Hence, Risk Analysis in Testing is important

How to Perform Risk ANALYSIS?

It’s a 3-Step process

  1. Identify the Risks
  2. Analyze Impact of each Identified Risk
  3. Take counter measures for the identified & Analyzed risk

How to Perform Risk ANALYSIS

Step 1) Identify Risk

Risk can be identified and classified into 2 types in software product

Identify Risk

Project Risk

Project risk can be defined as an uncertain event or activity that can impact the project’s progress. The impact has a positive or negative effect on the prospects of achieving project objectives.

There are primarily 3 categories of Project Risks

Project Risk

Organizational Risk

It is a risk related to your human resource or your Testing team. For example, in your project, lack of technically skilled members is a risk. Not having enough manpower to complete the project on time is another risk.

Organizational Risk

To identify the Organizational Risk, you should make a list of few questions and answer them as self-exercise. Here are some recommended questions.

1. Is this a well-organized Team?

A) Yes

B) No

Your project doesn’t have any organization risk
Create stronger team and foster an environment of co-operation

2. Does each team member has the skill to do his/her job??

A) Yes

B) No

Your project doesn’t have any organization risk
Build the training course to skill up members

3. Compare to project size and schedule, do we have enough human resource to finish this project at the deadline?

A) Yes

B) No

Your project doesn’t have any organization risk
Ask the project board to get more human resource

If you answer all the above questions, you will easily identify the potential risks, which may affect to your project.

Technical Risk

Technical Risk is the probability of loss incurred during the execution of a technical process such as untested engineering, wrong testing procedure…etc. Here is an example of technical risk

  • Your task in this project is testing a banking website. You have to set up proper test environments which mirror real business environments. If the Test Environment is not setup properly, the product will be not be tested correctly and many defects will not be detected.

Business Risk

The risk involves an external entity. It is the risk which may come from your company, your customer but not from your project.

The following picture shows you an example of business risk.

Business Risk

In such case, the Test Manager has to find out the solutions to deal with the risk such as:

  • Set priority for the testing phases, focus on testing the main features of website
  • Utilize a testing tool to increase the productivity of testing
  • Apply process improvement to reduce the management effort.

Product Risk

Product risk is the possibility that the system or software might fail to satisfy or fulfill the expectation of the customer, user, or stakeholder. This Risk in Test Plan is related to the functionality of the product such as Performance Issues, Security Issues, Crash Scenarios, etc.

Following are examples of a few product risks –

  • The software skips some key function that the customers specified in the users’
  • The software is unreliable and frequently fails to work.
  • Software fail in ways that cause financial or other damage to a user or the company that uses the software.
  • The software has problems related to a particular quality characteristic such as security, reliability, usability, maintainability or performance.

Now back to your project, is there any product risk in the Guru 99 Bank website? To answer this question, you should follow the following steps

Product Risk

Once you are done with above 3 steps, take a small quiz below to identify product risks

1) Can the Guru99 bank website secure the customer account and his data?
A) Yes

B) No

C) I am not sure


2) Is the website usable for customer?
A) Yes

B) No


3) Which other functions, website should have?
A) Secure Fund transfer

B) User can register new account

C) No need more functions


Step 2) Analyze the impact of the risk occurring

In the previous topic, we already identified the risks which may hamper your project. Here is the list of risks identified:

  • You may not have enough human resource to finish the project on the deadline
  • The Testing environment may not be setup properly like real business environment.
  • Your project budget may cut by half because of business situation
  • This website may lack security functions

Next, you should analyze these risks.

Each risk should be classified on the basis of following two parameters

  • The probability of occurrence
  • The impact on the project

Using the matrix below, you can categorize the risk into four categories as High, Medium, and Low or values 3,2, 1


High (3)

Has very high probability to occur, may impact to the whole project

Medium (2)

50% chance to occur

Low (1)

Low probability of occurrence


High (3)

Cannot continue with project activity if it is not solved immediately

Medium (2)

Cannot continue the project activity if it is not solved

Low (1)

Need to solve it but it is possible to take alternative solution for a while

Consider the following Risks




Priority = Probability* Impact

Project deadline not met




Electricity Failure




Based on the above priority you can take the Risk Mitigation in Testing or counter measures mentioned in below table


Risk Management Method


6 -9

Take mitigation action immediately and monitor the risk every day until its status is closed.



Monitor the risk every week at internal progress meeting



Accept the risk and monitor the risk on milestone basis.

It’s now time for an exercise, we have 4 risks identified in the Guru99 Banking project. Classify them yourself

Risk High Medium Low Status
  1. You may not have enough human resource to finish the project at the deadline
  1. The testing environment may not be setup properly like real business environment
  1. Your project budget may cut by half because of business situation
  1. This website may lack security features

Step 3) Take COUNTERMEASURES to mitigate the risk

This activity is divided into 3 parts

 Take Countermeasures To Mitigate The Risk

Risk response

The project manager needs to choose strategies that will reduce the risk to minimal. Project managers can choose between the following four risk response strategies

Risk Response

Back to the 4 risks identified earlier, we have to find the Risk and Mitigation in Testing or countermeasure to avoid or eliminate them.

A) You may not have enough human resources to finish project at deadline

B) The Testing environment may not be setup properly like real business environment

C) Your project budget may cut by half because of business situation

D) This website may lack security features

A. You may not have enough human resource to finish the project at the dead line
This risk cannot be avoided because of company’s situation; you cannot request more human resource for the project. In such case, you can reduce the impact of risks by choosing some options below

  • Select the talented and experienced member to join the Project Team
  • Create the training course to skill up the member, help them to improve the productivity

B. The testing environment may not be setup properly like real business environment
This risk could be avoided if you do the following activities

  • Ask the development team for their help to build up the test environment
  • Prepare all the equipment or materials (Server, database, PC..) needed for setting up environment

C. Your project may cut by half because of business situation
This risk is a critical; it may prevent the whole project from proceeding. In that case, you should do

  • Re-define the project scope, identify what will be tested and what will be ignored in such case
  • Negotiate with customer about the term of project to fit for the project budget
  • Improve the productivity of each project phase such as testing, making test specs,…If you can save time, you can save cost

D. This website may lack security features
This risk is considered as Medium priority, because it doesn’t affect to the whole project and could be avoided. You can request the development team to check and add these functions to the website.

Register Risk

All the risk must be recorded, documented and acknowledged by project managers, stakeholder and the project member. The risk register should be freely accessible to all the members of the project team.

There’re some useful to register risk such as Redmine, MITRE… etc.

Monitor and Control Risk

Risks can be monitored on a continuous basis to check if any changes are made. New risk can be identified through the constant monitoring and assessing mechanisms.

For better risk management, you can refer Risk Management template include in this article