Risk and Mitigation

What Is Risk? 

Risk Analysis is very essential for software testing.  

In software testing, risk analysis is the process of identifying risks in applications and prioritizing them to test.  

Risk Analysis attempts to identify all the risks and then quantify the severity of the risks.  

Risk identification and management are the main concerns in every software project. Effective analysis of software risks will help to effective planning and assignments of work 

Some of the risks could be: 

1. New Hardware. 

2. New Technology. 

3. New Automation Tool. 

4. Sequence of code delivery. 

5. Availability of application test resources. 

6. Tight timelines 

7. Undefined project scope 

8. Insufficient resources 

9. Continuously changing requirements 

10. Natural disasters 

Risk can appear at any time. QA testers must consequently be able to handle risk in an efficient and timely manner. Tight development schedules not only demand quick attention to risk, but also require timely risk management that ensures effectively-executed solutions to unanticipated issues, preventing a dethroned or delayed project. 

In Software Testing some unavoidable risk might takes place like: 

• Change in requirements or incomplete requirements. 

• Time allocation for testing. 
• Developers delaying to deliver the build for testing. 
• Urgency from client for delivery. 
• Defect Leakage due to application size or complexity. 
• A high number of test builds, 
• Insufficient regression time 
• Unavailable prerequisites 
• Incomplete validation 

Categories Of Risks/Risk Identification/Risk Specify/Risk Identify 

#1) Schedule Risk: Project schedule get slip when project tasks and schedule release risks are not addressed properly.  

Schedule risks mainly affect a project and finally on company economy and may lead to project failure. 

Schedules often slip due to the following reasons: 

• Wrong time estimation 
•  Resources are not tracked properly. All resources like staff, systems, skills of individuals, etc. 
•  Failure to identify complex functionalities and time required to develop those functionalities. 
•  Unexpected project scope expansions. 

#2) Budget Risk:Required investment is inaccurately anticipated, including: 

•  Wrong budget estimation-Certain required items excluded from the estimation of costs 

•  Cost overruns-Unanticipated expenses, or inaccurate estimation, have cause unanticipated expenses 
•  Project scope expansion- The project scope is expanded 

#3) Operational Risks: Risks of loss due to improper process implementation failed system or some external events risks. Causes of Operational Risks: 

•  Failure to address priority conflicts 
•  Failure to resolve the responsibilities 
•  Insufficient resources 
•  No proper subject training 
•  No resource planning 
•  No communication in the team. 

#4) Technical Risks: Technical risks generally lead to failure of functionality and performance. 

Causes of Technical Risks are: 

•  Continuous changing requirements 
•  The product is complex to implement. 
•  Difficult project modules integration. 

#5) Programmatic Risks: These are the external risks beyond the operational limits.  

These are all uncertain risks are outside the control of the program. These external events can be: 

•   Running out of the fund. 
•   Market development 
•   Changing customer product strategy and priority 
•   Government rule changes. 

The Risk Management process occurs twice, during: 

1. Test Planning 

2. Test Case Design(end) or sometimes in the Test Execution phase 

Test execution is one of the most important phases of any project, the results from this phase determines the quality and enables decision for the management for go-nogo,” 

“The objective of risk management is to reduce different risks 

Risk Management Process 

The generic process for Risk Management involves 3 important stages: 

1. Risk Identification 

2. Risk Impact Analysis 

3. Risk Mitigation 

Mitigate risk through planning/Risk management process diagram 

Risk identification 

As it is said, the first step to solving a problem is identifying it.  

This stage involves making a list of everything that might potentially come up and disrupt the normal flow of events. 

The main outcome of this step is a list of risks. 

This risk-based testing step is commonly led by the QA lead/Manager/representative. However, the lead alone will not be able to come up with the entire list- the entire QA team’s input makes a huge impact.  

We can say this is a collective activity led by the QA lead. 

Also, the risks that are identified during the Test planning phase are more ‘managerial’ in orientation- meaning, we are going to look at anything that might impact the QA project’s schedule, effort, budget, infrastructure changes, etc.  

The focus here is not the AUT, but the way the QA phase will go on. 

Risk Assessment/Risk Impact Analysis 

Risk Analysis in Software Testing: All the risks are quantified and prioritized in this step. Every risk’s probability (the chance of occurrence) and impact (amount of loss that it would cause when this risk materializes) are determined systematically. 

Impact Is defined by – High – medium-low, values are assigned to both the probability and impact of each risk.  

The risks with “high” probability and “High” impact are taken care of first and then the order follows. 

Risk impact analysis table: example 

Risk Mitigation Techniques: 

Process is to find solutions to plan how to handle each one of these risk.  

These plans/risk can differ from company to company, project to project and even person 

Here as per the Risk identification and Impact ,now we can minimize/control/mitigate the risk as shown below-