[Mindmap] Risk-based Testing Overview by MeU Solutions

What is Risk-based testing

Risk-based testing (RBT) is a type of software testing that functions as an organizational principle used to prioritize the tests of features and functions in software, based on the risk of failure, the function of their importance and likelihood or impact of failure. In theory, there are an infinite number of possible tests. Risk-based testing uses risk (re-)assessments to steer all phases of the test process, i.e., test planning, test design, test implementation, test execution and test evaluation. This includes for instance, ranking of tests, and subtests, for functionality; test techniques such as boundary-value analysis, all-pairs testing and state transition tables aim to find the areas most likely to be defective. By Wikipedia

Why do we need Risk-Based Testing?

In order to achieve the goal of testing only that matters and achieving a faster time-to-market, we need to rethink testing scope. You might have some questions about doing so, which could include:

  • Do we need to test everything?
  • How do we reduce the testing effort?
  • When do we stop testing?
  • What is the best way to have a shorter test-phase cycle duration?
  • How do we be successful with more test cycles?
  • How do we get buy-in from management when we do not test certain test cases?
  • What metrics do we produce?


What is the answer to these questions? The answer to all of the above can be found in using a risk-based testing framework.

Example: Assuming that for any software application with a significant size, the number of combinations of test cases, in theory, could be executed can be huge but infinite, we must have a mechanism like the Risk-Based Testing to evaluate and prioritize our testing. The important thing is that risk is an issue that could happen, that has not happened yet and there is a chance that something bad happens, which may have an impact on our business. Therefore it is necessary to identify risks, potential impacts and define test cases that mitigate.

Types of risks

There are 4 main types of risk analyses:

  • Project risks: What could go wrong in a project? Schedules, availability of people, technical problems…
  • Product risks: What in the product could cause problems to the user?
  • Process risks: underestimating complexity, skill level, etc that risk can be handled by good planning, monitoring etc
  • Business risks: These risks are threatening the entire organization from the business view

Risk-based Testing Management

Risk management comprises the core activities risk identification, risk analysis, risk treatment, and risk monitoring.

Step 1: In the risk identification phase, risk items are identified.

Step 2: In the risk analysis phase, the likelihood and impact of risk items and, hence, the risk exposure is estimated. Based on the risk exposure values, the risk items may be prioritized and assigned to risk levels defining a risk classification. Exposure = Probability x Impact (or Cost).

Step 3: In the risk treatment phase, the actions for obtaining a satisfactory situation are determined and implemented.

Step 4: In the risk monitoring phase, the risks are tracked over time and their status is reported.

In addition, the effect of the implemented actions is determined. The activities risk identification and risk analysis are often collectively referred to as risk assessment, while the activities risk treatment and risk monitoring are referred to as risk control.

The detail of the steps are documented in mindmap as below:

Risk-based testing Benefits

For Management:

  • To see progress in terms of risks addressed and benefits that are available for delivery
  • To manage the risks that block acceptance
  • To make the release decision.

For Testers

  • Approval to test against risks in scope
  • Clearer test objectives upon which to design tests

In summary

Organizations should consider using a Risk-based testing when working on their projects. A procedural teaching of this methodology to IT management will help them understand its benefit. It may take little effort to implement, but it’s worth the effort because of the great results you will see. Hope that you have been more or less clear how you could implement the Risk-Based Testing in your organization.

Recommended articles:

Post a Comment