In this article, we are discussing the risk and mitigation plan in the software testing life cycle (STLC).
Risk And Mitigation Plan
What Is Risk Analysis in Software Testing Life Cycle (STLC)?
Risk Analysis is very essential for software testing.
Risk analysis in software testing is the process of identifying risks in applications and prioritizing them to test.
Risk Analysis attempts to identify all the risks and then quantify the severity of the risks.
Risk identification and management are the main concerns in every software project. Effective analysis of software risks will help in effective planning and assignments of work.
Some of the risks could be:
- New Hardware.
- New Technology.
- New Automation Tool.
- A sequence of code delivery.
- Availability of application test resources.
- Tight timelines
- Undefined project scope
- Insufficient resources
- Continuously changing requirements
- Natural disasters
Risk can appear at any time. QA testers must consequently be able to handle risk in an efficient and timely manner. Tight development schedules not only demand quick attention to risk but also require timely risk management that ensures effectively-executed solutions to unanticipated issues, preventing a dethroned or delayed project.
In software testing some unavoidable risks might take place like:
- Change in requirements or incomplete requirements.
- Time allocation for testing.
- Developers delaying delivering the build for testing.
- Urgency from the client for delivery.
- Defect Leakage due to application size or complexity.
- A high number of test builds,
- Insufficient regression time
- Unavailable prerequisites
- Incomplete validation
Categories of Risks/Risk Identification/Risk Specify/Risk Identify
1) Schedule Risk: The project schedule gets slipped when project tasks and schedule release risks are not addressed properly.
Schedule risks mainly affect a project and finally on company’s economy and may lead to project failure.
Schedules often slip due to the following reasons:
- Wrong time estimation
- Resources are not tracked properly. All resources like staff, systems, skills of individuals, etc.
- Failure to identify complex functionalities and time required to develop those functionalities.
- Unexpected project scope expansions.
2) Budget Risk: Required investment is inaccurately anticipated, including:
- Wrong budget estimation-Certain required items excluded from the estimation of costs
- Cost overruns-Unanticipated expenses, or inaccurate estimation, have caused unanticipated expenses
- Project scope expansion- The project scope is expanded
3) Operational Risks: Risks of loss due to improper process implementation failed system or some external events risks. Causes of Operational Risks:
- Failure to address priority conflicts
- Failure to resolve the responsibilities
- Insufficient resources
- No proper subject training
- No resource planning
- No communication in the team.
4) Technical Risks: Technical risks generally lead to failure of functionality and performance.
The causes of Technical Risks are:
- Continuous changing requirements
- The product is complex to implement.
- Difficult project modules integration.
5) Programmatic Risks: These are the external risks beyond the operational limits.
These are all uncertain risks that are outside the control of the program. These external events can be:
- Running out of funds.
- Market development
- Changing customer product strategy and priority
- Government rule changes.
The Risk Management process occurs twice:
- Test Planning
- Test Case Design(end) or sometimes in the Test Execution phase
Test execution is one of the most important phases of any project, the results from this phase determine the quality and enable decisions for the management of go-nogo.
The objective of risk management is to reduce different risks.
Risk Management Process
The generic process for Risk Management involves 3 important stages:
- Risk Identification
- Risk Impact Analysis
- Risk and Mitigation
Mitigate risk through planning/Risk management process diagram
1. Risk Identification
As it is said, the first step to solving a problem is identifying it.
This stage involves making a list of everything that might potentially come up and disrupt the normal flow of events.
The main outcome of this step is a list of risks.
This risk-based testing step is commonly led by the QA lead/Manager/representative. However, the lead alone will not be able to come up with the entire list- the entire QA team’s input makes a huge impact.
We can say this is a collective activity led by the QA lead.
Also, the risks that are identified during the Test planning phase are more ‘managerial’ in orientation- meaning, we are going to look at anything that might impact the QA project’s schedule, effort, budget, infrastructure changes, etc.
The focus here is not the AUT, but the way the QA phase will go on.
2. Risk Assessment/Risk Impact Analysis
Risk Analysis in Software Testing: All the risks are quantified and prioritized in this step. Every risk’s probability (the chance of occurrence) and impact (the amount of loss that it would cause when this risk materializes) are determined systematically.
The impact is defined by High-medium-low, values assigned to both the probability and impact of each risk.
The risks with “high” probability and “High” impact are taken care of first and then the order follows.
Risk impact analysis table: Example
3. Risk and Mitigation Techniques:
The process is to find solutions to plan how to handle each one of these risks.
These plans/risks can differ from company to company, project to project, and even from person
Here as per the Risk identification and Impact, now we can minimize/control/mitigate the risk as shown below: