What is risk based testing?

Risk based testing is a method of allocating limited test resources based on the assessed risk of failure of a feature or component of a software application.

How does risk based testing work?

The main input into risk based testing is the business requirements supplied by the customer of a software application or system. The business requirements outline all of the features which must be present and explain how they should work, how each process should function and what the software should do. Every aspect of the software should be defined in the requirements including each and every business process flow (e.g. placing an order, fulfilling an order, cancelling an order etc.) as well as text colours, error handling and so on.

Tests conditions are normally derived from the requirements and each condition will form the basis of an individual test or set of tests.

As time for testing is always limited in terms of human resources, time, available test environments and budget, it is not possible to test every aspect of a system. There are an infinite number of test which could be run and so its necessary to focus testing on the most important aspects of the system.

Most test managers are well-versed in prioritising tests and allocating their resources accordingly. However, there is a tendency to focus resources on executing large numbers of tests to maximise test coverage and inevitably there will always be gaps in the coverage of testing. Sometimes, there is a temptation to focus test resources on executing lots of “easy” tests in order to improve the perceived productivity of the test team at the expense of more complex tests which perhaps probe areas of the system which could be subject to problems once live.

Risk based testing is about carefully analysing each requirement and each test to ensure that the most important areas of the system and at the same time, those areas which are more likely to experience a failure receive the most attention from the test team.

When risk based testing is deployed, every requirement must be rated for:

Risk based testing has become popular in recent years as organisations seek to manage the trade-off between “testing everything” which would be very expensive and time consuming and in most cases impossible as there are an infinite number of tests which could be run, to inadequately testing an application and risk a major defect being seen by the end customer or consumers of a product.

Risk based testing enables the test manager to make an informed choice when allocating test resources on a project. It is better than simple prioritisation techniques because it looks at both the chance of something going wrong as well as what would happen if it did go wrong.

For example, a feature may have a high likelihood of failure. Using standard test prioritisation, this test set may be given priority because it is seen as a problematic area. However, it could be that this feature is invisible to the customer and perhaps is only rarely used. By looking at the impact of failure in addition to the likelihood of failure, it can be determined that this feature should not be prioritised and so test resources can concentrate on the most critical areas of the system.