May 10, 2017
No software release is perfect. That’s where testing comes in—to minimize risks and find bugs, hopefully before users discover them. Common sense tells us that no product can be completely risk-free, but that doesn’t stop many organizations from throwing time, money and resources at test after test in an attempt to bring their risk down to zero. What if there was a smarter way to test? There is—and it’s called risk-based testing.
What Is Risk-based testing?
Risk-based testing draws from the best practices of risk management to help companies find the most significant defects in their applications early and at the lowest cost. Testing teams accomplish this by focusing on the most critical risks—those that could potentially have the greatest negative impact on the organization, such as a loss of reputation or revenue. Prioritizing these risks helps determine what to test when and how much testing is sufficient.
How does it work?
The defining characteristic of risk-based testing is its utilization of risk analysis to develop and execute test cases. Risks are rated according to two factors: business risk (B), which considers the business need being served by the software, and the probability of failure (P), which is based on the complexity of the software, including the code and the time it takes to write it. Multiplying these two together equals the risk rating (R = B X P).
Once risks are identified and scored for each feature of the application, test cases are developed and mapped to each one. Then teams prioritize test cases based on risk scores and develop a test execution schedule. This strategy helps organizations uncover and address the biggest issues and bugs first and create the most efficient testing plan.
Risk-based testing helps keep testing closely aligned to the organization, because it depends heavily on collaboration with business and technical teams to understand the factors that contribute to business risk and probability of failure.
Though anticipating every risk, especially those that occur during and after testing is impossible, this method allows organizations develop a contingency plan for responding to the most likely risks and minimizing their impact. Testers can find the biggest bugs early enough to give development teams time to fix them. Though risk-based testing may not guarantee a completely defect-free software release, it can bring organizations much closer to achieving this goal.
To learn more about how risk-based testing works and its advantages, download our white paper.