Testing based on risk

An important element of structured testing is to focus the testing effort on the most important products (applications and/or processes) to be tested. It is impossible to test everything equally thoroughly because in practice resources and time for testing are limited. A product risk analysis is used to determine which products carry the greatest risks. These products are tested the most extensively. Risk based testing is fully supported by Testersuite.

In Testersuite , test products are recorded in a Test cycle as to their damage and error rate:

Damage
Damages are determined by assessing the consequences of a product not functioning or not functioning properly. This is determined by people with in-depth knowledge of the business process. Some examples of damages:

  • Stagnation of core business processes (problems with delivery of goods, physically dangerous situations, etc)
  • Major financial impact (sending incorrect invoices, fines, high recovery costs, etc)
  • Image damage (negative publicity)

Error probability
The probability of error is determined by assessing how likely it is that a product will fail or malfunction. This is usually determined by people with extensive technical knowledge of the system. Examples of factors that can affect the probability of error:

  • Degree of technical complexity
  • Frequency of use
  • Amount of customization and/or interfaces

The combination of damage and error probability results in a risk classification for the product. Below is an example of a matrix used to determine the risk class.

Within Testersuite , the principle of risk-based testing is fully supported. With the products, it is possible to enter damage and error probability. Based on this matrix it is then automatically determined within which risk class a product falls.

Icon Explanation The risk matrix is configurable and may be different within your organization than the matrix shown here. You can request information about this from your organization's Testersuite administrator.

A different test approach can be followed for each risk class, with risk class 'high' obviously being tested with the greatest depth. In addition to test depth and time commitment, the risk class can also be used to:

  • Determine the order for delivering the application components that need to be tested;
  • Establish the schedule for designing and conducting tests;
  • Determine the priority for resolving defects.