Telerik Software Academy Software Quality Assurance

 Daniel Djambov QA DevCloud Testing & Test Studio Quality Assurance Team 2

 Risk and Testing – Main Concepts  Product Risks  Project Risks  Risk-Based Testing  Risk Management  Risk Identification  Risk Analysis (Assessment)  Risk Control 3

Main Concepts

 Risk  The possibility of a negative or undesirable outcome or event  Any problem that may occur would decrease perceptions of product quality or project success 5

 Two main types of risk are concerned  Product (quality) risks  The primary effect of a potential problem is on the product quality  Project (planning) risks  The primary effect is on the project success  Factors relating to the way the work is carried out 6

 Not all risks are equal in importance  Factors for classifying the level of risk:  Likelihood of the problem occurring  Arises from technical considerations  E.g. programming languages used, bandwidth of connections, etc.  Impact of the problem in case it occurs  Arises from business considerations  E.g. financial loss, number of users affected, etc. 7

RISK Impact(damage) Likelihood (Probability of failure) Use frequency Lack of quality 8

 What is a product risk?  The possibility that the system or software might fail to satisfy some reasonable customer, user, or stakeholder expectation  Also referred to as "quality" risk 10

 What does "unsatisfactory software" mean?  Omitted key functionality  Unreliable and frequently fail to behave normally  Might cause financial or other damage to users  Poor software characteristics  Low security, usability, maintainability or performance  Poor data integrity and quality 11

 Organizational factors:  Skill, training and staff shortages  Complexity of the project team / organization  Inadequate expectations or improper attitude toward testing  E.g., not appreciating the value of testing 13

 Technical issues:  Ambiguous, conflicting or non-prioritized requirements  Excessively large number of requirements  High system complexity  Quality problems with the design, the code or the tests  Insufficient or unrealistic test environments 14

 Supplier issues:  Failure of a third party  Contractual issues 15

Risk-Based Testing

 What is Risk-based testing?  An approach to testing that aims to:  Reduce the level of product risks  Inform stakeholders on their status  Starts in the initial stages of a project  Involves the identification of product risks and their use in guiding the test process 17

 Risk management includes three primary activities:  Risk identification  Risk analysis  Assessing the level of risk  Risk control  Mitigation  Contingency  Transference  Acceptance 19

 Product and quality risks can be identified  Expert interviews  Project retrospectives  Risk workshops and brainstorming  Checklists  Calling on past experience 21

 Include representatives of all (possible) stakeholders in risk identification  The broadest range of stakeholders will yield the most complete, accurate, and precise risk identification 22

 Risk identification techniques can look in two directions:  "Downstream"  Identify potential effects of the risk item if it becomes an actual negative outcome  "Upstream"  Identify the source of the risk 23

 Risk analysis (assessment) involves the study of the identified risks  Categorize each risk item appropriately  Important for complex projects  Assign each risk item an appropriate level of risk  Involves likelihood and impact as key factors 25

 Complexity of technology and teams  Personnel and training issues  Supplier and vendor contractual problems  Geographical distribution of the development organization  E.g., out-sourcing 26

 Legacy (established) versus new designs and technologies  The quality (or lack of quality) in the tools and technology used  Bad managerial or technical leadership  Time, resource, and management pressure  Especially when financial penalties apply 27

 Lack of earlier testing and quality assurance tasks in the lifecycle  High rates of requirements, design, and code changes in the project  High defect rates  Complex interfacing and integration issues 28

 Potential damage to image  Loss of customers and business  Potential financial, ecological, or social losses or liability 29

 Civil or criminal legal sanctions  Loss of licenses, permits, etc.  The lack of reasonable workarounds  The visibility of failure and the associated negative publicity 30

 Quantitatively  Using numerical ratings for both:  Likelihood (usually percentage)  Impact (often a monetary quantity)  Both can be calculated to a common risk index  Qualitatively  E.g., very high, high, medium, low, very low 31

 Risk control has four main options:  Mitigation  Taking preventive measures to reduce the likelihood and/or the impact of a risk  Contingency  Where we have a plan or perhaps multiple plans to reduce the impact if a risk should it occur 33

 Risk control has four main options:  Transference  Getting another party to accept the consequences of a risk should it occur  Accepting (ignoring) the risk  A final option 34

 Various techniques can be used for risk control:  Choosing an appropriate test design technique  Reviews and inspection  Reviews of test design 35

 Various techniques can be used for risk control:  Setting appropriate levels of independence  For the various levels of testing  Using the most experienced person on test tasks  Using strategies for confirmation testing (retesting) and regression testing 36

Questions?

 C# Telerik Academy  csharpfundamentals.telerik.com csharpfundamentals.telerik.com  Telerik Software Academy  academy.telerik.com academy.telerik.com  Telerik Facebook  facebook.com/TelerikAcademy facebook.com/TelerikAcademy  Telerik Software Academy Forums  forums.academy.telerik.com forums.academy.telerik.com