How to perform risk-based testing: The whole process

This section includes, Risk-based testing procedures

1. Identify risks
2. Risk analysis
3. Coping with risks
4. Check the range
5. Define the test procedure

1. In this process, risks are identified and classified, a draft of risks is prepared, risk classifications are made to identify risks.
2. The risk response involves the development of test objectives from the risks and the selection of appropriate techniques to demonstrate test / test techniques in order to meet the test objectives.
3. Depending on the documentation, requirements, costs, time required to test the software, etc. are considered to calculate the test efficiency.
4. Test scoping is a review operation that requires the involvement of all stakeholders and technical staff. It is important to follow the agreed scope of risks. These risks need to be addressed by testing, all members agree with the responsibilities assigned to them and the budget allocated for these activities.
5. After the test scope has been completed, the assumptions, dependencies for each test phase must be compiled in the standard format.

Consider the functional requirements F1, F2, F3 and non-functional requirements N1 & N2.

F1 – Functional Requirement, Risk R1 is related to F1

• Test objectives 1- Demonstrating by testing the features and functions expected of the system to work well and the risk of R1 can be solved by functional testing.
• Test – Browser Page testing is completed to perform important user tasks and verify that R1 (Risk related to F1) can be handled in a variety of scenarios (scenarios).

F2 – Functional Requirement, R2-Risks related to F2

• Test Objectives 2- Demonstrating by testing the features and functions expected of the system working well and the R2 risk can be solved by functional testing.
• Test – Browser Page testing is completed to perform important user tasks and verify that R2 can be handled in a variety of scenarios.

F3 – Functional Requirement, R3 – Risks related to F3

• Test Objections 3- Demonstrating by testing the features and functions expected of the system working well and the R2 risk can be solved by functional testing.
• Test – Browser Page testing is completed to execute important tasks of a user and verify that R3 can be handled in a variety of scenario.

N1- Non-Functional Requirement, NR1 -Risk related to N1

• Test Objective N1 – Demonstrated by testing the operating characteristics of a working system and the risk NR1 can be addressed by Non-functional testing.
• Test – Usability testing is a technique used to evaluate the ease of use of the user interface and verify that NR1 can be processed using Usability testing.

N2- Non-Functional Requirement, NR2 -Risk related to N2

• Test objectives N.2- Demonstrated by testing the operating characteristics of the system working well and the risk NR2 can be solved by Non-functional testing.
• Test – Security testing is a technique used to check whether an application is secure or vulnerable, whether there is any information leak and verifies that NR2 can processed by security testing.

Specific test objectives : The risks and test objectives are specifically listed for each type of test.

The process of designing risk-based testing procedures

• Prepare the risk register file. This file records the risks stemming from the general risk list, existing test list, brainstorming session.
• Including risks related to functional and non-functional requirements of the system (Availability, security, performance).
• Each risk is assigned a unique identifier.

Assess the probability (1 Low -5 High) and the consequences (1 Low -5 High) of each risk.

• Test exposure calculated
• The tester analyzes each risk and assesses whether the risk is testable or not
• Test objectives are defined for testable risks
• The test specifies the test activity to be performed in a planned manner to meet the test objective. * The test specifies the test activity to be performed in a planned manner to meet the test objective , sytem test, integration test, acceptance test, html validation, localization test, etc.)
• These tests can be classified into stages (Component Testing / Unit testing, Integration Testing, System Testing, Acceptance Testing).
• Sometimes, the risk can be solved by one or more test phases
• Identify dependencies and assumptions (Available skills, tools, test environment, resources)
• Test efficiency is calculated. Test efficiency is related to the reliability of the tester that the risk will be solved through testing. The effectiveness of the test is a number from one to five. (5 – High reliability, 1 – Low reliability)
• Estimate the effort, time required, and cost to prepare and perform these test activities.

• Test priority number is calculated. It is a product of probability, consequences and test effectiveness scores.
• 125 – The maximum level at which a very serious risk can be detected during the test.
• 1 – The minimum level at which a risk will not be detected during testing.
• Based on the test priority number, the importance of the test can be classified as High (Red), Medium (Yellow) & Low (Green). The highest risks are tested first.
• Allocate the test activities to the test phases. Assign a team to perform tests for each goal in different testing stages (Unit testing, Integration Testing, System Testing, Acceptance Testing).
• What is inside and outside the test range is decided during the scoping test.
• For each test objective, the component tested, responsibility, environment, input criteria, exit criteria, tools, techniques, and products are identified.

General test objectives – These common goals can be applied to many projects and applications

• The component meets requirements and is ready for use in larger subsystems.
• The risks associated with specific types of tests are addressed and the test objectives are met.
• The integrated components are assembled correctly. Ensure compatibility between components.
• The system meets specified and non-functional requirements.
• Product components meet the needs of end users in their intended operating environment.
• Risk management strategies are used to identify, analyze and mitigate risks.
• The system meets the regulatory requirements of the industry.
• The system meets contractual obligations.
• Institutionalization and the achievement of other specific goals are set such as costs, schedules and quality objectives.
• Systems, processes and people that meet business requirements.

General test objectives can be defined for different testing stages

• Component Testing
• Integration Testing (Regression testing)
• System Testing
• Acceptance Testing

Consider the system test phase

1. G4 & G5 prove the system meets functional requirements (F1, F2, F3) and non-functional (N1, N2).
2. Demonstrated by the test of the features and expected functions of the system working well and the risks related to F1, F2, F3 can be solved by Functional testing.
3. Demonstrated by testing the operating characteristics of the system works well and the risks associated with N1, N2 can be solved by Non-Functional testing.
4. Based on the test priority number and the importance of testing can be classified as High (Red), Medium (Yellow) & Low (Green).

Refer to the link: https://www.guru99.com/risk-based-testing.html