MITS5501

Software Quality, Change Management and Testing

Assignment 2

Research Report

Risk-Based Testing: Identifying, Assessing, Mitigating & Managing Risks Efficiently In

Software Testing

Omdev Dahiya, Kamna Solanki, and Amita Dhankhar

By

Student Name

Student ID

Table of Contents
1. Introduction..............................................................................................................................2

2. Intention and Main Contents of the Article..............................................................................2

3. Conclusion................................................................................................................................4

References........................................................................................................................................5
 1. Introduction
In recent days, every device developed with technology is requiring the software to operate it.
The software needs to be of high quality to ensure the safety of the environment and people. In
this aspect, software testing plays an important role in improving the quality of the software
under several conditions. Software testing is of two types including static testing and dynamic
testing. It also supports in verifying whether the user requirements met or not. Its major purpose
is to identify the faults of a software. While developing the software for a device, there are
chances to increased risks. This results in increasing importance for risk analysis in software
testing. Risk analysis supports finding the risks in software and giving priority to them to take
the required actions. The intention of the present report is to perform the critical review of the
article titled “Risk-Based Testing: Identifying, Assessing, Mitigating & Managing Risks
Efficiently In Software Testing[ CITATION Omd20 \l 1033 ]”.

2. Intention and Main Contents of the Article

To analyze the risk analysis process in software testing, the authors made good efforts into the
research to complete the literature review by covering different topics including test management
process, risk-based testing, the process of risk management, and risk-based testing steps.

Test management process: In test management, the development of the test cases and test plans
by the test leads and managers is essential. Test management is done in different steps including
determining and defining the software test requirements, creating the test plan, creating test
script and test cases, monitoring the construction of test, planning test implementation, and
creating the test execution records and tracking the efforts made into testing. These steps are
essential in satisfying the requirements of customers, users, and stakeholders. The test
management process also includes the risk analysis process to risk categorization and computing
the risk impact[ CITATION Zul13 \l 1033 ].

Risk-based testing: In software testing, risk-based testing is performed by utilizing the

information on the probability of a risk. Risk assessment is done based on various factors
including the criticality of business, software complexity, usage frequency, and areas prone to
defects. It involved a key activity like prioritization of modules, features, and functions. Risks
are of two types including negative risks and positive risks. Negative risks are defined as the
issues required to be reduced to ensure the success of a project. Positive risks are defined as the
opportunities that help a business in increasing its sustainability. Its support is required in various
activities including making changes to a business process, creating the new product, and making
investments to innovative projects. During the risk-based testing, it is possible to the detection of
the product risks. These risks are assessed with the stakeholders to increase the quality of the
product. Once the risk analysis is completed, the testing team moves to design the test,
implement the test, and execute the test activities in a sequenced manner to reduce the risks to
increase software quality.

Process of risk management: The authors clearly discussed the risk management process in
five steps clearly. Those include determining the risks, assessment of the risks, creating a
mitigation plan for risks, executing and observing the risks, and assessing and updating the risk
management plan.

Risk-based testing steps: The steps involved in the risk-based testing are identified as
Determining the risks, assessment of the risks, creating a mitigation plan for risks, and managing
the risks.

Determining the risks: To reduce the impact of the risks, first, it needs to understand the risks.
Risk determination involves discovering risks and taking suitable measures to manage the risks.
To complete these activities successfully, it needs to improve the efforts and support of the risk
management team. Risk identification facilities an opportunity to increase the concerns towards
risks and avoiding damage to business operations. It is a basic objective of the risk management
process in the cycle of project development. It is done prior to the planning phase and accepting
the project goals. Risk identification avoids the project team to experience the risks in
reality[ CITATION Shu16 \l 1033 ]. But, this step doesn’t focus on providing a solution for a risk. To
determine the risks, various methods are followed by the stakeholders including independent
reviews, interviews with experts, conducting the project meetings, the arrangement of the risk
workshops, stakeholder meetings, creation of checklist, and revising the past experience gained
from risk management. The risk determination step offers several benefits including determining
the issues affecting the product quality including problems in the specification of requirements. It
is better than risk-based testing in managing the risks.

Assessment of the risks: The process of risk assessment is done in different steps. Those steps
include finding the potential threats is accomplished by identifying the factors causing them to
avoid the damage, performing the risk assessment and risk analysis to determine the risks
presented with the identified threats in the first step, and finding the best practices and ways to
ensure proper elimination of the threats. If the team is failed to eliminate the threats, controlling
actions are taken to handle the risks. In this, risk assessment engages in keenly observing all
processes in the workplace and prioritizing them based on the potential harm. Then, the risks are
analyzed to estimate the risk probability for occurrence and risk severity on a process. Different
activities involved in risk assessment are identified as segregating risks into different categories,
estimating the impact of risks, calculating the probability of risk occurrence, and finding and
evaluating the properties of risks. The risks in software testing are needed to be classified based
on various parameters including the performance, reliability, and functionality. The
characteristics recommended by ISO 9126 and ISO 25000 are followed by several software
companies. The software companies are also adopting risk classification models.

Creating a mitigation plan for risks: the risk mitigation process engages in very activities
including building suitable actions and options to increase the opportunities to the elimination of
the potential harm of the risks on the project objectives and goals. Different activities are also
performed in this step including tracking the risks, observing the progress of risk management,
assessment of every activity of project for its efficiency, and determining the new risks raised.
The test plan developed in the second step is implemented to execute the tests, creating the new
test designs, and mitigation of the potential risks. If risks are at a higher level, then a different
technique called pairwise testing is designed. If risks are at the lower level, a technique like
exploratory testing is designed[ CITATION Ber07 \l 1033 ]. The level of risk is used to make a
decision about the priority and development of test cases. The decision impacted by the risk level
include the level of retesting required, need for regression testing, testing the individual abilities
of testers, a requirement of conducting a review on the project artifacts and test documents, and
kind of skills and experience expected from testers. Development is a key milestone for risk
mitigation by the testers. Testers will identify the number of errors in software and the
probability of the error in the software. Suitable risk mitigation strategies will be identified
immediately.

Risk management: Management of risks is the last step of risk-based testing. It focuses on
evaluating and measuring the strategies created for handling the risks. Then, the strategies are
executed by a software firm to control the impact of risks. Risk management strategies need to
be simple that require fewer resources or fewer risks for firms in undertaking the insurance
agencies to facilitate compensations to the end clients. The developed risk management plan will
be beneficial if the structure of the organization is good. To avoid the loss of information assets
or dangers to people, risk management activities are conducted. For controlling and right
handling of risks, it needs to consider various factors including the estimated impact of risk when
a loss has happened, the sources causing for a high probability of risk occurrence and loss, and
measures to avoid loss of assets in future, and prevention strategies developed for avoiding
loss[ CITATION Mic141 \l 1033 ].

The authors concluded that risk-based testing is an effective method in software engineering to
manage the risks. The risk-based approach focuses on various aspects to determine software
faults including priority and severity. This study recommended testers to perform the test in the
allocated time and the budget is efficient than performing extensive testing.

3. Conclusion
Software testing is an important area in software engineering. It is associated with a set of risks
that will impact the quality of software. In the present report, a critical review is performed on
the article to understand the risk management in software testing. It reviewed effectively test
management process, risk management process, risk-based testing, and steps in risk-based
testing. From the review, it is understood that risk-based testing has got a lot of importance in
managing the risks occurred while software testing. Risk-based testing has several benefits
including saving the customers from production problems and business problems and increased
effectiveness of software testing.
References
[1] O. Dahiya, K. Solanki and A. Dhankhar, "Risk-Based Testing: Identifying, Assessing,
Mitigating & Managing Risks Efficiently In Software Testing," International Journal of
Advanced Research in Engineering and Technology (IJARET), vol. 11, no. 3, pp. 192-203,
2020.
[2] Z. Mansor and E. Ndudi, "Issues, Challenges and Best Practices of Software Testing
Activity," Recent Advances on Computer Engineering ISBN: 978-1-61804-336-8 42, pp. 42-
47, 213.
[3] S. Kumar, A. Garg and A. Singh, "Software Testing Research: Emerging Trends in Tools
&Techniques, Challenges and Predictions," International Journal of Innovative Research in
Science, Engineering and Technology, vol. 5, no. 4, pp. 5091-5099, 2016.
[4] A. Bertolino, "Software Testing Research: Achievements, Challenges, Dreams," in Future of
Software Engineering (FOSE '07), USA, 2007.
[5] M. Felderer and I. Schieferdecker, "A taxonomy of risk-based testing," International Journal
on Software Tools for Technology Transfer, vol. 16, no. 5, pp. 559-568, 2014.