Information Technology Reference
In-Depth Information
6.1.1
Create a Scale and Assign a Score to Each Risk
You have with you all the requirements and the modules that will be tested in
this project. You also have done your homework and have a rough idea about the
risks in the project. Now you will be conducting a risk assessment review with the
development team for risks related to design and build. During the session a risk
assessment questionnaire is used to structure the process. Each question is asked of
the group and a consensus is reached as to the perceived level of risk. The questions
are closed-ended questions with the possible responses of
low
(one point),
medium
(2 points),
high
(3 points), and
not applicable
(0 points). You can use this kind of
scale, or you can devise your own scale for the job. The weighted scores can be used
to identify error-prone areas of the application and to compare the application with
other applications.
You will do this same exercise with your testing team to assess risks and their
impact on the project related to areas such as testing skills required and what skills
are available, automation tools to be used and their limitations, resources required
and what resources are available, and so on.
Once you have scores for each risk, assign these weights to the risks.
6.1.2
Count Number of Times the Risk Occurs in the Project
Apart from the weight any risk has—which signifies how much impact the risk
has—the impact of the risk on the project is also felt by the number of occurrences
of the risk in the project. Suppose a risk has a score of 3 (high) but occurs just one
time, whereas another risk has a score of 2 (medium) and occurs three times; then
the first risk has a total score of 3 and the second risk has a score of 6. Thus the
second risk has more impact on the project, and so the test team has to work more
on this risk to mitigate it.
6.1.3
Risk Analysis Case Study
A risk assessment session was arranged for a project. Risk assessment was used to
conduct a 1-hour assessment of the project's risk factors. The risk assessment ses-
sion was conducted with two people from the test team and four people from the
development team.
The raw data was placed in an Excel worksheet, and weighted scores were cal-
culated for each question in each of the test documents. The data was analyzed
using Pareto analysis to determine the number of questions to consider (i.e., the top
20% in terms of risk). The data was displayed on charts. The results revealed three
major areas of risk. The first was the lack of user documentation about the process
being automated. The second was the large number of interfaces to other systems.
The third was the use of new technology (Ajax components) used in some parts of
the system.
