Introducing Risk Based Testing to Organizations

Similar documents
Risk-Based Testing: Analysis and Strategy. Presented at Quality Assurance Institute QUEST Conference Chicago, Ill., 2009

Risk Based Testing. -Why we need RBT? -Types of risks -Managing risks -Methods of evaluation & risk analysis -Costs and benefits

Advantages and Disadvantages of. Independent Tests. Advantages. Disadvantages

INF 3121 Software Testing - Lecture 05. Test Management

T Software Testing and Quality Assurance Test Planning

Continuous Improvement Toolkit. Risk Analysis. Continuous Improvement Toolkit.

Exploratory Test Design

Strategy Analysis. Chapter Study Group Learning Materials

Risk and Opportunity Management - Overview

ISO 9001:2015 and Risk Based Thinking

arxiv: v1 [cs.se] 4 Apr 2017

Chapter 5 Part Test progress monitoring and control. 4. Configuration management. 5. Risk and testing. 6. Incident management

Software Quality. Unit 6: System Quality Requirements

Chapter 6-1: Failure Modes Effect Analysis (FMCEA)

Domain Understanding and Requirements Elicitation (2)

Business Analysis Essentials

It s time to be more Optimistic about Negative Testing 12 th Annual International Software Testing Conference Saroj Patnaik 20-October-2012

PROJECT MANAGEMENT. Quality Management (QM) Course 7 Project Management Knowledge Areas (5) Risk Management (RM)

Risk Based Testing Pragmatic Risk Analysis and Management

Testing. Testing. Risk-Based. How to conduct heuristic risk analysis. by James Bach. This is risk-based testing:

Consulting Highlights & Studies

Testing 2. Testing: Agenda. for Systems Validation. Testing for Systems Validation CONCEPT HEIDELBERG

REQUIREMENT DRIVEN TESTING. Test Strategy for. Project name. Prepared by <author name> [Pick the date]

Rational User Conference 2002

Contractual Aspects of Testing Some Basic Guidelines CONTENTS

CONTEMPORARY APPROACHES TO PROJECT RISK MANAGEMENT: ASSESSMENT & RECOMMENDATIONS

BCS THE CHARTERED INSTITUTE FOR IT. BCS HIGHER EDUCATION QUALIFICATIONS BCS Level 6 Professional Graduate Diploma in IT SOFTWARE ENGINEERING 2

Passit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2

CLIMATE RESILIENCE FOR ALBERTA MUNICIPALITIES. Edmonton: March 11 th, 2014 Calgary: March 14 th, 2014

Solution Evaluation. Chapter Study Group Learning Materials

KEEPING IT BETWEEN THE DITCHES: A DASHBOARD TO GUIDE YOUR TESTING

BASICS OF SOFTWARE TESTING AND QUALITY ASSURANCE. Yvonne Enselman, CTAL

Test Management Test Planning - Test Plan is a document that is the point of reference based on which testing is carried out within the QA team.

2017 Improve IT Services BV 1

WORKING WITH TEST DOCUMENTATION

Project Planning & Management. Lecture 11 Project Risk Management

MCGILL UNIVERSITY Montreal, Quebec September 20 21, A DMAIC Framework for Improving Software Quality in Organizations: Case Study at RK Company

Project Management. Kristian Sandahl

FMEA Failure Mode Effects Analysis. ASQ/APICS Joint Meeting May 10, 2017

Testing. And Software Product Management. Autumn 2017 CSM14104 Software Product Management 1

Agile Development Processes. CSCE Lecture 3-08/31/2017

REQUIREMENTS DOCUMENTATION

Project vs Operation. Project Constraints. Pankaj Sharma, Pankaj Sharma,

Chapter 3 Influence of Lean Startup

AGENCY FOR STATE TECHNOLOGY

F-PM001 Risk Management Professional Certification

What Every Manager Needs to Know About Project Management in 2018

The things you want to know about metrics but you don t know what to ask!

A Systems Approach to Risk Management Through Leading Indicators

It is not just programming. Cartoon source:

Breaking Out of the Security Metrics Matrix: Steps in the Right Direction

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Applying PSM to Enterprise Measurement

Introduction Outline

Managing Risk in Agile Development: It Isn t Magic

ISTQB CTFL BH QuestionsAnswers with Explanation

LIFE CYCLE FACILITY ASSET MANAGEMENT. Presented by Pedro Dominguez Managing Principal, The Invenio Group

A Freshwater Partners White Paper

Planning for Election Observation A Field Guide for Election Monitoring Groups

Software Quality Engineering Courses Offered by The Westfall Team

Scrum Testing: A Beginner s Guide

issue 5 The Magazine for Agile Developers and Agile Testers January free digital version made in Germany ISSN

Clarifying Risk Based Thinking (RBT) In ISO 9001:2015

City of Melville Risk Management Toolkit

Test Management is Risk management. Risk Based Testing

Hazard Analysis Technique Selection

Identify Risks. 3. Emergent Identification: There should be provision to identify risks at any time during the project.

Software Quality Engineering Courses Offered by The Westfall Team

Unit 381 IT Project Management Level 3. Credit value 10. Rationale

ISTQB Certified Tester. Foundation Level. Sample Exam 1

Keywords - Software Testing, Risk-based Testing, Metrics, Control and Measurement

Getting Started with Risk in ISO 9001:2015

A Consumer s Guide to Software Testing. Greg McNelly Progressive Insurance June 2010

NCOVER. ROI Analysis for. Using NCover. NCover P.O. Box 9298 Greenville, SC T F

Software Project & Risk Management Courses Offered by The Westfall Team

2009 Software Business Analyst: Seven Best Practices

Key Takeaways: 1. How to make your Exploratory testing sessions more effective so that you achieve customer value

Quantifying the Value of Investments in Micro Focus Quality Center Solutions

ISTQB CTFL BH0-010 Exam Practice Question Paper

Foundations of Software Engineering. Lecture 16: Process: Linear to Iterative Michael Hilton

Requirements Analysis and Design Definition. Chapter Study Group Learning Materials

INF5181: Process Improvement and Agile Methods in Systems Development

How To Evolve a Context-Driven Test Plan

Project risk management

Risk Management Using Spiral Model for Information Technology

Test Management: Part II. Software Testing: INF3121 / INF4121

Fundamentals Test Process

Marketing Research to Support the Stage Gate New Product Development Process

Performance Skills Leader. Individual Feedback Report

Risk Based Thinking & QMS Risk Management as per ISO

Risk Assessment Consideration for your ISMS. Presented by: John Laffey, Technical Manager

Implementation & Testing Plan. CS 307: Software Engineering Pascal Meunier

A Quantitative Comparison of SCAMPI A, B, and C

GAHIMSS Chapter. CPHIMS Review Session. Systems Analysis. Stephanie Troncalli, Healthcare IT Strategist Himformatics July 22, 2016

Architecture Analysis

Enterprise Risk Management Demystified

Requirements: Into the Mind of the Author

Improving the Testing Process The Improving the Testing Process Framework

Design Planning. 1. Rationale 2. Iteration Planning 3. Risk Analysis 4. Quality Planning 5. Example. Iteration N

UNF Finance and Audit Committee January 15, 2013

Transcription:

Introducing Risk Based Testing to Organizations Abridged Version Dr. Rajesh Subramanyan Software Engineering Siemens Corporate Research Princeton NJ. Rajesh.subramanyan@siemens.com

Outline Topics Introduction Time (min) Selecting where to introduce RBT Putting RBT into practice Incorporating RBT to agile methodology Measuring the effectiveness of RBT Sample Pilot Project Results Philosophical discussion Testing Goals vs. a Risk approach Page 2

Outline Topics Introduction Time (min) Selecting where to introduce RBT Putting RBT into practice Incorporating RBT to agile methodology Measuring the effectiveness of RBT Sample Pilot Project Results Philosophical discussion Testing Goals vs. a Risk approach Page 3

What is a risk? A risk is the likelihood of damage from a defect. The mission i of software testing ti is to reduce the likelihood lih that t escaped defects in the SUT will cause physical damage or financial impact. Different kinds of escaped defects have different probabilities and impacts for different stakeholders. Risk investigation may reveal potential defects in both the product and the process. (Process defects allow product defects to escape.) Risks are characterized by their: Identity: Victim, defect, vulnerability, and threat. Magnitude: Probability and cost. Page 4

Software Risks Risk Class Explanation & Example Project External dependencies d skill availability, constraints t Risk fixed priced contracts Process Risk Product Risk Internal: underestimating complexity, skill level, etc that can be handled by good planning, monitoring etc Fault proneness of technology. Product definition, product complexity, failure to meet requirements. Testers concern. Page 5

How many product risks are there? High level risks: 15-30 (most projects) Product risks: Could be 1000 s of failure modes Present examples of risks: 40-80 Risks of most concern & test types in scope for planning purpose (high level test planning/test strategy) While designing individual tests, investigate failure modes in more detail (e.g. exploratory testing) As testing proceeds, more unanticipated problems will come to light. As new risks emerge, PM can change direction & emphasis of testing Page 6

Anatomy of a well-identified risk Is hurt when Which manifests Which becomes the SUT when there is a dangerous when exhibits a there is a Victim Defect Vulnerability Threat Page 7

Risk Management (and its relation to RBT) Steps Risk Identification Risk Projection Developing a Risk Table Assessing Risk Impact Risk Refinement Risk Mitigation, Monitoring & Management (Avoidance, Monitoring, Management & Contingency) Exposure = Probability X Impact (or Cost) Page 8

Faster risk lowering is achieved by doing testing prioritization with risk in mind Figure 1: Random testing will lower risk Figure 2: Using test strategy to reduce risk Figure 3: Optimal QA strategy: minimum testing effort invested to maximize risk reduction. Page 9

RBT Method RBT is based on well-established methods, that are adapted to testing Generic risk management techniques Risk identification Risk analysis Failure Mode and Effects Analysis (FMEA) Risk response with focus on testing Test planning and testing techniques Test scope Test planning and allocation RBT builds the foundation for an efficient test strategy Test strategy and test management Test focus on most critical aspects Effective allocation of limited test resources Page 10

History of RBT James Bach (1995), "father" of RBT Original i idea: The Challenge of Good Enough Software, 10/1995 Heuristic approach with 2 treatments for risk identification. Assessment and control of factors are not trivial needing SME. Amland (1999) Developed metrics set for risk analysis to support test activities. Defines cost and quality indicators for faults (a challenge) Chen (2002) Execution strategy for component level regression testing Select test cases not requirements Page 11

History of RBT Jorgensen (2004) Support tool prototype t for RBT risk analysis and test t plan creattion Besson (2007) Link test activity for risk reduction using the principle: 20% of the functionalities allows user to accomplish 80% of the tasks Others Paul Gerrard & Neil Thompson (Risk-based E-business Testing), Hans Schaefer Cem Kaner (co-author with James Bach). Page 12

Example: Two approaches to analysis inside out and outside in Heuristic analysis: Finding a solution that t doesn t always work. Performed through a checklist of open-ended questions, suggestions, or guidewords Inside Out Begin with details about the situation & identify risks associated with them For each part of the product, ask Vulnerabilities weakness/possible failures in this component Threats: inputs/situations can arise that may exploit a vulnerability and trigger a failure in this component Victims: who/what is impacted & how bad, from a failure What can go wrong here ask repeatedly Page 13

Example: Two approaches to analysis inside out and outside in Outside In Begin with a set of potential ti risks and match to the details of the situation ti Easier than inside out. Check predefined lists (3 from below) and match applicability Quality Criteria Categories CRUPIC STeMPL Capability, Reliability, etc. (Usability, Performance, Installability, Compatibility, Supportability, Testability, Maintainability, Portability, Localizability) Generic Risk Lists E.g. Complex, New, Changed, Upstream dependency, etc Risk Catalogs E.g. Wrong files installed, install process is too slow, etc Page 14

Outline Topics Introduction Time (min) Selecting where to introduce RBT Putting RBT into practice Incorporating RBT to agile methodology Measuring the effectiveness of RBT Sample Pilot Project Results Philosophical discussion Testing Goals vs. a Risk approach Page 15

Phases of RBT Risk identification Gathering possible risks RBT planning: Risk estimation/analysis Well-understood d catalog of risks and exposures Risk mitigation/response Mitigation measures Test scoping Scope tests and mitigation measures Test process update RBT execution Page 16

Overview of RBT methodology Risk identification: Hold risk workshops Interview stakeholders Review project artifacts Other collection means More info needed d RBT planning: Risk analysis Risk response Test scoping Test process update Iterate RBT execution: Update test designs Re-prioritize tests Mitigate risk factors Report risk status Page 17

Risk-Based Testing Steps Risk identification Risk analysis Collect and group potential product risks from different inputs Assign probability and consequence values calculate exposure Assign test effectiveness Risk response calculate test priority number Formulate test objective, assign test techniques Identify dependencies and prerequisites (skills, tools, environ.) Review & Decision Test planning & Test allocation Define test scope to be addressed agreement on scope and costs Test stage definition, test allocation, test responsible Adapted from: P.Gerrard, N.Thompson: Risk-Based E-Business Testing Page 18

Risk Workshops - Identification Pre-Workshop: Review candidate risks Workshop Summarize concerns regarding modes in which final system may fail Brainstorming session after people have thought over specific risks (candidate risks) Aim: Add to candidate risks; Remove risks not of concern; Identify risk in more detail Tools/Worksheets Checklists of common risks to trigger ideas Generic risks lists- areas of complexity, past error areas, changes to code Quality criteria: reliability, usability, performance etc Page 19

Risk Workshops Estimation (Analysis) Testing can help address uncertainty Testing may prove that the original concerns were justified because many faults were exposed Testing may show that the concerns were less founded if few faults were detected Assessing cost: Use scores Critical business objectives cant be accomplished 5 High business objectives are undermined 4 Moderate business objectives are affected 3 Low business will be affected slightly 2 Negligible No noticeable effect 1 Page 20

Risk Workshops Estimation Assessing probability: use scores & bug databases 80-100% Almost certain highly likely 5 60-80% Probably, likely, we believe 4 40-60% We doubt 3 20-40% Unlikely, probably not 2 1-20% Highly unlikely 1 Page 21

Test Priority Evaluation Frequency Frequent Excellent 0 16 32 48 64 (4) (4) Probable High 0 9 18 27 36 (3) (3) Remote Good 0 4 8 12 16 (2) (2) Theoretical Fair 0 1 2 3 4 (1) (1) None None 0 0 0 0 0 (0) (0) None Negligable Minor Major Critical (0) (1) (2) (3) (4) Test Effectiveness Severity Page 22

Test Priority Chart Categories of Test Priority it TPN Testing Recommended Top Priority High Priority Medium Priority Low Priority Exposure and test effectiveness strongly warrant mitigation by testing Exposure and test effectiveness definitely warrant mitigation by testing Exposure and test effectiveness may warrant mitigation by testing Low exposure or testing ti will not mitigate the risk (or both) 28 and above Strongly 18 through 27 Yes 12 through 17 If risk exposure high and no other mitigation strategy is possible 0 through 11 No Page 23

Risk Workshops Mitigation Response planning Pre-emptive: reduce probability of the risk materializing Information buying, process model, risk influencing, contractual transfer Reactive: reduce impact when risk occurs Contingency plans, Insurance Page 24

Risk Activity Monitoring & Management Risks assigned to owners for monitoring and repeated assessment Data summary from previous cycle shown at start of Risk Identification Workshop II & III Page 25

Summary: Stages in RBT Pilot Process Risk identification Workshop: Gather risk candidates Vetting: Investigate where needed; approve, eliminate, or clarify risk candidates Risk analysis Workshop: Workshop: Gather estimates of probability and consequence of each risk Vetting: Investigate where needed; resolve differences of opinion Risk mitigation Estimate test effectiveness and effort to implement mitigation by testing; identify test phase, objectives, and techniques Vetting: Resolve differences of opinion; finalize decision on mitigation; identify existing, modified, and additional test cases Page 26

Outline Topics Introduction Time (min) Selecting where to introduce RBT Putting RBT into practice Incorporating RBT to agile methodology Measuring the effectiveness of RBT Sample Pilot Project Results Philosophical discussion Testing Goals vs. a Risk approach Page 27

Sample Project Summary Page 28

Business Benefits of RBT RBT can provide qualitative and quantitative information about: What business priorities are being risked The total t magnitude of the risk How to anticipate and avoid problems in the product The business leadership s priorities for mitigation include schedule, budget, and customer acceptance (escaped defects.) Page 29

Outline Topics Introduction Time (min) Selecting where to introduce RBT Putting RBT into practice Incorporating RBT to agile methodology Measuring the effectiveness of RBT Benefits and challenges of RBT Philosophical discussion Testing Goals vs. a Risk approach Page 30

Warning & Benefits of a Risk based approach Risk with Risk Analysis Less than perfect decision making Lead to culture of blame Benefits Reduce customer defects Test Early Risks visible to PM so they know they are squeezing testing Page 31

When to stop testing? Decision to stop testing is made with the clear knowledge of outstanding risks of release RBT addresses How much testing is enough When (and why) should we stop testing When is the product good enough for release How good is our testing anyway Page 32

How much testing is enough? As the developer how many bugs he has put. Or project management which has decided anyway Testing is a sampling activity, the most important pinch of sand from the beach No upper limit So as human procrastinates to limit time to Page 33

When & Why should we (& stop) testing All tests planned have been run All incidents raised have been resolved All faults found here have been fixed and retested All regression tests run without failure Do you really meet such an acceptance criteria!! Page 34

Are these criteria useful.. So what? Perfection Strike a balance Can demonstrate coverage of risks Unexpected stops What are the risks of stopping testing now? What are the benefits of testing now By recording risks to be addressed for each test, we can identify those risks covered ed and those outstanding. Easier to count cost than number of tests remaining to make a positive release decision Page 35

To be released, good enough =?? Sufficient benefits No critical problems Benefits sufficiently outweigh non critical problems Present situation, all things considered, delaying its release to improve it further would cause more harm than good Testing fits by determining i Have sufficient benefits been delivered? Are ethere eeany ycritical tca pobe problems Is our testing adequate to support the decision Page 36

How good is your testing? Fault Detection Percentage = T/T+P Where T = fault found in testing, P = faults found in production For testers, FDP cant be calculated. How do you find P? Hence, coverage is an indirect measure of thoroughness Definition iti of Good Testing Alternate definition for good (or good enough) testing Provides sufficient evidence of benefits e deliverede ed Provides sufficient evidence of current risks of release Accomplishes these tasks at an acceptable cost and time frame Page 37

Questions? Boy, am I glad I mitigated this mountain! Page 38

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback