5.2 Risk Management Flashcards
What are the two main Risk Management activities?
- Risk Analysis (identifying and assessing risks)
- Risk Control (mitigating and monitoring risks)
How do we define risks and risk attributes?
A risk is a potential event, hazard, threat, or situation whose occurrence causes an adverse effect. Risks have two factors:
- Risk likelihood - probability of occurrence (greater than 0, less than 1)
- Risk impact (harm) - the consequences of this risk occurring
These two factors express the risk level. The higher the level, the more important the risk’s treatment.
What are common types of Project Risks?
Project risks are related to the management and control of the project. They include:
- organizational issues (delays in delivery, inaccurate estimates, cost-cutting)
- people issues (insufficient skills, conflicts, communication problems, staff shortages)
- technical issues (scope creep, poor tool support)
- supplier issues (3rd party delivery delay or failure, 3rd party business failure)
What impact can project risks have when they occur?
They may impact the project schedule, budget, or scope, ultimately affecting the project’s ability to achieve its objectives.
What are common types of Product Risks?
These risks are related to the quality of the final product. Risk examples include:
- missing or wrong functionality
- incorrect calculations
- runtime errors
- poor architecture
- inefficient algorithms
- inadequate response time
- poor user experience
- security vulnerabilities.
What negative consequences may result when product risks occur?
Various, including:
- user dissatisfaction
- loss of revenue, trust, or reputation
- damage to third parties
- high maintenance costs or time demands
- criminal penalties
- in extreme cases, physical damage, injury, or death
What is the goal of Product Risk Analysis and when should it begin?
The goal is to provide an awareness of product risk in order to focus the testing effort in a way that minimizes the residual level of product risk. Ideally it begins early in the SDLC.
Product Risk Analysis consists of Risk Identification and Risk Assessment. Define Risk Identification.
Risk Identification is about generating a comprehensive list of risks. Stakeholders can identify risks by using various techniques such as brainstorming, workshops, interviews, and cause-effect diagrams.
Product Risk Analysis consists of Risk Identification and Risk Assessment. Define Risk Assessment.
Risk assessment involves: categorization of identified risks, determining their risk likelihood, risk impact and level, prioritizing, and proposing ways to handle them.
Categorization helps in assigning mitigation actions, because usually risks falling into the same category can be mitigated using a similar approach.
Risk assessment can use a quantitative or qualitative approach, or a mix of them. In the quantitative approach the risk level is calculated as the multiplication of risk likelihood and risk impact. In the qualitative approach the risk level can be determined using a risk matrix.
Product risk analysis may influence the thoroughness and scope of testing. What are its results used for?
- determine the scope of testing
- determine particular test levels and propose test types
- determine test techniques and desired coverage
- estimate test effort for each task
- prioritize testing to find critical defects early
- determine additional activities beyond testing that could reduce risk
What two parts does Product Risk Control consist of?
Risk Mitigation and Risk Monitoring.
Risk Mitigation involves implementing the actions proposed in risk assessment to reduce risk level.
Risk Monitoring aims to ensure that mitigation actions are effective, obtain further information to improve risk assessment, and identify emerging risks.
Once a risk has been analyzed, what are some options to respond?
- Select testers with the right level of experience and skills, suitable for the given risk
- Apply the appropriate level of independence for testing
- Conduct reviews and perform static analysis
- Apply the appropriate test techniques and coverage levels
- Apply appropriate test types addressing the affected quality characteristics
- Perform dynamic testing, including regression testing
