Our blog

Home Blogs How to run reasonable ris ...

How to run reasonable risks in software testing

Author: Evgeny Sytnik

   These days when society becomes extremely dynamic, innovative and technologically oriented along with our sophisticated knowledge and skills being ready-at-hand, it may seem those modern enterprises are capable of producing and marketing the software products without bugs at all.

   However, the reality appears to be different. Lots of businesses deliberately produce and sell the solutions with deficiencies or with the parts of the software product which are not fully tested presenting themselves a zone of potential risk of failure for the final users.

   It may sound unusual but there is a sufficient range of causes from the business point of view why it is worthwhile for the enterprises to be risky. Indeed, each software production venture is dealing with tight deadlines, restricted financial and manpower resources as well as with challenging market environment and customer’s inquiries fluctuations, that’s why exceeding the allocated funds for a specific project turns out to be a bigger problem for a vendor that releasing a solution which has been exposed to less tests that it was planned. Upon such conditions, the businesses have to choose among imperfect product delivered in time and no product at all. This equation is pretty clear to anyone involved in software development business, however, it has to be accurately elaborated which parts of the solution have been verified, which ones were not sufficiently tested and how the potential risks may affect the users.

   This is an exclusive job of the testing team to assess the scope of possible failure and to deliver more precise recommendations to the project managers and team leaders, so they would be able to make a justified choice whether to take this risk when releasing the software product that was tested under the accelerated program.

   Testing is a key element of risk minimization process

   By “risk” we mean likelihood or menace of failure, error, incorrect functionally, data loss or any other undesirable occasions that can be prevented or at least mitigated if taking preventive measures such as risk analysis and risk probability calculation. When talking about software development the most effective risk prevention tool is testing.

   Each software product being released is a subject to risk threat. No matter how thoroughly you are testing your solution the failure may occur and nothing can secure it in full since human factor, technical error or both these factors always provide us with a portion of uncertainty. Therefore, releasing the product before complete testing conducted is considered to be a right move in terms of compliance with deadlines and project budget. At the same time, it is crucial to determine the moment when we reach a sufficient amount of testing and when the sufficient volume of risk has been mitigated.

   Focusing on “significant” risks only

   Here we may suppose the situation when the leader of software development project, whether it is agile, waterfall-type or of any other kind, decided to detect, recognize, compare, range and trace all possible risks. Being declared by some agile development process supporters that agile approach has been invented for reacting to sudden occasions and defects, so it is unnecessary to recognize these risk but what has to be done is to deal with problems when they appear, - becomes an arguing point in a certain context.

   In a nutshell, a vendor has to be able to recognize two sorts of risk with further delineation in order to increase the likelihood of providing a project manager or a team leader with justified data based on which the decision whether sufficient testing has been conducted is conducted. So, let’s explore both types of these risks.

   Below the typical cases that have to be anticipated in the regular risk detection records are listed:

   - The testing ecosystem will be occupied by manufacture correction;

   - The process of development will exceed the estimated term that will affect the test completion date;

   - Increased frequency of failures will impact the test finishing date;

   - Critical testing resources will be unapproachable.

   At the same time, it is also worthwhile to take into account solution-related risks:

   - The end users will be provided with wrong access signing in;

   It is impossible to connect the online payment system being the third part in e-commerce operation;

   - The entertaining application can’t be launched in the intense mode;

   - Client’s interface graphics differs using various browsers;

   - Textual information applied automatically in the e-documents is inconsistent.

  Indeed, the aforementioned cases are rather requirements to the product, however in order to make a balanced decision they have to be perceived as risks. Alternatively, you can precisely range these cases based on their influence on the real situation in the same manner as it is done for regular or essential risks.

  At the very beginning within project launch it is necessary to determine the degree of requirements which can be evaluated as a risk, and after that, by using risk ranging instrument or selection procedure you have to assign a numeric value to risk. Therefore, the combined value of these measurements will represent a risk threat level.

   The rest is simple.

   Project performance is scheduled based on a regular risk-oriented methodology that is called to secure in terms of practical implementation that testing concentrated on those risks possessing maximum risk threat level will be conducted in the first place.

   As long as the software developer improves product quality and impeccability thanks to continuous performance, conducting regular and extraordinary tests as well as the elimination of the entire risk threat degree have to be elaborated.

   And few more things to be kept in mind when deciding on taking the risk

  One more section of the risk analysis and risk-oriented testing procedure has to be accentuated and it is the thing which is regularly ignored when deciding on risk acceptance upon the condition of tight deadline remaining.

  This part is ensuring that the influence of a product-related risk, appearing when the product is being launched, is assessed immediately by a person who is actually impacted by this risk.

  This problem has to be solved by relevant explication on the primary risk determination discussions and ranging operations during project performance. Yet, it is not enough to supply risk-oriented decisions to prospectively affected investors by arranging special meetings and delivering reports on situation updates. The reason is in today’s extremely intense working space, the fact of receiving notification on risk probability scale by an investor or an owner doesn’t guarantee that they have comprehended the essence of delivered information.


 The aforementioned technique is not an equivalent to the “accelerated testing”, however, it definitely enables project managers or other decision-makers to authorize risk-oriented decisions on whether assigned testing scope is sufficient to ensure the expected performance of the software product and whether testing team has already reached the moment when sufficient volume of risks has been eliminated.

You may also like