ISTQB FOUNDATION 4.0 | Tutorial 50 | Risk Identification | Risk Assessment | CTFL Tutorials
Summary
TLDRThis tutorial delves into the ISTQB Foundation Level certification, focusing on Chapter 5.2: Risk Management. It introduces risk as an uncertainty with potential side effects and differentiates between project and product risks. The script explains the risk management process, including identification, assessment, mitigation, and monitoring. It highlights the importance of risk analysis in organizing testing and emphasizes risk-based testing strategies. The tutorial also touches on risk assessment, considering both likelihood and impact, and outlines examples of project and product risks, underlining the necessity to mitigate risks to avoid negative consequences.
Takeaways
- đ Risk is defined as an uncertainty that may or may not occur but could have a negative side effect if it does.
- đ Risks can be classified into two categories: Project Risk and Product Risk, with the former related to the activities that build the product and the latter to the product's attributes.
- đ·ââïž Project Risks are pre-release and can include poorly defined requirements, insufficient or unskilled resources, and incapable testing processes.
- đïž Product Risks are post-release and relate to the functionality and non-functionality of the product, such as poor performance or user-friendliness.
- đĄïž Risk Management aims to increase the likelihood of achieving objectives, improve product quality, and boost stakeholder confidence and trust.
- đ The Risk Management process involves Risk Analysis and Risk Control, which are further broken down into Risk Identification, Assessment, Mitigation, and Monitoring.
- đ Risk Assessment combines two factors: Risk Likelihood (the probability of the event occurring) and Risk Impact (the severity of the effect if the risk occurs).
- đ Risk-Based Testing is an approach where test activities are selected, prioritized, and managed based on risk analysis and control.
- đ Understanding the level of risk is crucial for determining the priority of testing and mitigation efforts, with higher levels of risk requiring more attention.
- đ« Project Risks, if not managed, can lead to negative consequences such as delays, cost overruns, and stakeholder dissatisfaction.
- đ Product Risks, if they materialize, may result in user dissatisfaction, loss of revenue, reputation damage, and in extreme cases, physical harm or legal penalties.
Q & A
What is the primary focus of the tutorial?
-The primary focus of the tutorial is to introduce the concept of risk management within the context of ISTQB Foundation Level certification, specifically discussing how to manage test activities and the importance of risk identification, assessment, mitigation, and monitoring.
What is the definition of risk in the context of this tutorial?
-In this tutorial, risk is defined as an uncertainty that may or may not happen, but if it does occur, it would have a side effect or impact, which as a project or QA member, one is responsible to identify and help mitigate.
How are risks classified in the tutorial?
-Risks are classified into two categories: Project risk and Product risk. Project risks are related to the activities that build the product, while product risks are related to the functional and non-functional attributes of the application itself.
Can you provide an example of a product risk?
-An example of a product risk is poor performance of an application, which could lead to users abandoning the product. Other examples include user unfriendliness, or a weighing machine that is not calibrated, which could affect the product's functionality and user satisfaction.
What constitutes a project risk according to the tutorial?
-A project risk is associated with the activities or tasks performed to build the product. Examples include poorly defined requirements, insufficient or unskilled resources, and testing that is incapable of finding quality defects or meeting required standards.
What is the main purpose of risk management in an organization?
-The main purpose of risk management in an organization is to increase the likelihood of achieving objectives, improve the quality of products, and increase stakeholders' confidence and trust.
What are the four main phases of risk management mentioned in the tutorial?
-The four main phases of risk management mentioned are identification, assessment, mitigation, and monitoring.
What is the difference between risk-based testing and other testing approaches?
-Risk-based testing is an approach where test activities are selected, prioritized, and managed based on risk analysis and control. It differs from other testing approaches in that it focuses on managing test activities by assessing the potential risks associated with the product or project.
What are the two factors that characterize a risk?
-The two factors that characterize a risk are risk likelihood and risk impact. Likelihood refers to the probability of the event occurring, while impact refers to the severity or side effects that would result if the risk materializes.
What are some examples of project risks in software testing?
-Examples of project risks in software testing include organizational issues like delayed product deliveries, people issues such as insufficient skills or communication problems, technical issues like poor tool support, and supplier issues like third-party delivery failure.
What are some examples of product risks?
-Examples of product risks include missing or incorrect functionality, incorrect calculations, runtime errors, poor architecture, inefficient algorithms, inadequate response time, poor user experience, and security vulnerabilities.
What could be the negative consequences if product risks occur?
-If product risks occur, they may result in negative consequences such as user dissatisfaction, loss of revenue, damage to reputation, high maintenance costs, overload of help desks, legal penalties, and in extreme cases, physical damages, injuries, or even death.
Outlines
đ Introduction to Risk Management in ISTQB Foundation Level
This paragraph introduces the topic of risk management within the context of the ISTQB Foundation Level certification, specifically focusing on chapter 5. It explains the concept of risk as an uncertainty with potential side effects and emphasizes the role of a QA professional in identifying and mitigating these risks. The paragraph distinguishes between two types of risks: project risks, which are related to the activities involved in building the product, and product risks, which pertain to the product's functional and non-functional attributes. Examples provided include performance issues, user-friendliness, and calibration problems as product risks, while poorly defined requirements, insufficient resources, and inadequate testing capabilities are cited as project risks. The importance of risk management in increasing the likelihood of achieving objectives, improving product quality, and enhancing stakeholder confidence is also highlighted.
đ Risk Assessment and the Risk Management Process
The second paragraph delves deeper into the specifics of risk assessment, defining risk as a potential event that can have adverse effects and is characterized by two main factors: risk likelihood and impact. It explains that risk assessment involves evaluating the severity of the impact and the probability of the risk occurring, which are then combined to determine the overall risk level. The paragraph also outlines the risk management process, which includes risk analysis and risk control. Risk analysis is further broken down into risk identification and risk assessment, while risk control encompasses risk mitigation and monitoring. The concept of risk-based testing is introduced as an approach where test activities are selected, prioritized, and managed based on risk analysis and control.
đš Understanding Project and Product Risks with Examples
This paragraph provides a comprehensive look at project and product risks, offering examples to illustrate each type. Project risks are associated with the management and control of the project and can include organizational issues, people issues, technical issues, and supplier issues. Examples given range from delays and inaccurate estimates to insufficient skills and third-party delivery failures. Product risks, also known as quality risks, relate to the product's quality characteristics and can involve missing functionality, incorrect calculations, runtime errors, poor architecture, and security vulnerabilities. The paragraph also discusses the negative consequences of unmitigated risks, such as user dissatisfaction, loss of revenue, reputation damage, and in extreme cases, physical harm or death. The importance of understanding and mitigating these risks to ensure project and product success is underscored.
Mindmap
Keywords
đĄRisk Management
đĄRisk
đĄProject Risk
đĄProduct Risk
đĄRisk Analysis
đĄRisk Control
đĄRisk-Based Testing
đĄRisk Likelihood
đĄRisk Impact
đĄRisk Assessment
đĄNegative Consequences
Highlights
Introduction to risk management in the context of ISTQB Foundation level certification.
Definition of risk as an uncertainty with potential side effects.
The role of QA in identifying and mitigating risks.
Classification of risks into Project and Product risks.
Examples of Product risks related to functionality and non-functionality.
Project risks associated with activities that build the product.
Importance of risk management for achieving organizational objectives.
Risk management process involving risk analysis and control.
Subdivision of risk analysis into identification, assessment, mitigation, and monitoring.
Risk-based testing as a strategy for selecting, prioritizing, and managing test activities.
Different approaches to risk management, including analytical and methodical processes.
Risk assessment involving the evaluation of risk likelihood and impact.
Determination of risk level based on the combination of impact and likelihood.
Examples of Project risks including organizational, people, technical, and supplier issues.
Examples of Product risks such as missing functionality and poor user experience.
Negative consequences of unmitigated Product risks like loss of user satisfaction and revenue.
Importance of understanding risk impact for planning mitigation activities.
Invitation for further discussion on risk mitigation strategies in upcoming tutorials.
Closing remarks encouraging continuous learning and exploration in the field of risk management.
Transcripts
Hello friends and greetings for the day
welcome back to another tutorial on
istqb Foundation level certification we
are in chapter 5 talking about managing
test activities and moving on to the
next segment which is 5.2 risk
management and as a part of this
tutorial we'll be giving you a quick
introduction to what is risk all about
and how it can be managed within a life
cycle and also look at some of the quick
examples related to the project and
product
risk
[Music]
well when it comes to the risk
management the very first and foremost
important thing is to talk about the
definition of risk risk is an
uncertainty which may or may not happen
and if it certainly happens then it
would be having a side effect left out
so we as a project member are someone
who is responsible or especially being a
QA is responsible to identify y or
contribute in the identification process
and help them to mitigate the risk
however a risk can be anything related
to any part of the application and then
we can classify them based on their
identification into two categories which
is Project risk and product risk in
simple words a product risk is anything
which is related to the functional and
non-functional attributes of the
application so if I have to take an
example here I would prefer to say that
if the performance is poor it is a
product risk people will stop using your
product however you have released it
into the market same way if the user
friendliness is not so good you may just
discard the product or probably stop
using that product or other way if the
weighing machine is not calibrated is
also a product risk but on the other
hand side if I talk about the things
which are the activities which takes
place in order to build the product or
if I have any risk associated to that I
would call it as project risk because
project risk are related to those activi
which build the product and these are
pre-release so for example if the
requirements are poorly defined I call
it as a project risk if the resources
are insufficient or unskilled then I
call it as a project risk if the testing
is incapable of finding the good defects
or quality defects or unable to uh meet
the required requirements then it is
called as a project risk so anything
which deals with the activities any such
risk which deals with the activities or
task being performed in order to build
the product is called as a project risk
or related to process whereas product
risk are those which are attributes of
the product itself so in simple words
this is how the definition and
classification of defects the risk
happens now let's quickly check it out
what the risk management introduction is
trying to say and at the same time what
is the risk management process altoe so
when it comes to organization they
certainly face many internal and
external factors that make it uncertain
whether and when they will achieve their
objectives risk management allows the
organization to increase the likelihood
of the achieving objectives improve the
quality of their products and increase
the stakeholders confidence and the
trust so of course risk analysis being
conducted in any particular project will
give you a lot of heads up that how
exactly I can organize and conduct my
testing and indeed what are those
counterparts which I must deal with in
order to avoid unforeseen situations or
showstoppers or sometimes suspension of
the projects as well or to avoid the
failure of the product into the market
also to add here the process that is the
main risk management activities include
risk analysis and risk control now here
risk analysis is further broken down
into two parts that is risk
identification and risk assessment and
risk control is into risk mitigation and
risk monitoring so in simple words these
are four sequential activities which
happens as a part of risk management
that is first we identify the risk then
we Deep dive and assess the level of
risk then we certainly perform the steps
in order to mitigate it and then we
consistently keep an eye throughout the
life cycle if there are any new risk uh
emerging out of the new data or as the
project unfolds or sometime just to keep
a track of anything which may not be any
longer a risk so we have to consistently
monitor it as well so these are the four
major phases that is identification
assessment mitigation and monitoring the
test approach in which the test
activities are selected prioritized and
managed based on the risk analysis and
risk control is called as risk-based
testing however there are different
strategies and approaches available like
analytical methodical process compliant
and so on but risk-based which is
analytical is one of the commonly used
approaches in testing today where the if
you are following risk-based approach
all we are trying to say that you are
managing your entire test activities
related to that which deals with
certainly that is selecting your set of
activities prioritizing your test cases
and managing everything else based on
the risk analysis and control is what
you refer to as risk-based testing also
further to add here we are looking at
what exactly the different types of risk
are but before that let's quickly Deep
dive and check it out what exactly my
risk assessment is all about right so
let's have a look here and try to
understand what is risk assessment now
risk is a potential event Hazard threat
or situation whose occurrence causes an
adverse effect a risk can be
characterized by two factors that is
risk likelihood and risk impact now let
me just take you with a more better
understanding as in when a risk is
identified we sit down together to
discuss in deep type to in order to
assess the level of risk and that's what
is called as risk assessment when we
talk about the level of risk it's
basically a combination of two factors
or two parameters that is impact and
likelihood where impact is considered as
the severity or the of course the side
effect when the risk happens or what
could be the impact or harm to the user
when it happens and likelihood is more
of like the probability of that event to
happen that means it certainly depends
on the visibility of the features to the
people in their process and at the same
time how frequently that particular uh
item is being used the frequency of use
of that particular infected feature so
likelihood is determined by further more
if you di is the frequency of use and
how visible that option is all about so
we determine the probability of that
risk to happen so both of these are two
independent thing and certainly would
take their own level of determination
and then put together as we combine them
we get the level of risk So based on
this analysis you will be able to
determine what is the level of risk and
these two factors Express the risk level
which is level of risk which is a
measure of the risk itself the higher
the risk level the more important is its
treatment so of course you know that if
the risk priority is high we would do
more testing there and of course
everything will be highly prioritized
and if you have a risk level which is
low then certainly proportional
proportionally you will be doing less
testing compared to that of high but
even at the lower priority so in simple
words a risk is determined with their
level by having measuring measured the
impact and likelihood related to that
well just just a moment ago we discussed
that the risk are of two types that is
Project risk and product risk and based
on that uh we will look forward to
understand what exactly are those
typical examples so on anyhow in the
simple words I told you product risk are
related to the attributes of the
functionality or non-functionality of a
product whereas project risk are related
to those of the process so in simple
words let's quickly have a look on what
are those key examples which I can
consider as project risk and product
risk as well so when it comes to
software testing one is generally
concerned with two types of risk that is
Project risk and product risk however
just for your information product risk
is also called as quality risk okay
there just the synonyms of product risk
now project risk are related to the
management and control of the project
project risk examples can include
organizational issues like delay in work
product deliveries inaccurate estimates
cost cutting Etc people issues like
insufficient skills cont conflicts
communication problems shortage of Staff
technical issues like scope cre poor
tool support Etc and supplier issues
which means even the third party uh
delivery failure bankruptcy of the
supporting company Etc so from these
examples we pretty much get the Insight
that there are several things within the
project which happens as a activity and
if we have any kind of risk related to
these activities is what we refer to as
project risk when it comes to the
examination
uh certainly the examination will not be
hardcoded asking you these points only
they can give you any other example all
you have to judge is will this impact
the project or the end user if it
impacts the project or the process it is
Project risk if it impacts the end user
then it is product risk on the other
hand we do have product risk here so
product risk are related to product
quality characteristics examples of
product risk include missing or wrong
functionality incorrect calculations run
time errors poor architecture
inefficient algorithm inadequate
response time poor user experience or
any sort of security one Liberties okay
so again there could be any number of
possibilities you can think about the
product risk but at the end of the day
all we talk about is the the functional
and non-functional attributes not
meeting the requirement or a particular
feature is not working is also seen as a
product risk itself so given that we are
taking some examples that should give
some insights but it can be anything
what can be asked to you also to talk a
little bit on the what could be the
negative consequences if the risk
happens like what is that I can talk
about as an harm of a risk and why
should I look forward to mitigate them
prior to completion of the projects or
prior to doing anything else right so
the number one thing here we're talking
about is product risk when they occur
may result in various negative
consequences which includes user Des
satisfaction loss of Revenue trust
reputation damage to third parties high
maintenance cost overload of the help
desk criminal penalties and extreme
cases physical damages injuries or even
death so it depends on the type of
product for example if I'm talking about
Automotive or Aviation related products
safety critical devices we talking about
People's Injury and death as well could
be a consequence but if I'm talking
about simple products like applications
and softwares people will certainly will
look forward to have a better quality in
it if the functionalities computation
algorithms are not working absolutely
fine people would look forward to go for
another vendor or another service
provider which might be doing a better
job so you may have a loss of trust
reputation or even business sometime or
if you have compromised with some of the
Regulatory and compliance requirements
then you can even get into a legal
sanctions or legal issues related to
your product and organization sometime
you even look your entire brand name not
just one particular product so it
matters a lot that what exactly would be
the impact of a particular risk and
based on that we plan our set of
activities in order to mitigate it
however there's a whole bunch of
discussion still remaining when it comes
to the product risk analysis we'll talk
about how exactly we mitigate it what
are the steps we can take what are the
approach we can follow in our next
tutorial so that's all from this
particular tutorial team should you have
anything else feel free to comment below
I'm always there to address your queries
and ask answer them well till then keep
learning keep exploring keep
understanding the context thanks for
watching the video team and happy
[Music]
learning
Voir Plus de Vidéos Connexes
ISTQB FOUNDATION 4.0 | Tutorial 51 | Product Risk Analysis | Risk Control | Test Management | CTFL
Risk Management Basics | Google Project Management Certificate
CH05. L06. Project and product risk
ISTQB FOUNDATION 4.0 | Tutorial 56 | Sample Questions on Chapter 5 | Test Management | ISTQB Exam
PMI Risk Management Professional Exam Free Practice Questions Part 1
What is Risk Management? | Risk Management process
5.0 / 5 (0 votes)