ISTQB FOUNDATION 4.0 | Tutorial 50 | Risk Identification | Risk Assessment | CTFL Tutorials

TM SQUARE
14 Mar 202412:17

Summary

TLDRThis tutorial delves into the ISTQB Foundation Level certification, focusing on Chapter 5.2: Risk Management. It introduces risk as an uncertainty with potential side effects and differentiates between project and product risks. The script explains the risk management process, including identification, assessment, mitigation, and monitoring. It highlights the importance of risk analysis in organizing testing and emphasizes risk-based testing strategies. The tutorial also touches on risk assessment, considering both likelihood and impact, and outlines examples of project and product risks, underlining the necessity to mitigate risks to avoid negative consequences.

Takeaways

  • πŸ“˜ Risk is defined as an uncertainty that may or may not occur but could have a negative side effect if it does.
  • πŸ” Risks can be classified into two categories: Project Risk and Product Risk, with the former related to the activities that build the product and the latter to the product's attributes.
  • πŸ‘·β€β™‚οΈ Project Risks are pre-release and can include poorly defined requirements, insufficient or unskilled resources, and incapable testing processes.
  • πŸ›οΈ Product Risks are post-release and relate to the functionality and non-functionality of the product, such as poor performance or user-friendliness.
  • πŸ›‘οΈ Risk Management aims to increase the likelihood of achieving objectives, improve product quality, and boost stakeholder confidence and trust.
  • πŸ”Ž The Risk Management process involves Risk Analysis and Risk Control, which are further broken down into Risk Identification, Assessment, Mitigation, and Monitoring.
  • πŸ“Š Risk Assessment combines two factors: Risk Likelihood (the probability of the event occurring) and Risk Impact (the severity of the effect if the risk occurs).
  • πŸ“‰ Risk-Based Testing is an approach where test activities are selected, prioritized, and managed based on risk analysis and control.
  • πŸ”‘ Understanding the level of risk is crucial for determining the priority of testing and mitigation efforts, with higher levels of risk requiring more attention.
  • 🚫 Project Risks, if not managed, can lead to negative consequences such as delays, cost overruns, and stakeholder dissatisfaction.
  • πŸ›‘ Product Risks, if they materialize, may result in user dissatisfaction, loss of revenue, reputation damage, and in extreme cases, physical harm or legal penalties.

Q & A

  • What is the primary focus of the tutorial?

    -The primary focus of the tutorial is to introduce the concept of risk management within the context of ISTQB Foundation Level certification, specifically discussing how to manage test activities and the importance of risk identification, assessment, mitigation, and monitoring.

  • What is the definition of risk in the context of this tutorial?

    -In this tutorial, risk is defined as an uncertainty that may or may not happen, but if it does occur, it would have a side effect or impact, which as a project or QA member, one is responsible to identify and help mitigate.

  • How are risks classified in the tutorial?

    -Risks are classified into two categories: Project risk and Product risk. Project risks are related to the activities that build the product, while product risks are related to the functional and non-functional attributes of the application itself.

  • Can you provide an example of a product risk?

    -An example of a product risk is poor performance of an application, which could lead to users abandoning the product. Other examples include user unfriendliness, or a weighing machine that is not calibrated, which could affect the product's functionality and user satisfaction.

  • What constitutes a project risk according to the tutorial?

    -A project risk is associated with the activities or tasks performed to build the product. Examples include poorly defined requirements, insufficient or unskilled resources, and testing that is incapable of finding quality defects or meeting required standards.

  • What is the main purpose of risk management in an organization?

    -The main purpose of risk management in an organization is to increase the likelihood of achieving objectives, improve the quality of products, and increase stakeholders' confidence and trust.

  • What are the four main phases of risk management mentioned in the tutorial?

    -The four main phases of risk management mentioned are identification, assessment, mitigation, and monitoring.

  • What is the difference between risk-based testing and other testing approaches?

    -Risk-based testing is an approach where test activities are selected, prioritized, and managed based on risk analysis and control. It differs from other testing approaches in that it focuses on managing test activities by assessing the potential risks associated with the product or project.

  • What are the two factors that characterize a risk?

    -The two factors that characterize a risk are risk likelihood and risk impact. Likelihood refers to the probability of the event occurring, while impact refers to the severity or side effects that would result if the risk materializes.

  • What are some examples of project risks in software testing?

    -Examples of project risks in software testing include organizational issues like delayed product deliveries, people issues such as insufficient skills or communication problems, technical issues like poor tool support, and supplier issues like third-party delivery failure.

  • What are some examples of product risks?

    -Examples of product risks include missing or incorrect functionality, incorrect calculations, runtime errors, poor architecture, inefficient algorithms, inadequate response time, poor user experience, and security vulnerabilities.

  • What could be the negative consequences if product risks occur?

    -If product risks occur, they may result in negative consequences such as user dissatisfaction, loss of revenue, damage to reputation, high maintenance costs, overload of help desks, legal penalties, and in extreme cases, physical damages, injuries, or even death.

Outlines

00:00

πŸ“š Introduction to Risk Management in ISTQB Foundation Level

This paragraph introduces the topic of risk management within the context of the ISTQB Foundation Level certification, specifically focusing on chapter 5. It explains the concept of risk as an uncertainty with potential side effects and emphasizes the role of a QA professional in identifying and mitigating these risks. The paragraph distinguishes between two types of risks: project risks, which are related to the activities involved in building the product, and product risks, which pertain to the product's functional and non-functional attributes. Examples provided include performance issues, user-friendliness, and calibration problems as product risks, while poorly defined requirements, insufficient resources, and inadequate testing capabilities are cited as project risks. The importance of risk management in increasing the likelihood of achieving objectives, improving product quality, and enhancing stakeholder confidence is also highlighted.

05:01

πŸ” Risk Assessment and the Risk Management Process

The second paragraph delves deeper into the specifics of risk assessment, defining risk as a potential event that can have adverse effects and is characterized by two main factors: risk likelihood and impact. It explains that risk assessment involves evaluating the severity of the impact and the probability of the risk occurring, which are then combined to determine the overall risk level. The paragraph also outlines the risk management process, which includes risk analysis and risk control. Risk analysis is further broken down into risk identification and risk assessment, while risk control encompasses risk mitigation and monitoring. The concept of risk-based testing is introduced as an approach where test activities are selected, prioritized, and managed based on risk analysis and control.

10:02

🚨 Understanding Project and Product Risks with Examples

This paragraph provides a comprehensive look at project and product risks, offering examples to illustrate each type. Project risks are associated with the management and control of the project and can include organizational issues, people issues, technical issues, and supplier issues. Examples given range from delays and inaccurate estimates to insufficient skills and third-party delivery failures. Product risks, also known as quality risks, relate to the product's quality characteristics and can involve missing functionality, incorrect calculations, runtime errors, poor architecture, and security vulnerabilities. The paragraph also discusses the negative consequences of unmitigated risks, such as user dissatisfaction, loss of revenue, reputation damage, and in extreme cases, physical harm or death. The importance of understanding and mitigating these risks to ensure project and product success is underscored.

Mindmap

Keywords

πŸ’‘Risk Management

Risk Management is a systematic process of identifying, assessing, and controlling risks to minimize any negative impact on an organization's objectives. In the context of the video, it is a critical component of the software testing process, allowing organizations to increase the likelihood of achieving objectives, improve product quality, and build stakeholder confidence. The script discusses how risk management can help in identifying uncertainties that may affect project outcomes and provides a framework for dealing with these uncertainties through risk analysis and control.

πŸ’‘Risk

In the video, 'Risk' is defined as an uncertainty that may or may not occur but, if it does, could have a negative side effect. It is a central theme of the tutorial, with the speaker emphasizing the importance of identifying and mitigating risks in the software development lifecycle. The script uses examples such as poor performance or user-friendliness to illustrate product risks that could affect a product's success in the market.

πŸ’‘Project Risk

Project Risk refers to potential issues that could affect the activities involved in building a product, such as poorly defined requirements, insufficient or unskilled resources, or incapable testing processes. The script explains that project risks are pre-release and are distinct from product risks, which are related to the attributes of the product itself. An example from the script is that if requirements are poorly defined, it is considered a project risk.

πŸ’‘Product Risk

Product Risk, also known as quality risk in the script, relates to the functional and non-functional attributes of an application. It is anything that could negatively impact the user's experience or the product's performance, such as poor performance, user-friendliness, or a lack of calibration in a weighing machine. The script highlights that product risks can lead to users discarding the product or ceasing its use.

πŸ’‘Risk Analysis

Risk Analysis is the process of identifying and assessing risks to understand their potential impact and likelihood. The script breaks down risk analysis into two parts: risk identification and risk assessment. It is a crucial step in the risk management process, allowing organizations to prioritize risks and determine appropriate mitigation strategies.

πŸ’‘Risk Control

Risk Control involves the steps taken to mitigate risks and monitor them throughout the project lifecycle. The script explains that risk control includes risk mitigation and risk monitoring, which are essential for managing risks effectively and ensuring that new risks are identified and addressed as they emerge.

πŸ’‘Risk-Based Testing

Risk-Based Testing is a testing approach where test activities are selected, prioritized, and managed based on risk analysis and control. The script describes it as an analytical method where the focus is on managing test activities related to the risks identified in the project. This approach helps in allocating resources and efforts where they are most needed to mitigate potential risks.

πŸ’‘Risk Likelihood

Risk Likelihood in the script is described as the probability of a risk occurring. It is one of the two factors, along with risk impact, used to characterize a risk. The script provides the example that the likelihood is determined by the frequency of use and visibility of a feature, which helps in assessing the overall level of risk.

πŸ’‘Risk Impact

Risk Impact refers to the severity or side effect that occurs if a risk materializes. It is used in conjunction with risk likelihood to assess the level of risk. The script explains that the impact is considered in terms of harm or negative consequences to the user, which is essential for determining the priority of risk treatment.

πŸ’‘Risk Assessment

Risk Assessment is the process of evaluating the level of risk by combining the factors of impact and likelihood. The script describes it as a deep dive discussion to assess the potential adverse effects and the probability of those effects occurring. This assessment is crucial for understanding the risk level and planning appropriate responses.

πŸ’‘Negative Consequences

Negative Consequences are the potential adverse outcomes that may result from unmitigated risks. The script mentions various consequences such as user dissatisfaction, loss of revenue, reputation damage, high maintenance costs, and in extreme cases, physical damages or injuries. These consequences highlight the importance of risk management in avoiding potential harm to the organization and its stakeholders.

Highlights

Introduction to risk management in the context of ISTQB Foundation level certification.

Definition of risk as an uncertainty with potential side effects.

The role of QA in identifying and mitigating risks.

Classification of risks into Project and Product risks.

Examples of Product risks related to functionality and non-functionality.

Project risks associated with activities that build the product.

Importance of risk management for achieving organizational objectives.

Risk management process involving risk analysis and control.

Subdivision of risk analysis into identification, assessment, mitigation, and monitoring.

Risk-based testing as a strategy for selecting, prioritizing, and managing test activities.

Different approaches to risk management, including analytical and methodical processes.

Risk assessment involving the evaluation of risk likelihood and impact.

Determination of risk level based on the combination of impact and likelihood.

Examples of Project risks including organizational, people, technical, and supplier issues.

Examples of Product risks such as missing functionality and poor user experience.

Negative consequences of unmitigated Product risks like loss of user satisfaction and revenue.

Importance of understanding risk impact for planning mitigation activities.

Invitation for further discussion on risk mitigation strategies in upcoming tutorials.

Closing remarks encouraging continuous learning and exploration in the field of risk management.

Transcripts

play00:00

Hello friends and greetings for the day

play00:02

welcome back to another tutorial on

play00:03

istqb Foundation level certification we

play00:06

are in chapter 5 talking about managing

play00:08

test activities and moving on to the

play00:10

next segment which is 5.2 risk

play00:13

management and as a part of this

play00:15

tutorial we'll be giving you a quick

play00:16

introduction to what is risk all about

play00:19

and how it can be managed within a life

play00:21

cycle and also look at some of the quick

play00:24

examples related to the project and

play00:26

product

play00:28

risk

play00:33

[Music]

play00:37

well when it comes to the risk

play00:38

management the very first and foremost

play00:40

important thing is to talk about the

play00:42

definition of risk risk is an

play00:44

uncertainty which may or may not happen

play00:47

and if it certainly happens then it

play00:50

would be having a side effect left out

play00:52

so we as a project member are someone

play00:55

who is responsible or especially being a

play00:57

QA is responsible to identify y or

play01:00

contribute in the identification process

play01:03

and help them to mitigate the risk

play01:05

however a risk can be anything related

play01:07

to any part of the application and then

play01:10

we can classify them based on their

play01:11

identification into two categories which

play01:14

is Project risk and product risk in

play01:16

simple words a product risk is anything

play01:18

which is related to the functional and

play01:20

non-functional attributes of the

play01:22

application so if I have to take an

play01:24

example here I would prefer to say that

play01:26

if the performance is poor it is a

play01:28

product risk people will stop using your

play01:30

product however you have released it

play01:32

into the market same way if the user

play01:34

friendliness is not so good you may just

play01:36

discard the product or probably stop

play01:38

using that product or other way if the

play01:40

weighing machine is not calibrated is

play01:43

also a product risk but on the other

play01:45

hand side if I talk about the things

play01:47

which are the activities which takes

play01:50

place in order to build the product or

play01:52

if I have any risk associated to that I

play01:55

would call it as project risk because

play01:57

project risk are related to those activi

play02:00

which build the product and these are

play02:02

pre-release so for example if the

play02:04

requirements are poorly defined I call

play02:06

it as a project risk if the resources

play02:08

are insufficient or unskilled then I

play02:11

call it as a project risk if the testing

play02:13

is incapable of finding the good defects

play02:15

or quality defects or unable to uh meet

play02:19

the required requirements then it is

play02:21

called as a project risk so anything

play02:24

which deals with the activities any such

play02:26

risk which deals with the activities or

play02:28

task being performed in order to build

play02:30

the product is called as a project risk

play02:32

or related to process whereas product

play02:34

risk are those which are attributes of

play02:35

the product itself so in simple words

play02:38

this is how the definition and

play02:40

classification of defects the risk

play02:42

happens now let's quickly check it out

play02:44

what the risk management introduction is

play02:46

trying to say and at the same time what

play02:48

is the risk management process altoe so

play02:51

when it comes to organization they

play02:53

certainly face many internal and

play02:55

external factors that make it uncertain

play02:58

whether and when they will achieve their

play03:01

objectives risk management allows the

play03:03

organization to increase the likelihood

play03:05

of the achieving objectives improve the

play03:08

quality of their products and increase

play03:10

the stakeholders confidence and the

play03:12

trust so of course risk analysis being

play03:15

conducted in any particular project will

play03:17

give you a lot of heads up that how

play03:19

exactly I can organize and conduct my

play03:21

testing and indeed what are those

play03:23

counterparts which I must deal with in

play03:25

order to avoid unforeseen situations or

play03:28

showstoppers or sometimes suspension of

play03:30

the projects as well or to avoid the

play03:33

failure of the product into the market

play03:35

also to add here the process that is the

play03:38

main risk management activities include

play03:40

risk analysis and risk control now here

play03:43

risk analysis is further broken down

play03:44

into two parts that is risk

play03:46

identification and risk assessment and

play03:49

risk control is into risk mitigation and

play03:52

risk monitoring so in simple words these

play03:54

are four sequential activities which

play03:56

happens as a part of risk management

play03:58

that is first we identify the risk then

play04:00

we Deep dive and assess the level of

play04:02

risk then we certainly perform the steps

play04:05

in order to mitigate it and then we

play04:07

consistently keep an eye throughout the

play04:09

life cycle if there are any new risk uh

play04:12

emerging out of the new data or as the

play04:14

project unfolds or sometime just to keep

play04:16

a track of anything which may not be any

play04:19

longer a risk so we have to consistently

play04:21

monitor it as well so these are the four

play04:24

major phases that is identification

play04:26

assessment mitigation and monitoring the

play04:29

test approach in which the test

play04:30

activities are selected prioritized and

play04:33

managed based on the risk analysis and

play04:35

risk control is called as risk-based

play04:37

testing however there are different

play04:39

strategies and approaches available like

play04:41

analytical methodical process compliant

play04:44

and so on but risk-based which is

play04:46

analytical is one of the commonly used

play04:48

approaches in testing today where the if

play04:50

you are following risk-based approach

play04:52

all we are trying to say that you are

play04:54

managing your entire test activities

play04:56

related to that which deals with

play04:58

certainly that is selecting your set of

play05:00

activities prioritizing your test cases

play05:03

and managing everything else based on

play05:05

the risk analysis and control is what

play05:08

you refer to as risk-based testing also

play05:11

further to add here we are looking at

play05:14

what exactly the different types of risk

play05:16

are but before that let's quickly Deep

play05:18

dive and check it out what exactly my

play05:21

risk assessment is all about right so

play05:24

let's have a look here and try to

play05:26

understand what is risk assessment now

play05:29

risk is a potential event Hazard threat

play05:32

or situation whose occurrence causes an

play05:35

adverse effect a risk can be

play05:37

characterized by two factors that is

play05:39

risk likelihood and risk impact now let

play05:42

me just take you with a more better

play05:44

understanding as in when a risk is

play05:45

identified we sit down together to

play05:47

discuss in deep type to in order to

play05:49

assess the level of risk and that's what

play05:51

is called as risk assessment when we

play05:54

talk about the level of risk it's

play05:55

basically a combination of two factors

play05:57

or two parameters that is impact and

play06:00

likelihood where impact is considered as

play06:02

the severity or the of course the side

play06:04

effect when the risk happens or what

play06:06

could be the impact or harm to the user

play06:09

when it happens and likelihood is more

play06:11

of like the probability of that event to

play06:13

happen that means it certainly depends

play06:15

on the visibility of the features to the

play06:17

people in their process and at the same

play06:19

time how frequently that particular uh

play06:22

item is being used the frequency of use

play06:24

of that particular infected feature so

play06:27

likelihood is determined by further more

play06:29

if you di is the frequency of use and

play06:32

how visible that option is all about so

play06:34

we determine the probability of that

play06:36

risk to happen so both of these are two

play06:39

independent thing and certainly would

play06:40

take their own level of determination

play06:43

and then put together as we combine them

play06:45

we get the level of risk So based on

play06:48

this analysis you will be able to

play06:49

determine what is the level of risk and

play06:51

these two factors Express the risk level

play06:54

which is level of risk which is a

play06:56

measure of the risk itself the higher

play06:58

the risk level the more important is its

play07:00

treatment so of course you know that if

play07:03

the risk priority is high we would do

play07:05

more testing there and of course

play07:07

everything will be highly prioritized

play07:09

and if you have a risk level which is

play07:10

low then certainly proportional

play07:13

proportionally you will be doing less

play07:15

testing compared to that of high but

play07:17

even at the lower priority so in simple

play07:19

words a risk is determined with their

play07:22

level by having measuring measured the

play07:26

impact and likelihood related to that

play07:29

well just just a moment ago we discussed

play07:30

that the risk are of two types that is

play07:33

Project risk and product risk and based

play07:35

on that uh we will look forward to

play07:38

understand what exactly are those

play07:40

typical examples so on anyhow in the

play07:42

simple words I told you product risk are

play07:44

related to the attributes of the

play07:46

functionality or non-functionality of a

play07:48

product whereas project risk are related

play07:50

to those of the process so in simple

play07:53

words let's quickly have a look on what

play07:54

are those key examples which I can

play07:56

consider as project risk and product

play07:58

risk as well so when it comes to

play08:01

software testing one is generally

play08:03

concerned with two types of risk that is

play08:05

Project risk and product risk however

play08:07

just for your information product risk

play08:08

is also called as quality risk okay

play08:11

there just the synonyms of product risk

play08:14

now project risk are related to the

play08:15

management and control of the project

play08:18

project risk examples can include

play08:20

organizational issues like delay in work

play08:22

product deliveries inaccurate estimates

play08:25

cost cutting Etc people issues like

play08:27

insufficient skills cont conflicts

play08:30

communication problems shortage of Staff

play08:32

technical issues like scope cre poor

play08:35

tool support Etc and supplier issues

play08:38

which means even the third party uh

play08:40

delivery failure bankruptcy of the

play08:42

supporting company Etc so from these

play08:44

examples we pretty much get the Insight

play08:47

that there are several things within the

play08:49

project which happens as a activity and

play08:52

if we have any kind of risk related to

play08:54

these activities is what we refer to as

play08:57

project risk when it comes to the

play08:58

examination

play09:00

uh certainly the examination will not be

play09:02

hardcoded asking you these points only

play09:04

they can give you any other example all

play09:06

you have to judge is will this impact

play09:08

the project or the end user if it

play09:11

impacts the project or the process it is

play09:13

Project risk if it impacts the end user

play09:16

then it is product risk on the other

play09:18

hand we do have product risk here so

play09:20

product risk are related to product

play09:21

quality characteristics examples of

play09:24

product risk include missing or wrong

play09:26

functionality incorrect calculations run

play09:29

time errors poor architecture

play09:31

inefficient algorithm inadequate

play09:33

response time poor user experience or

play09:36

any sort of security one Liberties okay

play09:40

so again there could be any number of

play09:42

possibilities you can think about the

play09:43

product risk but at the end of the day

play09:46

all we talk about is the the functional

play09:48

and non-functional attributes not

play09:50

meeting the requirement or a particular

play09:52

feature is not working is also seen as a

play09:54

product risk itself so given that we are

play09:58

taking some examples that should give

play09:59

some insights but it can be anything

play10:02

what can be asked to you also to talk a

play10:04

little bit on the what could be the

play10:05

negative consequences if the risk

play10:07

happens like what is that I can talk

play10:10

about as an harm of a risk and why

play10:13

should I look forward to mitigate them

play10:15

prior to completion of the projects or

play10:18

prior to doing anything else right so

play10:20

the number one thing here we're talking

play10:22

about is product risk when they occur

play10:24

may result in various negative

play10:26

consequences which includes user Des

play10:29

satisfaction loss of Revenue trust

play10:32

reputation damage to third parties high

play10:35

maintenance cost overload of the help

play10:37

desk criminal penalties and extreme

play10:40

cases physical damages injuries or even

play10:43

death so it depends on the type of

play10:45

product for example if I'm talking about

play10:47

Automotive or Aviation related products

play10:49

safety critical devices we talking about

play10:51

People's Injury and death as well could

play10:54

be a consequence but if I'm talking

play10:56

about simple products like applications

play10:58

and softwares people will certainly will

play11:00

look forward to have a better quality in

play11:01

it if the functionalities computation

play11:04

algorithms are not working absolutely

play11:06

fine people would look forward to go for

play11:08

another vendor or another service

play11:10

provider which might be doing a better

play11:12

job so you may have a loss of trust

play11:14

reputation or even business sometime or

play11:17

if you have compromised with some of the

play11:19

Regulatory and compliance requirements

play11:22

then you can even get into a legal

play11:23

sanctions or legal issues related to

play11:26

your product and organization sometime

play11:28

you even look your entire brand name not

play11:30

just one particular product so it

play11:33

matters a lot that what exactly would be

play11:35

the impact of a particular risk and

play11:37

based on that we plan our set of

play11:39

activities in order to mitigate it

play11:41

however there's a whole bunch of

play11:43

discussion still remaining when it comes

play11:44

to the product risk analysis we'll talk

play11:47

about how exactly we mitigate it what

play11:49

are the steps we can take what are the

play11:50

approach we can follow in our next

play11:52

tutorial so that's all from this

play11:54

particular tutorial team should you have

play11:55

anything else feel free to comment below

play11:57

I'm always there to address your queries

play11:58

and ask answer them well till then keep

play12:00

learning keep exploring keep

play12:02

understanding the context thanks for

play12:03

watching the video team and happy

play12:09

[Music]

play12:16

learning

Browse More Related Video

ISTQB FOUNDATION 4.0 | Tutorial 51 | Product Risk Analysis | Risk Control | Test Management | CTFL

Risk Management Basics | Google Project Management Certificate

CH05. L06. Project and product risk

ISTQB FOUNDATION 4.0 | Tutorial 56 | Sample Questions on Chapter 5 | Test Management | ISTQB Exam

PMI Risk Management Professional Exam Free Practice Questions Part 1

What is Risk Management? | Risk Management process

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
ISTQBCertificationRisk ManagementProject RiskProduct RiskQuality AssuranceTesting StrategyRisk AssessmentRisk MitigationTutorial