ISTQB FOUNDATION 4.0 | Tutorial 50 | Risk Identification | Risk Assessment | CTFL Tutorials

TM SQUARE

14 Mar 202412:17

Summary

TLDRThis tutorial delves into the ISTQB Foundation Level certification, focusing on Chapter 5.2: Risk Management. It introduces risk as an uncertainty with potential side effects and differentiates between project and product risks. The script explains the risk management process, including identification, assessment, mitigation, and monitoring. It highlights the importance of risk analysis in organizing testing and emphasizes risk-based testing strategies. The tutorial also touches on risk assessment, considering both likelihood and impact, and outlines examples of project and product risks, underlining the necessity to mitigate risks to avoid negative consequences.

Takeaways

📘 Risk is defined as an uncertainty that may or may not occur but could have a negative side effect if it does.
🔍 Risks can be classified into two categories: Project Risk and Product Risk, with the former related to the activities that build the product and the latter to the product's attributes.
👷‍♂️ Project Risks are pre-release and can include poorly defined requirements, insufficient or unskilled resources, and incapable testing processes.
🛍️ Product Risks are post-release and relate to the functionality and non-functionality of the product, such as poor performance or user-friendliness.
🛡️ Risk Management aims to increase the likelihood of achieving objectives, improve product quality, and boost stakeholder confidence and trust.
🔎 The Risk Management process involves Risk Analysis and Risk Control, which are further broken down into Risk Identification, Assessment, Mitigation, and Monitoring.
📊 Risk Assessment combines two factors: Risk Likelihood (the probability of the event occurring) and Risk Impact (the severity of the effect if the risk occurs).
📉 Risk-Based Testing is an approach where test activities are selected, prioritized, and managed based on risk analysis and control.
🔑 Understanding the level of risk is crucial for determining the priority of testing and mitigation efforts, with higher levels of risk requiring more attention.
🚫 Project Risks, if not managed, can lead to negative consequences such as delays, cost overruns, and stakeholder dissatisfaction.
🛑 Product Risks, if they materialize, may result in user dissatisfaction, loss of revenue, reputation damage, and in extreme cases, physical harm or legal penalties.

Q & A

What is the primary focus of the tutorial?
-The primary focus of the tutorial is to introduce the concept of risk management within the context of ISTQB Foundation Level certification, specifically discussing how to manage test activities and the importance of risk identification, assessment, mitigation, and monitoring.
What is the definition of risk in the context of this tutorial?
-In this tutorial, risk is defined as an uncertainty that may or may not happen, but if it does occur, it would have a side effect or impact, which as a project or QA member, one is responsible to identify and help mitigate.
How are risks classified in the tutorial?
-Risks are classified into two categories: Project risk and Product risk. Project risks are related to the activities that build the product, while product risks are related to the functional and non-functional attributes of the application itself.
Can you provide an example of a product risk?
-An example of a product risk is poor performance of an application, which could lead to users abandoning the product. Other examples include user unfriendliness, or a weighing machine that is not calibrated, which could affect the product's functionality and user satisfaction.
What constitutes a project risk according to the tutorial?
-A project risk is associated with the activities or tasks performed to build the product. Examples include poorly defined requirements, insufficient or unskilled resources, and testing that is incapable of finding quality defects or meeting required standards.
What is the main purpose of risk management in an organization?
-The main purpose of risk management in an organization is to increase the likelihood of achieving objectives, improve the quality of products, and increase stakeholders' confidence and trust.
What are the four main phases of risk management mentioned in the tutorial?
-The four main phases of risk management mentioned are identification, assessment, mitigation, and monitoring.
What is the difference between risk-based testing and other testing approaches?
-Risk-based testing is an approach where test activities are selected, prioritized, and managed based on risk analysis and control. It differs from other testing approaches in that it focuses on managing test activities by assessing the potential risks associated with the product or project.
What are the two factors that characterize a risk?
-The two factors that characterize a risk are risk likelihood and risk impact. Likelihood refers to the probability of the event occurring, while impact refers to the severity or side effects that would result if the risk materializes.
What are some examples of project risks in software testing?
-Examples of project risks in software testing include organizational issues like delayed product deliveries, people issues such as insufficient skills or communication problems, technical issues like poor tool support, and supplier issues like third-party delivery failure.
What are some examples of product risks?
-Examples of product risks include missing or incorrect functionality, incorrect calculations, runtime errors, poor architecture, inefficient algorithms, inadequate response time, poor user experience, and security vulnerabilities.
What could be the negative consequences if product risks occur?
-If product risks occur, they may result in negative consequences such as user dissatisfaction, loss of revenue, damage to reputation, high maintenance costs, overload of help desks, legal penalties, and in extreme cases, physical damages, injuries, or even death.