ISTQB FOUNDATION 4.0 | Tutorial 51 | Product Risk Analysis | Risk Control | Test Management | CTFL
Summary
TLDRThis tutorial delves into the ISTQB Foundation Level Certification, focusing on managing test activities and risk management. It explains the importance of product risk analysis, its process, and the role of testers in mitigating risks. The script covers risk identification, assessment, and control, emphasizing the continuous nature of risk management. It also discusses how risk influences testing activities and the various mitigation strategies, including risk acceptance, transfer, and contingency planning.
Takeaways
- 📚 The tutorial focuses on the ISTQB Foundation level certification, particularly on managing test activities and risk management in chapter 5.
- 🔍 Product risk analysis is a key process that aims to create awareness of product risks to focus testing efforts and minimize residual risk.
- 📉 Product risk, also known as quality risk, is the responsibility of the testing team to mitigate through appropriate testing.
- 📝 Risk identification involves generating a comprehensive list of risks, often involving a wide range of stakeholders and various techniques such as brainstorming and workshops.
- 📊 Risk assessment includes categorizing risks, determining likelihood and impact, and using these to prioritize risks and propose mitigation strategies.
- 🔑 Categorization of risks is crucial for assigning mitigation actions, as similar risks can often be mitigated using the same approach.
- 🛠 Risk identification influences the test process by affecting the intensity, time allocation, prioritization, and other factors of testing activities.
- 🔄 Product risk analysis is not a one-time activity but should be conducted repeatedly at each milestone to identify any new or emerging risks.
- 🛡 Product risk control involves measures taken in response to identified and assessed risks, including risk mitigation and monitoring.
- 🔄 Risk mitigation involves implementing proposed actions to reduce risk levels, while risk monitoring ensures mitigation actions are effective and identifies emerging risks.
- 🛑 The tutorial suggests that risk response options include mitigation, acceptance, transfer, or having a contingency plan to handle identified risks.
Q & A
What is the primary goal of product risk analysis from a testing perspective?
-The primary goal of product risk analysis from a testing perspective is to provide an awareness of the product risks in order to focus the testing effort in a way that minimizes the residual risk or product risk.
What is the difference between project risk and product risk?
-Project risks are related to the activities of the project and are mainly owned by the project manager. Product risks, on the other hand, are those that the testing team is responsible for mitigating by conducting appropriate amounts of testing.
What are the two major phases of product risk analysis?
-The two major phases of product risk analysis are risk identification and risk assessment.
How can stakeholders identify risks during risk identification phase?
-Stakeholders can identify risks by using various techniques and tools such as brainstorming, workshops, interviews, or cause-effect diagrams.
What is the purpose of categorizing risks during risk assessment?
-Categorizing risks helps in assigning mitigation actions because risks falling into the same category can often be mitigated using similar approaches, making the risk management process more efficient.
What are the two approaches to risk assessment mentioned in the script?
-The two approaches to risk assessment mentioned are the quantitative approach, where risk level is calculated as the multiplication of likelihood and impact, and the qualitative approach, which uses a risk matrix to determine the level of risk.
How does product risk analysis influence the testing process?
-Product risk analysis influences the thoroughness and scope of testing by determining the scope of testing, the particular test level, the test types to be performed, the techniques to be employed, the coverage to be achieved, estimating the effort required, prioritizing testing, and identifying critical defects as early as possible.
What is the purpose of risk monitoring in product risk control?
-The purpose of risk monitoring is to ensure that the mitigation actions are effective, to obtain further information to improve risk assessment, and to identify any emerging risks.
What are the four response options to risk after it has been analyzed?
-The four response options to risk after it has been analyzed are risk mitigation, risk acceptance, risk transfer, and having a contingency plan.
What are some actions that can be taken to mitigate product risk by testing?
-Actions to mitigate product risk by testing include selecting testers with the right experience and skills, applying appropriate levels of independent testing, conducting reviews and static analysis, applying the appropriate test techniques and coverage tools, applying the appropriate test types, and performing dynamic testing including regression testing.
Why is product risk analysis not a one-time activity?
-Product risk analysis is not a one-time activity because as the project unfolds and more details come into picture, new risks may emerge that were not initially identifiable. It should be a consistent activity conducted repeatedly at each milestone to ensure that any new risks are identified and addressed.
Outlines
📚 Introduction to Product Risk Analysis
This paragraph introduces the concept of product risk analysis within the context of ISTQB Foundation Level certification. It emphasizes the importance of understanding and managing product risks, which are the responsibility of the testing team, as opposed to project risks managed by the project manager. The main goal of product risk analysis is to raise awareness of potential product risks to focus testing efforts effectively. The paragraph outlines the process of risk identification and assessment, highlighting the need for a comprehensive list of risks involving various stakeholders and techniques such as brainstorming and workshops. It also touches on the categorization of risks and the importance of prioritizing them to propose mitigation actions.
🔍 Risk Assessment Techniques and Influence on Testing
This section delves deeper into the techniques used for risk assessment, such as quantitative and qualitative approaches, and how they can affect the testing process. It explains that risk assessment can influence the intensity, time allocation, and prioritization of test execution. The paragraph also discusses the influence of risk on the thoroughness and scope of testing, including determining the test levels, types, techniques, and coverage required. It suggests that risk analysis can guide the selection of appropriate test strategies and the identification of critical defects early in the project lifecycle. The paragraph concludes by mentioning that risk management is not limited to testing activities alone but can also involve hiring consultants, attending workshops, or implementing new practices to mitigate risks.
🛡️ Product Risk Control and Mitigation Strategies
The final paragraph focuses on the control of product risks, explaining that risk management is an ongoing process that should be repeated at each project milestone to identify new risks. It outlines the steps of risk mitigation and monitoring, emphasizing the importance of implementing corrective actions and keeping track of emerging risks. The paragraph also presents various response options to risks, such as mitigation, acceptance, transfer, and contingency planning. It concludes by suggesting specific actions that can be taken to mitigate product risks through testing, such as selecting experienced testers, applying independent testing, and using appropriate test techniques and tools. The speaker encourages viewers to stay tuned for more advanced details on risk management in future tutorials and invites questions and comments for further clarification.
Mindmap
Keywords
💡ISTQB Foundation Level Certification
💡Risk Management
💡Product Risk Analysis
💡Residual Risk
💡Risk Identification
💡Risk Assessment
💡Categorization
💡Quantitative and Qualitative Approaches
💡Risk Influence on Testing Activities
💡Product Risk Control
💡Risk Mitigation
Highlights
Introduction to managing test activities and risk management in ISTQB Foundation Level certification.
Understanding the process of product risk analysis and its role in mitigating risks.
Differentiating between Project Risk and Product Risk, and the testing team's responsibility in mitigating product risks.
The goal of product risk analysis is to focus testing efforts to minimize residual product risk.
Product risk is synonymous with quality risk.
Product risk analysis begins early in the SDLC and includes risk identification and assessment.
Risk identification involves generating a comprehensive list of risks using various techniques and tools.
Risk assessment involves categorization, determining likelihood and impact, and prioritizing risks.
Categorization of risks helps in assigning mitigation actions and reusing action items.
Risk assessment can use quantitative or qualitative approaches.
Risk identification influences the test plan, intensity, time allocation, and prioritization of test execution.
Product risk analysis influences the thoroughness and scope of testing, determining test levels, types, and techniques.
Risk control includes measures taken in response to identified and assessed product risks, such as mitigation and monitoring.
Risk assessment is a continuous activity, conducted repeatedly at each milestone to identify new risks.
Different response options to risk include mitigation, acceptance, transfer, and contingency planning.
Action items to mitigate product risk by testing include selecting experienced testers, applying test techniques, and conducting dynamic testing.
Encouragement for continuous learning and exploration in the context of risk management.
Transcripts
Hello friends and greetings for the day
welcome back to another tutorial on
istqb Foundation level certification we
are in chapter 5 talking about managing
the test activities and continuing ahead
with our same segment that is 5.2 risk
management and as a part of today's
tutorial we'll understand the process of
product risk analysis and at the same
time how exactly we can look forward to
mitigate
them
so in our previous tutorial we tried
understanding the definition and Basics
about what is a risk and how exactly
risk can be managed throughout the life
cycle into two different phases and
today uh we will continue further to
understand the process about however the
process consist of the activi what we
have already covered in our previous
tutorial but it in a nutshell it will
give you a sequential way of how exactly
do we make use of different faces and
what exactly is the contribution of
tester in the same at the same time
we'll also understand how exactly risk
influences our activities and what are
those activities at the same time we'll
also see what exactly are the different
actions which we can take in order to
mitigate a risk to get started the very
first thing is the product risk analysis
if you remember we discussed about two
risk that is Project risk and product
risk where project risk are those which
are related to the activities of the
project and mainly goes with the
ownership to the project manager
when it comes to product risk the
testing team is someone who's
responsible to mitigate them by
conducting appropriate amount of testing
so let's talk about the product risk
analysis as a process when it comes to
product risk analysis from a testing
perspective the goal of product risk
analysis is to provide an awareness of
the product risk in order to focus the
testing effort in a way that minimizes
the residual risk or product risk now in
simple words we we cannot make a blind
statement every time that we can
mitigate all the risk mitigation is not
every time possible so in general we
always try to make a statement that we
try to reduce the level of risk of the
residual risk which means the ones which
are remaining at any point of time so in
the beginning of the project everything
is remaining for me at the end of the
project there might be some risk which
you could not mitigate so we always say
the objective of testing is to mitigate
uh as much as possible which is
basically to reduce the level of risk of
the residual risk also to remind you
product risk is also known as quality
risk okay so they both are exactly the
same that is the synonym of product risk
itself also to add here uh ideally the
product risk analysis begins right early
in the sdlc product risk analysis
consist of risk identification and risk
assessment which are the two major
phases when it comes to risk
identification it is about generating a
comprehensive list of risk which can
involve a very wide and broad range of
stakeholders now here stakeholders can
identify Risk by using various
techniques and tools some of the
techniques include brainstorming
workshops interviews or cause effect
diagram so in fact there are many other
ways to do it there are several
techniques which we can employ in order
to identify the best list of risk
possible but all these will be deep died
again when you come to the advanced
level at Foundation we are just keeping
it to the point and a simple
introduction on the other hand if I talk
about the risk assessment this involves
categorization of identified risk
determining their risk likelihood impact
in turn the combination of impact and
likelihood becomes the level of risk
then we prioritize them and propose ways
to handle them categorization helps in
assigning mitigation action because
usually risks fa falling into the same
category can be mitigated using the
similar approach so we do understand
that if we don't categorize a risk we
might be every time utilizing our time
to determine how to mitigate them given
that we can categorize some of the risk
into one particular category I may reuse
the action items or the mitigation
actions what I've defined for one of
them one of them into the same category
so that's where it basically becomes
very crucial and important to categorize
the risk together and make use of the
existing defined action items to that of
the other ones also to deal with uh when
it comes to to the residual risk which
basically talks about any item which is
remaining I consistently keep looking at
what are those things so taking a quick
example here that what could be the
classification of risk for example
things which are related to design I can
categorize that to make it together if
I'm talking about the risk related to
coding or programming errors I can
categorize them together or risk related
to any other attribute like performance
security I may categorize them together
but there would be some more deep dive
I'm just giving you a high level example
that what did I mean by saying
categorization also to add here risk
assessment can use of quantitative or
qualitative approach or mix of them as
well now here in quantitative approach
the risk level is calculated as the
multiplication of likelihood and impact
whereas in qualitative approach the risk
level can be determined using risk
Matrix so both of these are going to be
deep dived at the advanced level and and
right here we do not have them into our
context so that's where just the name
would be enough quantitative and
qualitative quantitative is
multiplication of likelihood and impact
whereas qualitative is more a matrix
which determines the level of well when
it comes to determining how exactly risk
identification influences testing
activities if you remember when we spoke
about test planning factors influencers
that is what are those factors which can
influence the test plan or test process
uh we had one of the items called as
risk as well right and risk register is
the list of risk whatever you find in
your project and product so certainly
identification of risk do influence my
test process the intensity the amount of
testing the time allocated the
prioritization of the test execution and
various other factors please keep
correlating the topics to that of what
you have already covered if you remember
in the test execution schedule we told
you that risk is one of the way by which
we can uh prioritize our test cases same
way one of the key objectives of testing
is to uh prioritize or remove or
mitigate the risk as much as possible so
there are different chapters talking
about the risk again and again so make
sure that you have those dots connected
very well now let's talk about the
influence of risk on testing process so
product risk analysis May influence the
thoroughness and scope of testing its
results are used to determine the scope
of testing to be carried out determine
the particular test level and propose
the test types to be performed determine
the techniques to be employed and the
coverage to be achieved estimate the
effort required for each task prioritize
testing and attempt to find the critical
defects as early as possible and
determine whether any other activity in
addition to testing could be employed uh
to reduce the risk in simple words we do
not blindly select the test levels or
test types to be conducted if you think
conducting non-functional would help you
better mitigate this risk you must
deploy them at the same time if you
think making use of equivalence
partition or boundary value analysis as
techniques could help you derive better
test cases then you must make use of
them at the same time when we talk about
conducting the amount of testing or
prioritizing the test in order to find
effect early would be another benefit or
another way by which I can look forward
to mitigate a risk or reduce the level
of risk early in the life cycle and last
that's one more important thing to talk
about that it's not something thing that
only testing activities which you know
can only be used in order to mitigate a
risk if you think hiring a risk
consultant can help you find things
better or recommend you steps better
hire them if you think attending a
workshop related to risk of your
industry practices would help you
understand better then do that right so
seminar workshops or implementing
something new which you have never done
before or hiring a consultant in your
organization to help you better can be
another set of activities what I can
really perform in order to get better
grip on what I'm doing right and that's
where we say that a risk and assessment
outcome or product risk analysis outcome
can influence my testing in different
ways finally the last exra item here is
to talk about the last step that is
product risk control Now product risk
control is not that generic word that
how can we control a risk we cannot
control a risk to be frank or we cannot
stop a risk to happen but point being
made here is how do you keep an eye and
consistently take care of the corrective
and those guiding actions what can be
taken in order to make sure that every
single risk is in your context and
doesn't go missing or missed out so when
it comes to product risk control it
basically comprises of all measures that
are taken in response to identified and
assessed product risk where product risk
control consists of risk mitigation and
risk monitoring when it comes to risk
Mitigation Of course these are all that
steps what you can take in in order to
uh mitigate the risk and which includes
uh implementing the action proposed in
risk assessment to reduce this risk
level the aim of risk monitoring is to
ensure that the mitigation actions are
effective to obtain further information
to improved risk assessment and to
identify any kind of emerging risk at
this point we would just like to let you
know that risk assessment or risk uh
product risk analysis is not a one-time
activity to certain extent during the
beginning of the project we may not have
all that visibility all that information
what we might need in order to identify
the risk very potentially but later as
the project unfolds as more details
comes into picture and as the product
comes right in front of you getting
built up you may have more information
with you does risk identification or
risk assessment is a more of like
continuous activity like every single
Milestone you must conduct it repeatedly
to make sure that any new identified
risk have occurred or not right because
initially you may not have all the
information what you may need to
identify all possible risk areas so thus
it should be a consistent activity and
that's where we call this phas as risk
monitoring which is to keep identifying
new items or sometime other around as
well that means maybe the risk what you
identifi is no longer a risk okay so to
further add here of course uh with
respect to the product risk control once
a risk has been analyzed several
response options to risk are possible
example risk mitigation by testing risk
acceptance risk transfer or contingency
plan now here the four different items
certainly talk about four different
things one you you have understood the
risk and you have some action items to
do in order to mitigate the risk so one
you can mitigate a risk given that you
can do it second is acceptance which
means that you understand the risk but
you not do anything about it and that's
acceptance for more of things like act
of Act of God right act of God like you
know turn is strong there is a risk it
can impact a city a lot people a lot
they can kill people but still you
accept the risk because there's no way
you can mitigate it right you only have
the contingency plan right you can all
you can have is that and then of course
the transfer risk is option where you
identify risk but you realize that it's
not you or your team who can handle it
better but someone else can can handle
it better for example if you perceive a
performance risk and you are a
functional tester then you can certainly
transfer the ownership of this risk to
the performance testers or performance
team and contingency is certainly about
the preventions securing it as much as
possible so in a shopping mall having a
you know fire extinguisher a security
guard and all those steps what you take
to prevent fire prevent theft is all
contingency for it so we have four
options as in when a risk is identified
either mitigate it or accept it or take
a contingency plan to prevent it to
happen because maybe happening would be
more expensive than preventing it which
we always know or transfer it to the
right team don't try to save it yourself
okay also to add further uh action that
can be taken to mitigate the product
Risk by testing are as follows which
includes some of the things what we just
discussed in our previous topic but
still uh select the testers with the
right level of experience and skills
suitable for a given risk type apply an
appropriate level of independent of
testing um conduct reviews and perform
static analysis apply the appropriate
test techniques and coverage tools apply
the appropriate test types addressing
the affected quality characteristic or
perform Dynamic testing including
regression testing that means do all
that which you think can help you
mitigate the risk at any point of time
okay that's an outcome of mitigation or
mitigation action which I can take in
order to mitigate a known or identified
risk so that's all from the risk
mitigation Point risk management point
of team I hope you got a really good
understanding of that so we will be
having more details in the advanced
level so stay tuned for that so that's
all from this particular tutorial team
should you have anything else feel free
to comment below I'm always there to
address your queries and answer them
well till then keep learning keep
exploring keep understanding the context
thanks for watching the video team and
happy learning
[Music]
浏览更多相关视频
ISTQB FOUNDATION 4.0 | Tutorial 50 | Risk Identification | Risk Assessment | CTFL Tutorials
ISTQB FOUNDATION 4.0 | Tutorial 56 | Sample Questions on Chapter 5 | Test Management | ISTQB Exam
ISTQB FOUNDATION 4.0 | Tutorial 44 | Purpose and Context of Test Plan | Test Management | CTFL
ISTQB FOUNDATION 4.0 | Tutorial 45 | Release and Iteration Planning | Test Management | CTFL
Risk Management Basics | Google Project Management Certificate
Risk Management MindMap (3 of 3) | CISSP Domain 1
5.0 / 5 (0 votes)