When a test plan has been created, risks involved in testing the product are to be taken into consideration along with the possibility of their occurrence and the damage they may cause along with solutions; if any. Detailed study of this is called Risk Analysis.
Some of the risks could be:
New Hardware.
New Technology.
New Automation Tool.
Sequence of code delivery.
Availability of application test resources.
In Software Testing some unavoidable risk might takes place like:
Change in requirements or incomplete requirements.
Time allocation for testing.
Developers delaying to deliver the build for testing.
Urgency from client for delivery.
Defect Leakage due to application size or complexity.
To overcome these risks, the following activities can be done.
Conducting Risk Assessment review meeting with the development team.
Profile for Risk coverage is created by mentioning the importance of each area.
Using maximum resources to work on High Risk areas like allocating more testers for High risk areas and minimum resources for Medium and Low risk areas.
Creation of Risk assessment database for future maintenance and management review.
Identify and describe the risk magnitude indicators: High, Medium and Low
High magnitude means the effect of the risk would be very high and non-tolerable. Company may face severe loss and its reputation is at risk. It must be tested.
Medium: tolerable but not desirable. Company may suffer financially but there is limited liability or loss of reputation. It should be tested.
Low: tolerable. Little or no external exposure or no financial loss. Company's reputation is unaffected. It might be tested.
Three perspectives of Risk Assessment
Effect.
Cause.
Likelihood.
Effect - To assess risk by Effect, identify a condition, event or action and try to determine its impact.
Cause - To asses risk by Cause is opposite of by Effect. Begin by stating an undesirable event or condition and identify the set of events that could have permitted the condition to exist.
Likelihood - To asses risk by Likelihood is to determine the probability that a requirement will not be satisfied.
Risk Identification
There can be different type of risks include as follows-
Software Risks: Knowledge of the most common risks associated with Software development, and the platform you are working on.
Business Risks: Most common risks associated with the business using the Software.
Testing Risks: Knowledge of the most common risks associated with Software Testing for the platform you are working on, tools being used, and test methods being applied.
Premature Release Risk: Ability to determine the risk associated with releasing unsatisfactory or untested Software Products.
Risk Methods: Strategies and approaches for identifying risks or problems associated with implementing and operating information technology, products and process; assessing their likelihood, and initiating strategies to test those risks.