Take the 5 minute challenge! What are Risks?

I just posted something on Twitter, to which @friendlytester replied

5 min challenge. I do this, but now thinking could we turn into something. You reckon you could do some of these on The Club?

So get started

1. Click Reply
2. Start a 5 minute timer
3. Write all the thoughts that come to mind until BEEEEEP
4. Click Reply

• Or, do it on paper and upload a picture as a reply

Why?

• It’ll be fun!
• It helps you arrange some thoughts
• It helps others arrange their thoughts by reading all the responses
• Sharing our thoughts helps ideas grow

So lets give it a shot! Inspired by last night’s Software Testing Clinic: The topic is “What are risks?”

Risks are…

• Something that informs where and how we might test
• Something that could happen and isn’t proven
• Something in dreamland that needs investigation to see if it’s real
• An assumption that informs testing activity
• A way to prioritise exploration
• Something to help us think critically about our product
• Something you don’t want your customers to experience
• Something we should investigate
• Something that helps us focus and scope our testing
• A communication tool to have discussions with the business

• Things that threaten the value of something
• The focus of testing
• Things that help us decided where to start testing
• Something we want to mitigate
• Things that is always present, but not always important
• A quick reason to start a conversation
• A concern someone may have

// Things that include business critical functions
// Sensitive data-theft of users
// Team members who are not happy with their daily activities
// Communication exists, but not really!
// Things that require deeper analysis and debugging
// So called intermittent bugs which are not really intermittent (There are no intermittent bugs)
// The unknown test coverage or test areas

Risks are “bad things that might happen”. A risk is a story about something that may or may not happen, but that plausibly could happen. Elements of that story include

• a bad thing (harm, loss, annoyance, diminished value, absence of something desirable, presence of something undesirable)
• happening (or not happening, in a way that is ultimately detectable) so as to affect…
• some victim (a person; risk is meaningless unless it affects a person) because of
• some vulnerability (a weakness, or deficiency, or overoptimisation)
• in a product
• or a process
• that is triggered (even if there’s a vulnerability, it doesn’t matter if nothing triggers it)
• by some threat (a condition that causes the vulnerability to manifest)

—Michael B.

(edited to change “does” to “doesn’t”. Not proofreading induces at least one kind of risk!)

Risks are a possible change which could affect the value of something to someone.
Risks may change the future outcome or state.
Risks are usually assumed to be about negative change, but do not have to be.
In software testing risks are usually about the potential negative change in the value of the product.

The degree of concern associated with the risk is related to the likelihood of it happening and the severity of its impact

Risks are difficult to quantify and articulate because of both their inherent associated uncertainty and human biases in logical assessment of uncertainty in the future. Those biases can be rooted in various behaviours that make logic vulnerable: such as ignorance, wishful thinking, incomplete information, prejudice, misunderstanding of statistics associated with risk, jumping to conclusions.

Risks can be used in a constructive way to frame observed anomalous behaviour, giving business context and significance to a technical description.

One of the purposes of testing.
A potential problem that could cost money, reputation, quality or safety if not addressed/mitigated
Dictate how much time we spend on what we test
Things that need to be forecasted early to avoid undesirable consequence
Something stakeholders want to know about before deciding to release the product or service

From a slightly different angle perhaps

Risks are highlighted, as part of the information that is gathered, during the testing, of software, such that stakeholders can make informed decisions.

Risk: any action/no action which will place one in the undesirable situation. When I started noting down, started thinking from testing point of view but these can be applied generally

1. Assumptions
2. No Collaboration in the team
3. Tester not keeping checks on objective time to time or do not have objective
4. Inadequate coverage
5. Not raising testing/tester’s concerns
6. Thinking testing is easy

Risks are things that can be mitigated to reduce their impact when they eventually become certainty
Risks are things that can be exploited to amplify of their impact when they eventually become certainty
Somebody’s risk is somebody else opportunity
Risks can be quantified in term of probability P where 0<P<1
Example from this morning:
Calling an election while having majority in parliament creates a risk of losing such majority (tory)
Calling an election while not having a majority creates an opportunity for disrupting such majority (labour)
Risks might be unknown
Risks might reveal themselves as a consequence of a chain of unpredictable events
In product development risks must always be tested using experiments, generally in lean startup it is good practice to test against the riskiest assumptions (i.e. people will love this new feature, people will pay for this product, people won’t be offended by this tweet. etc)
An aware organisation visualises the known risks so that everybody is aware of them and can keep them into consideration when taking independent decisions
Some people have larger appetites than others when it comes to risk.
Large organisations often do not have appetite for risk, this often implies less innovation
Smaller organisations often have larger appetite for risks, this often implies more innovation

Thanks for the exercise @simon_tomes I look forward to the next one
P.S. I cheated and i took 6 minutes, please do not disqualify me