// Things that include business critical functions
// Sensitive data-theft of users
// Team members who are not happy with their daily activities
// Communication exists, but not really!
// Things that require deeper analysis and debugging
// So called intermittent bugs which are not really intermittent (There are no intermittent bugs)
// The unknown test coverage or test areas
Risks are “bad things that might happen”. A risk is a story about something that may or may not happen, but that plausibly could happen. Elements of that story include
a bad thing (harm, loss, annoyance, diminished value, absence of something desirable, presence of something undesirable)
happening (or not happening, in a way that is ultimately detectable) so as to affect…
some victim (a person; risk is meaningless unless it affects a person) because of
some vulnerability (a weakness, or deficiency, or overoptimisation)
in a product
or a process
that is triggered (even if there’s a vulnerability, it doesn’t matter if nothing triggers it)
by some threat (a condition that causes the vulnerability to manifest)
—Michael B.
(edited to change “does” to “doesn’t”. Not proofreading induces at least one kind of risk!)
Risks are a possible change which could affect the value of something to someone.
Risks may change the future outcome or state.
Risks are usually assumed to be about negative change, but do not have to be.
In software testing risks are usually about the potential negative change in the value of the product.
The degree of concern associated with the risk is related to the likelihood of it happening and the severity of its impact
Risks are difficult to quantify and articulate because of both their inherent associated uncertainty and human biases in logical assessment of uncertainty in the future. Those biases can be rooted in various behaviours that make logic vulnerable: such as ignorance, wishful thinking, incomplete information, prejudice, misunderstanding of statistics associated with risk, jumping to conclusions.
Risks can be used in a constructive way to frame observed anomalous behaviour, giving business context and significance to a technical description.
One of the purposes of testing.
A potential problem that could cost money, reputation, quality or safety if not addressed/mitigated
Dictate how much time we spend on what we test
Things that need to be forecasted early to avoid undesirable consequence
Something stakeholders want to know about before deciding to release the product or service
Risks are highlighted, as part of the information that is gathered, during the testing, of software, such that stakeholders can make informed decisions.
Risk: any action/no action which will place one in the undesirable situation. When I started noting down, started thinking from testing point of view but these can be applied generally
Assumptions
No Collaboration in the team
Tester not keeping checks on objective time to time or do not have objective
Risks are things that can be mitigated to reduce their impact when they eventually become certainty
Risks are things that can be exploited to amplify of their impact when they eventually become certainty
Somebody’s risk is somebody else opportunity
Risks can be quantified in term of probability P where 0<P<1
Example from this morning:
Calling an election while having majority in parliament creates a risk of losing such majority (tory)
Calling an election while not having a majority creates an opportunity for disrupting such majority (labour)
Risks might be unknown
Risks might reveal themselves as a consequence of a chain of unpredictable events
In product development risks must always be tested using experiments, generally in lean startup it is good practice to test against the riskiest assumptions (i.e. people will love this new feature, people will pay for this product, people won’t be offended by this tweet. etc)
An aware organisation visualises the known risks so that everybody is aware of them and can keep them into consideration when taking independent decisions
Some people have larger appetites than others when it comes to risk.
Large organisations often do not have appetite for risk, this often implies less innovation
Smaller organisations often have larger appetite for risks, this often implies more innovation
Thanks for the exercise @simon_tomes I look forward to the next one
P.S. I cheated and i took 6 minutes, please do not disqualify me