What risk analysis techniques do you use?

Risks drive test ideas and influence our approach to testing.

There are many risk analysis tools and techniques out there. For example:

What else would you add to this list? What risk analysis techniques do you use? How/why did you use them and how did they help? What cautionary tales can you share about using them?

4 Likes

I was taught that we can think of risk-based testing as being inside-out or outside-in.

Inside-out is where you begin with the product and think of the risks. SWOT would probably fit here, thinking of risks based on our understanding.

Outside-in is where you think of the risks and see where they apply to the product. I suppose headlines would likely fit here, thinking of awful ends and seeing what in the product could lead to those things.

One useful inside-out idea is leveraging it for pair testing. If you can get a developer to model some function for you, explain it out with diagrams and whatnot, you can use someone else’s understanding to apply your own risk analysis. What if this part goes wrong? What if I unplug this server? What if this gets called at the wrong time? What if two users do this at once? Questions that are inspired by the explanation.

A good tool for outside-in is the HTSM. You can use the quality criteria list to create a set of requirements, then see which requirements are important to the thing you’re testing. Another would be a risk catalogue, coming up with risks for your product or industry in particular, or categorising problems you tend to find in your product. Then you can test against risks targeted to your situation.

2 Likes

I have used FMEA. I wrote this about it: How can you work with your team to identify risks?

2 Likes

I have also used Ishikawa diagrams: Using Ishikawa diagrams to improve quality

3 Likes

It’s an on going process for me, I normally note down risk assessment points on a routine basis and then after a period of time I go through them to see any trends, groupings etc. Normally I will be able to come up with a summarisation of them.
Since we work in sprints, the retro meetings are a good chance for me to stress some key pointers which helps keep the team on track.

3 Likes

You know what’s got me really excited lately? RiskStorming!

I’ve just heard about @berenvd new digital deck and can’t wait to try it out with my team. There’s something appealing about having a structured way to tackle risks while keeping it collaborative and engaging.

I’m really curious - has anyone here already tried the digital version? What was your experience like? Would love to hear some first-hand stories before I dive in!

It’s amazing how many risk analysis tools are out there, but sometimes the hardest part is just taking that first step to try something new. Here’s to learning and growing together!

3 Likes

Appreciate it, Christine!
I’ve been working on constantly improving RiskStorming for the last 8 years.
In the workshops, I’ve seen 1000’s of testers struggle, overcome and learn. But so many of us struggle with phrasing risks.

To the detriment of testing as an industry, in my opinion.

Honestly, if one can master risk analysis and management well, they can answer the question “Why”.
Why are you testing this? Why are we building this control system (monitoring, automation,…)?
And more importantly: why are we paying these testers anyway?

In my experience, and especially the past couple of months/years, testing jobs are having it difficult. Not having a clear explanation WHY your job is important isn’t helping this situation. It’s an explanation so many people are missing.

“Oh, there’s risk X, Y and Z that would cost x amount of money if not mitigated. I help mitigate these risks by frequently testing with persona customer A, B and C or by doing performance investigations to find peaks or patterns,…
I also keep the team accountable to uphold their end of the risk mitigation activities.”

If you do Risk Analysis well, coordinate a risk mitigation strategy with your team and, through story-telling and data, hook that into goals and fears of the company’s leadership, you’re showing not only that your job is crucial, but you’re also showing leadership and management potential.
If that’s a path you want in your carreer, doing risk analysis is the first step to practice your coordination and leadership abilities. :ok_hand:

Just ask your CTO or Head of Product what they care most about; Bugs or Risks. :slight_smile:

3 Likes