Before understanding what is risk based testing you should know what a risk is. A risk is something that has not happened yet and it may never happen in future as well. Risk is the possibility of a negative or undesirable outcome or event.

We need to handle risk because if it happens, then it may cause very negative impact. For example, loosing customers, dissatisfied client and other stakeholders of project.

In risk based testing we organize our testing efforts based on the risk level of risk items identified during risk analysis. Risk is the primary basis for testing in analytical risk based testing strategy.

Risk based testing uses risk to prioritize the appropriate test cases during the project. It starts early in the project cycle. The risks to system quality are identified and that knowledge is used in the test planning, preparation and test execution.

Risk based testing involves both mitigation and contingency.

Mitigation: Taking steps to reduce the likelihood of risk outcome or adverse effects is known as Risk Mitigation.

You can use various Risk mitigation handling options like:

  1. Accepting the risk
  2. Avoiding the risk
  3. Controlling the risk
  4. Transferring the risk

We will explain risk mitigation handling options is detail in Risk Mitigation Planning blog post.

Contingency:  In case if the risk becomes an outcome there should be a plan to reduce the risk impact.
Risk based testing also involves risk analysis to remove or prevent defects by non-testing activities and to select the testing activities to be performed.

For risk based testing you should start with product risk analysis to figure out the risk items and level of risk associated with each risk item. Once risk items are figured out, then you can prioritize your testing activities based on the level of risk associated with each risk item.

There is no defined process or technique for doing product or project risk analysis, in general you should follow following key steps:

  1. Determine relevent participants
  2. Determining the approach for doing product or project risk analysis
  3. Prepare the interview session
  4. Collect and analyse risks
  5. Check the completeness of risk analysis

Various documents and sources from where you can get inputs for product or project risks are as follows:

  1. Software Requirements Specification
  2. Design Documents
  3. Other related project documents
  4. Business processes