Sunday, July 26, 2009

Risk-based analysis

We now understand the need of prioritizing but we have yet to discuss how this should be done. We have found several examples of what to consider when prioritizing that all can be summed up in these guidelines found at Microsoft Accessibility, Technology for Everyone (Microsoft, 2000):


• Prioritize testing features that are necessary parts of the product.
• Prioritize testing features that affect the largest number of users.
• Prioritize testing features that are chosen frequently by users.


What these features are, differ from application to application and they are not always obvious. Considering the application’s purpose might help deciding the important parts of the site. Earlier we introduced purposes of web sites that we had derived from Ho’s (1997) business purposes. These purposes present different needs of prioritizing. A site for business transactions, for instance an Internet banking service, has security requirements that must be fulfilled for us users to feel confident in the application, or we will not use it. A promotional site, on the other hand, has no apparent need of high security in that sense. This can be translated into assessing the significance of a specific function or the importance of a function not to fail, which leads us to risk-based analysis where some ideas come from James Bach (2000).


Whenever we make decisions there is something working in the background considering things that might go wrong and the effects that they might have. This is also the basis of risk-based analysis. Risk-based analysis is a way of determining the order of priority between all possible errors that might occur. Risk-based analysis takes into account the two factors mentioned above:


• The Likelihood of an error to occur (L)
• The Cost of an error (C)


These two factors are given numeric values and are multiplied with each other creating a risk-value.




Fig 2.5. Risk based analysis



The higher the value – the higher the risk – the higher the priority. Based on this the further test actions can be planned.

No comments:

Post a Comment