ISTQB Technical Test Analyst 2012 Training - The Technical Test Analyst's Tasks in Risk-Based Testing
23 likes8,998 views
The document outlines the objectives, prerequisites, and tasks of the ISTQB Advanced Level 2012 Technical Test Analyst certification, focusing on risk-based testing. It details risk identification, assessment, and mitigation techniques, emphasizing the role of technical test analysts in managing project risks associated with performance, security, and reliability. Various risk assessment methods and the importance of documentation, such as risk logs, are also highlighted, underscoring the technical test analyst's contributions to testing strategies.
ISTQB Technical Test Analyst 2012 Training - The Technical Test Analyst's Tasks in Risk-Based Testing
- 1. ISTQB Advanced Level 2012 – Technical Test Analyst
- 2. Objectives Build on ISTQB CTFL in the area of test analysis Prepare for the ISTQB CTAL – Technical Test Analyst exam 31/08/20122 ISTQB Advanced Level 2012 - Technical Test Analyst
- 3. Prerequisites ISTQB CTFL or equivalent Practical experience in SW testing 31/08/20123 ISTQB Advanced Level 2012 - Technical Test Analyst
- 4. Notes Ask any time. Turn your cell silent. 31/08/20124 ISTQB Advanced Level 2012 - Technical Test Analyst
- 5. References ISTQB CTAL – TTA syllabus version 2012 31/08/20125 ISTQB Advanced Level 2012 - Technical Test Analyst
- 6. Outline The Technical Test Analyst's Tasks in Risk-Based Testing – 30 minutes Structure-Based Testing – 225 minutes Analytical Techniques Quality Characteristics for Technical Testing Reviews Test Tools and Automation 31/08/20126 ISTQB Advanced Level 2012 - Technical Test Analyst
- 7. Outline The Technical Test Analyst's Tasks in Risk-Based Testing Structure-Based Testing Analytical Techniques Quality Characteristics for Technical Testing Reviews Test Tools and Automation 31/08/20127 ISTQB Advanced Level 2012 - Technical Test Analyst
- 8. The Technical Test Analyst's Tasks in Risk-Based Testing Introduction Risk Identification Risk Assessment Risk Mitigation 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 8
- 9. The Technical Test Analyst's Tasks in Risk-Based Testing Introduction Risk Identification Risk Assessment Risk Mitigation 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 9
- 10. What is a Risk? 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 10 Uncertainty Resulting in Bad Impact Risk = Impact x Likelihood
- 11. Types of Risks Types of Risk Project Risk Organizational Factors Technical Issues Supplier Issues Product Risk 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 11
- 12. Risk Management 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 12 It is a systematic application of procedures and practices to the tasks of identifying, analyzing, prioritizing, and controlling risks. Includes all project stakeholders. Ongoing throughout the project due to: Emerging product risks Changing priorities Regular risk evaluation Risk status communication Risk Analysis Risk Mitigation Risk Identification
- 13. Risk-Based Testing A testing approach that involves risk identification, and guides testing process to reduce product risks. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 13
- 14. Risk can Guide Testing in Various Ways, for Example Test effort allocation according to risk level Choice of testing techniques according to risk level Order of testing activities according to risk order Test reporting in terms of residual risks 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 14
- 15. Technical Test Analyst Role in Risk- Based Testing Test managers establish and manage risk-based testing strategies Test managers request the involvement of the technical test analysts to ensure the risk-based approach is implemented correctly. Because of their particular technical expertise, technical test analyst are involved in: Risk identification Risk assessment Risk mitigation They contribute their knowledge of the technical risks that are inherent in the project, such as risks related to security, system reliability and performance. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 15
- 16. The Technical Test Analyst's Tasks in Risk-Based Testing Introduction Risk Identification Risk Assessment Risk Mitigation 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 16
- 17. What is Risk Identification? Identifying and categorizing risks Thinking of as many risks as possible using various techniques Risks sorting during risk analysis will identify most significant risks By calling on the broadest possible sample of stakeholders, the risk identification process is most likely to detect the largest possible number of significant risks. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 17
- 18. Techniques of Risk Identification Expert interviews Independent assessments Use of risk templates Project retrospectives Risk workshops and brainstorming Checklists Calling on past experience or lessons learned 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 18 In 10 minutes, try to identify benefits and pitfalls of each technique.
- 19. Testing can Identify Risks Testing may also identify new risks. For example, if more defects than expected are found in part of a system, indicating issues with the level of quality, new risks to project deadlines will have to be considered. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 19
- 20. Role of Technical Test Analyst in Risk Identification Technical test analysts are well-suited for: Conducting expert interviews Brainstorming with co-workers Analyzing the current and past experiences Technical test analysts work closely with their technical peers (e.g., developers, architects, operations engineers) to determine the areas of technical risk. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 20
- 21. Samples of Identified Risks by Technical Test Analysts Performance risks like not achieving response times under high load Security risks like disclosure of sensitive data in security attacks Reliability risks like failure in meeting the availability specified in the SLA 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 21
- 22. The Technical Test Analyst's Tasks in Risk-Based Testing Introduction Risk Identification Risk Assessment Risk Mitigation 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 22
- 23. What is Risk Assessment? AKA risk analysis It is the study of those identified risks in order to: Categorize each risk Categories in ISO 9126 could be used Determine the likelihood and impact associated with each risk AKA risk level More important compared to risk category 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 23
- 24. Risk Log AKA risk register A risk log lists all the identified risks and the results of their analysis and evaluation as well as the status of the risk. Often expressed as a table or spreadsheet 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 24
- 25. Risk Log cont’d It may contain or refer to the following information: Risk identifier Risk category Author (person who raised the risk) Date identified Date last updated Description of the risk Impact Likelihood Risk level (impact x likelihood) Interdependencies with other risks Mitigation actions Contingency actions Owner Status 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 25
- 26. Factors Affecting Risk Assessment Complexity of technology Complexity of code structure Conflict between stakeholders regarding technical requirements Communication problems resulting from the geographical distribution of the development organization Tools and technology Time, resource and management pressure Lack of earlier quality assurance High change rates of technical requirements Large number of defects found relating to technical quality characteristics Technical interface and integration issues 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 26
- 27. Qualitative Assessment vs. Quantitative Assessment Qualitative Assessment Risk level is subjectively determined in absence of risk data. Subject to perception and conflicts Effective if widely applied Quantitative Assessment Risk level is calculated from known facts. More preferred 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 27 Impact Assessment Likelihood Assessment Risk Level Assessment Qualitative Quantitative Qualitative Qualitative Qualitative Qualitative Quantitative Quantitative Quantitative Quantitative Qualitative Qualitative
- 28. Testing can Assess Risks Testing can help to assess risks. For example, by investigating the scope of a performance problem within a web application, the impact on customers may be determined. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 28
- 29. Role of Technical Test Analyst in Risk Assessment Contributes to finding and understanding the potential technical risk for each risk item Note that test analyst contributes to understanding the potential business impact of the problem should it occur Given the available risk information, he establishes the levels of risk according to the guidelines established by the test manager. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 29
- 30. The Technical Test Analyst's Tasks in Risk-Based Testing Introduction Risk Identification Risk Assessment Risk Mitigation 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 30
- 31. What is Risk Mitigation? AKA risk control Describes any actions that are a response to an identified risk There are 4 main options for risk control that can be combined: 1. Ignoring 2. Transference 3. Mitigation 4. Contingency 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 31 Which option is most likely to be the main choice in a risk-based testing approach?
- 32. Ignoring or Accepting the Risk Doing nothing A common response May cost nothing Chosen where the cost of all other options would not be cost effective, or, where the likelihood or impact is considered extremely low. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 32
- 33. Transference or Sharing of the Risk Sharing the cost with a 3rd party May involve taking out insurance of some kind 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 33
- 34. Mitigation or Preventive Actions to Avoid or Reduce Risks Include testing, fixing defects and then retesting and regression testing No risk is reduced by testing alone, testing is part of the risk reducing process but cannot change the risk by itself. Taking preventative action may also include using existing technology, or systems, or deciding not to go ahead with the development of a particular system or feature so as to avoid the risk altogether. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 34
- 35. Contingency or Planning Contingent Actions Planning for contingent action accepts that the risk may come to fruition but makes allowances for it. For example, there may be a risk that timescales overrun due to technical risks, contingent action could include reserving extra budget or extra time in the plan. 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 35
- 36. Role of Technical Test Analyst in Risk Mitigation Technical test analyst influences how testing responds to the identified risks. This can be done generally in 2 forms: Reducing risks Executing the most important tests Putting into action appropriate mitigation and contingency activities Evaluating risks by gathering information as the project unfolds and using them to mitigate risks impact and likelihood 31/08/2012 ISTQB Advanced Level 2012 - Technical Test Analyst 36
Editor's Notes
- #11: A risk is a chance of an event, hazard, threat, or situation occurring and resulting in undesirable consequences of a potential problem. Not all risks are of equal importance. A common way to prioritize risks is to understand their impact if occurred and their likelihood of occurrence. The level of risk is determined by both factors.
- #12: Product risk is aka quality risk. Impact is on the quality of the product.Project risk impact is on the project success itself.
- #13: Risk identification is the process of identifying risks using techniques such as brainstorming, checklists, and failure history.Risk analysis is the assessing identified risks to estimate their impact and probability of occurrence (likelihood).Risk mitigation is the process through which decisions are reached and protective measures are implemented for reducing risks to, or maintaining risks within, specified levels.
- #16: Technical Test Analysts tend to deal more with the product risks compared to the project risks.
- #19: An ‘expert’ is someone who has specialist knowledge or experience in a particular area relevant to the system. The person could be a user, a manager, a business analyst, a developer or a tester. This person may be asked to make judgments or give advice in their area of expertise. An independent assessment is where a person or a party from outside the project, for example, one with particular expertise in risk management and a specialist knowledge in the business or technical area, bring their expertise to the project in the form of consultancy. A risk template is a list of known likely risks that have been built up over time and is often stored in a spreadsheet. In this respect it is very similar to a risk checklist. What the risk template has additionally is the facility to analyze the risks by also having columns in the spreadsheet for probability and impact, which are multiplied together to give risk level. Project retrospective is looking back at incidents occurred in the project. Its unlike calling on past experience that looks on lessons learned from previous projects. A risk workshop is a formal workshop where interested and relevant parties get together to identify risks. A risk workshop may involve any of the other techniques listed here. In the first phase of brainstorming participants think of as many risks as possible. Participants must combine and mutate the risk suggestions to further increase the number of risks. It is very important during this phase not to criticize ideas as this stifles creativity. The second stage involves selecting the risks that are most relevant to the project. Lessons learned meetings traditionally occur at the end of a project and analyze what went well and what went wrong. This is to improve risk templates, checklists and procedures for future projects. Some agile methodologies advocate ‘project retrospectives’ which are essentially the same thing but occur more regularly during each iteration of the project, thereby not waiting till the end of the project to ‘learn lessons’. Note that techniques can be mixed or combined effectively.
- #32: The syllabus refers to it as mitigation but this is not correct. A better description is control.Analytical risk-based testing is focused on creating risk mitigation opportunities for the test team, including for technical test analysts, especially for quality risks. Risk-based testing mitigates quality risks via testing throughout the entire lifecycle.