“Risk of failure increases where there is an undefined problem area”

Jeff Findlay

Defining Quality

• ISO: 9126

• An International software product evaluation standard

• First published in 1991

• Aimed at reducing rework by aligning requirements and desired quality characteristics

• Functions that satisfy stated or implied needs

• Capability to maintain performance under stated conditions

• Effort needed for use and individual assessment of such use

• Relationships between performance and resources used

• Effort required to make specific modifications

• Ability to transfer software from one environment to another

• Manager’s View

• Over all (balanced) quality rather than specific quality

• Schedules and costs will lead to “optimising” quality

• User’s View

• The effect of quality on the performance and function

• Quality needs generally set in isolation

• Developer’s / Tester’s View

• Different quality metric impact requirements at different dev./test phases

Quality Requirements

Weighted Risk Factors

• Manager’s View

• Stated and implied risks in terms of the project goals

• Weighted risks according to delivery and cost

• User’s View

• Prioritised risks that can result in difficulties : failure

• Developer’s / Tester’s View

• Identified complexity that impact capability

• Lack of clarity that requires interpretation

• ...

Risk Based Requirements

• Linking quality attributes to risk factors

• Focuses and prioritises project effort

• Enables quality based measurable gap analysis

• Linking requirements to risk factors

• Prioritises stated and implied needs against potential risk of failure

• Risks stated in terms of impact on the business

• Clarifies development and testing priorities

Risk Based Requirements

• Business goal (requirement)

• A stable, secure and reliable Shopping Cart for efficient customers use

Yes... It’s under stated it’s only an example

• Boundaries (risk of failure)

• Products must be available

• Data must be secure

• Response time must be “measurably fast”

• Technical considerations

• Log files...

• Transaction recovery...

Requirements Driven Risk Based Testing

• Risk of failure increases where there is an undefined problem area

• Prioritised tests, based on a risk of failure, pin-points potential problem areas

• Relating quality and risk underpins and justifies the test strategy

• Testing success is measured by risk mitigation and delivered quality

• Requirements that respect risk mitigation drive quality outcomes

Requirements Driven Risk Based Testing

Risk

Risk

Quality

Quality

• This is not new...

• 1951 - Juran’s Quality Control Handbook (Joseph Juran)

• 1991 – ISO: 9126

• 1994 - MoSCoW principle introduced (Dai Clegg)

• Risk of failure increases where there is an undefined problem area

• Requirements that are focused on risk mitigation drive project focused quality outcomes