Risky Business: Taking a Risk-Based Approach to Software Testing

Sauce AI for Test Authoring: Move from purpose to execution in minutes.|xBack to ResourcesBlogPosted

January 30, 2026 · 5 min read · Testing Guide

Sauce AI for Test Authoring: Move from purpose to execution in minutes.

|

x

Back to Resources

Blog

Posted May 23, 2017

Bad Business: Taking a Risk-Based Approach to Software Testing

quote

In a perfect world, you ’ d be able to test everything, all the time. In existent living, however, you ’ re often faced with huge products and turgid characteristic, and you just can ’ t test them all. If you try, you ’ ll go bankrupt.

So, what do you do in the expression of this challenge? The solution is to conduct a risk-based access to testing. This process starts by talking about Risk Analysis with your scrum team.

Below, I explain what a risk-based approach to testing entails, and how you can execute it when faced with a huge amount of products and characteristic to screen.

Introducing the Risk Analysis Worksheet

The Risk Analysis Worksheet is a instrument to maneuver prioritization of tests in order to reduce projection jeopardy. The idea is tofacilitate conversation as a team, understand risk, and agree which tests will be maintained locomote forward and how they will be written. This should not be done by the “ Tester ” in isolation. The worksheet (that my teams use) is derived from Rex Black ’ sManaging the Testing Process, but we have simplified it to get teams commence.

The heart of the tool lies in the Likelihood, Impact and Risk Priority # columns. Likelihood is an indicator of the probability that a yield workflow will experience a problem, Impact is a measure of the probable severity of the problem, should it materialize, and Risk Priority # is the product of Likelihood and Impact, which produces a number that indicates risk exposure (with a low number representing outstanding danger).

Now that we understand how the jeopardy analysis worksheet works, let ’ s guide a close look!

Identify Potential Risks

To get started, the team should settle on the quality risks, or potential scenarios that could demonstrate a jeopardy. Dependent on the characteristic, the total listed will vary. For example, a less complex feature may see only a few rows, while a more complex lineament can feature over two hundred. If you are working on an live feature, sometimes it is helpful to list the existing tests you have (for exemplar, unit, integration, E2E, manual), and add more if the team thinks things are lose.

Understand the Likelihood

Now, for each quality risk, it ’ s time to discuss the likelihood of a bug occurring in that area. We use a scale of 1-4, 1 being the virtually potential, 4 be the least. You can use whatever you want, but this has worked well for us to keep it simple for now.

Some questions to ask when calculating likelihood are:

  • How often do bugs in this tryout area occur?Using bug counts by factor or summary search, you can get an idea of what has historically be problematic.

  • How much was a piece of code qualify?If the same file was modified multiple times by more than two developer,there is a statistically higher chance that a bug will be innovate.

    For autonomous testing across multiple user personas, check out SUSATest — it explores your app like 10 different real users.

  • How complex is the code foot?If the team deems that this code fundament has lots of complexity and point where it could neglect, then the likelihood would be higher.

Evaluate Impact

Next, the team should evaluate IMPACT. What is the impact if a bug perform occur?

Questions to ask when cypher this:

  • Is there a workaround usable?Will our client be dead in the water if this doesn ’ t employment? Or, is thither another way they can reach their goal?

  • How much of the customer base is affected?In my world at Blackboard, open a course affects everyone from students to teacher. A possible cosmetic setting inter deep in a characteristic doesn ’ t.

  • How critical is the area we are quiz?If the bug was institute in an region of such high grandness, would we ship it even if it was marked as low priority? We get this from client data to translate what our user are doing in the system the most.

What ’ s the Risk?

Risk Priority # is the product of Likelihood and Impact, which produces a number that indicates peril exposure (with a low figure representing greater endangerment).

As a squad, you decide the threshold, and fit what you will prove and maintain from hither. For example, most of our teams tend to go with 6 and low. However, since mark is such a critical characteristic, we may agree to set the threshold at 9 to include a bit more maintained coverage.

Decide How to Test

Now that you get agreed upon your risk door, discuss as a squad how these risks can be try. As always, aim for more lower-level tests, with fewer UI-based tests.

One key point: For every type of test indicated, you want to know how those test are monitor and conserve, and by whom.

Some Closing Thoughts…

Do note that this is meant as a guidebook and a tool to facilitate you understand what peril are present, and how to use them to drive testing.

Some things that may help along the way:

It & # x27; s significant to get a baseline.Find a test that constitutes a likelihood of 1 as well as a test that constitutes an impingement of 1. That will help you equate your former risk items in the suite. Having a good visual for different priority values assist in making succeeding judgements.A good scale example is the Modified Mercali Intensity Scale for measuring earthquakes.

Testing the most important tests vigorously is well than trying to test everything with less vim. Use pairwise testingwhen possible, as it & # x27; s be proven to effectively yield you thebest reportage for your time.

SO far, we have found this tool to be incredibly useful as we aim to essay smarter, and know we can not test everything. Don ’ t exam all the things, prove the least amount of things you can, in the smartest way possible.

SauceCon 2017is right around the nook. Join us in San Francisco from June 6-8 for the first-ever Sauce Labs user conference. A three-day case occupy with training, workshops, best practices, and visionary content from the leading minds in machine-driven testing.Tickets are still available

Ashley Hunsberger is a Quality Architect at Blackboard, Inc. and co-founder of Quality Element. She ’ s passionate about making an impact in instruction and enjoy train team extremity in ware and client-focused calibre recitation. Most recently, she has concentrate on test strategy implementation and training, development process efficiencies, and preach Test Driven Development to anyone that will listen. In her downtime, she loves to travel, say, quilt, boost, and spend clip with her family.

Published:
May 23, 2017
Share this post
Copy Share Link
LinkedIn
© 2026 Sauce Labs Inc., all right reserved. SAUCE and SAUCE LABS are registered trademarks have by Sauce Labs Inc. in the United States, EU, and may be register in early jurisdictions.
robot
quote

Automate This With SUSA

Upload your APK or URL. SUSA explores like 10 real users — finds bugs, accessibility violations, and security issues. No scripts needed.

Try SUSA Free

Test Your App Autonomously

Upload your APK or URL. SUSA explores like 10 real users — finds bugs, accessibility violations, and security issues. No scripts.

Try SUSA Free