Note that a number of authors confuse
risk
with
risk exposure
.
We can express exposure (in this case of a feature) as an equation [Sherer]:
where
= exposure of feature
F
during time
T
= probability of use
i
of feature
F
= probability that hazard
j
occurs when feature
F
is being used by i
= consequence (cost) of hazard
j
occurring during time
T
Example 1.
A system??™s feature might be the daily printing of a report. User profile analysis shows this
to be utterly critical on 2.25 days every week and not important otherwise. An analyst uses the
report. The Chairman also wants the report but will do nothing with it. The non-availability of
the report will at non-critical times still have a cost of wasted time of US$5. If the report is wrong
the cost incurred by the analyst will be US$5m. If the analyst doesn??™t get the report on time the
cost is US$3m.
X T pU p
H U
C T F
i
F
i
j
i
F
j
j ( )= ( ) ??›
??? ???
???
?? ???
( ) ??‘ ??‘
X T F( )
p Ui
F ( )
p
H
U
j
i
F
??›
??? ???
???
?? ???
C T j( )
Risk Management
33
??? Dividing the critical day by the number of days it might be run gives us a probability figure
of 2.25/5 days in which the feature is used.
??? The report might be at risk for several reasons (see Table 3.2).
TABLE 3.1
Project risks and how the test team can help mitigate them
Risk Test activity
Unclear, or misunderstood scope,
or objectives
Misunderstood requirements
Review the specifications for testability (all part of your job) and then complain loudly
when anything is unclear.
Pages:
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143