In former posts I referred to something called the Quality Risk Assessment or QRA.
Before elaborating further, I have to cite this as the work of another author – Rex Black who is a luminary in the world of testing.
You can read about the QRA (and more besides) in Rex’s own words here*. Equally, you can buy this book.
* I include a link here to a copy I’ve tucked away for safe keeping just in case – but hopefully the link above remains sound.
My interest in the QRA approach arose from the following observations
1. I needed a systematic way of apportioning test resources to a potentially infinite task
2. I’d made efforts with Failure Mode Effect Analysis (FMEA) but it was too resource intensive for my purposes
3. I needed an additional offering for stakeholders so that they could see their concerns were being prioritised and addressed
4. I wanted to maximise resources in the areas of greatest concern
5. I wanted to do as much work up front to de-risk implementation and release activities.
It was while reading generally around the subject of testing that I came across the quality risk assessment and realised this was the tool for the job.
I include a screen shot here and a link to a specimen spread sheet here which you can help yourself to. I’ve hastily entered some specimen data for illustrative purposes.
The screen shot here only goes so far. I’ve got a few formulas to prioritise the risk categories, some charting (not sure it adds anything but certainly looks nice). The work sheet can undoubtedly be taken further and if anyone has any bright ideas, please make yourselves known. (Bubble chart of risks or a top 10 list of highest RPNs anyone?).
I’ve used data validation to constrain the severity, priority and likelihood fields to values of 1-5. I use the following definitions, but you can use what works for you.
Loss of data
Loss of functionality
Loss of functionality (with work around)
Partial loss of functionality
Looking back at the conceptual model I proposed a while back, we can see that we’ve covered quite a bit of ground on requirements gathering (with plenty more to go), this post with the additional links should give you a solid insight into the application and use of a quality risk assessment.
I recommend having the QRA up your sleeve. If you need a tool which is widely applicable, prioritises resources and is comprehensible to a range of stakeholders, I contend there are few better tools.