Risk-based requirement prioritization — save project money, time and effort
Nov 17, 2022 by Yogesh Kshirsagar
×
Nov 17, 2022 by Yogesh Kshirsagar
Risk-based prioritization (RBP) is about identifying requirement risks, understanding testing needs
and ranking requirements in line with business priorities.
Testing has its own set of risks
including ambiguous requirements, test environments, unavailability and not having proper stubs or
automation tools for testing. Crucially, if you don’t address a particular risk, it could become a
costly issue in production.
RBP can streamline your entire software development process if
carried out efficiently and effectively. It can also save money diverted to testing bugs you could
have captured earlier in the software development lifecycle (SDLC).
The entire team is responsible for developing crystal clear requirements at the beginning of your
project. If team members don’t understand a requirement, it will cause defects in production. It’s
extremely expensive to fix anything in production. After all, you’ll need to stop applications,
risking losing reputation points because your system is down (imagine your bank system failing for 5
minutes just when you want to make an important transaction).
The cost of fixing defects
increases exponentially if you allow them to propagate from one phase to another. Let’s say a
requirement issue surfaces in the design phase; it would be much timelier and more cost-effective to
contain it in the requirements phase itself.
If programmers, testers and managers know precisely what they’ll be implementing as a team, there
will be very few change requests, reducing time-to-market and saving a great deal of money and
effort. Clearly, if your requirements are frozen with next to no changes, you can stick to the
project scope and schedule, and deliver on time or even early.
The challenge is whether you
can test, prioritize and categorize your requirements to optimize and test development.
RBP
is a process that enables you to clarify, redefine and rank your requirements according to
importance, even before you begin development and testing. This article looks at identifying
non-testable requirements and making them testable, plus the practical benefits of risk-based
prioritization.
You rarely encounter project supervisors or test managers at pains to understand whether your requirements can be tested or reviewed as a team exercise. It’s one of test management’s critical challenges and a threat to your entire testing process.
These five characteristics help team members understand and interpret requirements
consistently.
So, when you’re in the sprint planning or analysis phase, business analysts
gather requirements so the testing team can go through the lot and check the testing criteria. If
you haven’t fully identified your testing team, make sure you have a test manager, plus some test
engineers and developers who can work on clarification.
If you see that you can’t test some of your requirements, try to make them testable by applying risk-based prioritization. For instance, your requirement definition might say, “The application should show a status message or disconnect a user if there is no activity for about 60 seconds.”
The statement raises the following questions:
You cannot test ambiguous requirements. Inevitably, different people interpret things differently.
Developers might implement one thing, and testers test something else entirely. Then the resulting
product will have little value and create no customer satisfaction. Consequently, you must make
requirements crystal clear.
To make it testable, you have to work with your business analysts
to clarify the ambiguities, update the requirements, and circulate the updated documentation
throughout the team. Once you’ve completed this initial exercise, you can start the core process of
risk-based prioritization.
The three-step risk-based prioritization process:
Number two input parameters (impact and probability) for each requirement. “Impact” gauges the
ramifications of your requirement failing in production. “Probability” indicates the chance of
failure or errors creeping into production. These two parameters are generally rated from 1 to 3
(low-high).
Multiplying the impact and probability ratings together gives you the requirement
risk scores (1-9). Having identified the risk scores, we divide your requirements into high-risk,
medium-risk and low-risk requirements by setting up some guidelines as follows:
Parameters and the scoring model can vary depending on the company you’re working
with.
The left table shows the guidelines set for requirements
categorization. The table on the right shows permutations and combinations along with basic
categories like high, medium and low.
The test manager consolidates all the inputs and
circulates the results, detailing the number of high-, medium- and low-risk requirements as follows:
Based on these inputs the team starts working on development, testing and implementation.
In summary, risk-based prioritization helps:
All three are interrelated, in terms of the sequence of change and the technologies involved. However, institutions can’t wait to complete each step in sequence, rather having to adopt hybrid solutions to progress on all fronts.
The risk-based prioritization testing process allows you to scrutinize requirements in the gathering
phase. It enables you to focus on testing and minimizing defects that penetrate the system due to
inaccurate requirements. At the same time, it helps you identify priorities and category
requirements, and optimize your UAT. RBP provides a strong foundation for testing, automatically
improving your development process quickly and with maximum business value.
Find out more
about how Adaptix Solutions can help you streamline your software development process by visiting luxoft.com/capital-markets or contact us — we have many more insights to share
with you.
