Using SpiraPlan for Risk-Based Testing

November 9th, 2022 by Adam Sandman

risk management

Risk-Based Testing (RBT) is a software testing type that is based on the probability of risk. It involves assessing the risk based on software complexity, the criticality of business, frequency of use, possible areas with defects, and areas of the system that have changed the most. Risk-based testing prioritizes the testing of features and functions of the software application which have the most likely exposure to risks and therefore most likely to have defects. In this article, we discuss some of the ways SpiraPlan can assist you with your Risk Based Testing.

Understanding Your Requirements' Risk Exposure

With SpiraPlan, you have the ability to create and manage both risks and requirements in the same system. You can use the Associations feature to link the requirements to risks. So, as part of a risk-based testing methodology, you will often want to see which of your requirements have the greatest overall, aggregate associated risk. Using the custom report in this KB article, allows you to quickly and easily generate such a view directly in SpiraPlan:

Requirements with their risk exposure

Understanding Your Test Cases' Risk Exposure

Similarly, with SpiraPlan, you have the ability to create and manage risks, requirements, and test cases in the same system as well. You can use the Associations feature to link the requirements to risks, and the test coverage feature to link requirements to test cases. Consequently, as part of a risk-based testing methodology, you will often want to see which of your test cases have the greatest overall, aggregate associated risk; if you are limited in time, these are the most critical tests to execute. The custom report in this KB Article generates such a view for you quickly and easily.

Test cases organized by risk exposure

Viewing the Traceability Between Risks and Requirements and Test Cases

In addition to the display of the aggregate risk exposure of your requirements and test cases, sometimes you want to be able to report on the individual risks associated with each of your requirements and test cases. Using the associations features mentioned above, you will have the traceability between requirements and risks visible inside SpiraPlan:

Reqyuirement to Risk associations

Similarly, using the test coverage functionality, you will be able to see which test cases are mapped to these same requirements:

Requirements to test case associations

So if you put these together, you can run a Requirements - Risk Traceability Matrix and a Test Case - Risk Traceability Matrix using SpiraPlan to get this information in a simple tabular form:

Requirements - Risk Traceability Matrix

The following report shows each of the requirements (name and ID) along with the list of associated risks, with the risk impact, probability, and overall exposure:

Requirement to Risk Traceabilty Matrix

Test Case - Risk Traceability Matrix

The following report shows each of the test cases (name and ID) along with the list of associated risks, with the risk impact, probability, and overall exposure:

Test Case to Risk Traceability Matrix

The risks are those indirectly linked to the requirements that the test cases are themselves linked to. It would be easy to change the report to also consider direct risk - test case links as well.

 

Spira Helps You Deliver Quality Software, Faster and with Lower Risk.

Get Started with Spira for Free

And if you have any questions, please email or call us at +1 (202) 558-6885