1.3 Testing, Quality, and Risk Reduction
Key Takeaways
- Quality is the degree to which a component, system, or process satisfies stated and implied needs.
- Testing contributes to quality by finding defects, providing evidence, and reducing uncertainty about risks.
- Risk combines the likelihood of a problem with its potential impact.
- Testing reduces risk by supplying information and by supporting defect removal, but it does not remove all risk.
- Risk-based thinking helps testers choose what to test first, how deeply to test, and when to stop.
Quality and Evidence
Quality is not created by testing alone. Quality comes from many activities: clear requirements, good design, skilled development, reviews, automation, configuration management, monitoring, and improvement of the process. Testing contributes by evaluating work products and software so the team can see where quality goals may not be met.
Quality includes stated needs, such as documented requirements, and implied needs, such as usability, reliability, security, performance, compatibility, and accessibility expectations. A system may meet every written requirement and still disappoint users if important implied needs were missed.
Testing and risk are tightly connected. Risk is the possibility of a negative outcome, usually described through likelihood and impact. A low-likelihood problem that could injure a patient may deserve more attention than a common typo in an internal label. Risk-based testing uses that difference to guide effort.
| Risk idea | Testing implication |
|---|---|
| High likelihood and high impact | Test early, deeply, and with strong evidence |
| High impact but lower likelihood | Design targeted scenarios and safeguards |
| Low impact | Use lighter testing if stakeholders accept the residual risk |
| Unknown risk | Explore, ask questions, review assumptions, and gather data |
Testing reduces risk in two ways. First, it reveals information. If critical scenarios have been tested successfully, uncertainty is lower. If severe defects are found, stakeholders can delay release, change scope, add controls, or accept known risk. Second, testing can lead to defect removal when failures are reported, defects are fixed, and confirmation testing shows the fix works.
Risk is reduced, not eliminated. Even a mature test process leaves residual risk because time, budget, environments, input combinations, and human knowledge are limited. CTFL questions that say testing removes all risk or guarantees quality are usually distractors.
A practical example is an online payment system. Risk-based testing would emphasize payment authorization, duplicate charges, refund handling, security, error recovery, and audit records. It would not give the same depth to a rarely used marketing image caption unless that caption carried legal or business risk.
Testing also helps project risk, not only product risk. Late defect discovery, unstable environments, missing test data, and unclear requirements can threaten schedules and costs. Test monitoring and control provide information that helps the project react.
For exam questions, identify whether the question is about quality, risk, or confidence. Quality is the degree of satisfaction of needs. Risk is potential loss or harm. Testing provides evidence that can increase confidence or expose reasons to reduce confidence. The best CTFL answer usually avoids absolutes and links testing to informed decision-making.
How does testing most directly reduce product risk?
Which factors should influence risk-based test prioritization?
Select all that apply