What is Risk? - lightning talk for software testers (2011)
1. SIGiST
Specialist Interest Group in
Software Testing 21 Jun 2011
Thompson
information
Systems
1
Photo credit: Axel Rouvin,Consulting Ltd Commons.
Flickr, Creative
4. The simple way to “quantify” risk SIGiST
Specialist Interest Group in
Software Testing 21 Jun 2011
LIKELIHOOD risk EXPOSURE =
(“probability”) likelihood
of bad thing 3 6 9 x
occurring consequence
2 4 6
1 2 3
CONSEQUENCE (impact)
if bad thing
does occur
• This is how most people quantify risk (though true
quantification is notoriously difficult)
• “Probability” is (properly) a number between 0 & 1`
• Adding gives same rank as multiplying, but less
differentiation 4
5. Does risk have any other dimensions? SIGiST
Specialist Interest Group in
Software Testing 21 Jun 2011
• In addition to likelihood and consequence...
• Undetectability:
– difficulty of seeing a bad thing if it does happen
– eg insidious database corruption
• Urgency:
– advisability of looking for / preventing some bad
things before other bad things
– eg lack of requirements stability
• Both the above make a risk worse
• Any others?
5