I started writing this blog post over a month ago, but never finished it. It was inspired by a prompt provided by the Ministry of Testing bloggers club. It was also intended to be a sort of follow up to my earlier blog post ‘Testing is Like…Trying To Save The Titanic‘ (also based on a prompt provided by the bloggers club).

It was never finished, but a twitter inspired me to give this blog post another chance.

What is Risk?

I see risk as discovering all the possible bad events that could happen, and identifying potential impact of this event. It is uncertain if this event will definitely occur, all we know is that it could happen.

  • The Titanic could sink in the middle of the Atlantic Ocean. If this happens, everyone on the ship could die.
  • An active or dormant volcano could erupt. If this happens, then everyone living near the volcano could die.
  • COVID-19 could spread throughout the entire planet, causing a global pandemic. If this happens, a large amount of people could die.

How Can We Reduce Risk?

There are several ways to reduce risk, and these usually go into 1 of 2 categories:

  1. Reducing the likelihood of the event happening in the first place
  2. Reducing the severity should the event occur.

The severity of the Titanic possibly sinking was reduced by installing lifeboats. Building, testing and fitting lifeboats costs money. It also reduces the amount of deck-space, which would have an impact on the customer experience. The decision was made to provide some lifeboats, but not enough for everyone on board.

Little was done to reduce the likelihood. The ship could have traveled slower through the ice field, reducing the likelihood that the ship hit the iceberg in the first place. This could have resulted in the ship arriving in New York late, and this would have been costly to the business’ reputation.

Risk mitigation comes at a cost. This cost can include time, money, reputation. Travelling slower across the Atlantic Ocean or installing more lifeboats would have involved some sort of cost. The White Star Line, the company who owned the Titanic, decided that the risk of the Titanic sinking was not high enough to justify this cost. History tells us that they were wrong.

Why Are Testers Sometimes Ignored?

The tester is someone who communicates (or attempts to communicate) potential risks to the business. By identifying a risk. the tester is providing bad news. Bad news is inconvenient and often expensive to fix. No one wants to hear it. With no certainty that something bad would definitely happen, we can never be sure that the cost of fixing the issue was completely justified.

In a way, they are like that conspiracy theorist in the movies who constantly shouts out about how we’re all doomed. Since there is rarely any certainty that we are actually doomed, the business may decide that the cost is not justified. It is a very difficult decision to make.

All a tester can do is investigate potential risks and advise if something should be done about it or not. They should not be upset if the business decide to ignore that advise, nor should they wish for the worse to happen just so they can be proven right.

Risk is an event that might happen. Risk has no certainty. If it did, it wouldn’t be a risk.

Resources

Ministry of Testing Bloggers Club
Check this link out if you want to start a blog and need some inspiration about what to write about.

Risk Is… – by Melissa Fisher
Melissa took a more practical approach to this prompt and identifies some steps to follow when assessing risk.

Walking on the edge – by Emna Ayadi
Emna decided to talk about her experiences while completing the daring Edge Talk on the CN Tower in Toronto. That is quite a risk. Very impressive!

Risk is … in the eye of the beholder – By Beth Marshall
Beth discusses how everyone might have a different opinion about risk.

Is reviewing code a risk? – By Bart Vanherck
Bark examines the impact a simple code review has on team morale.

Risk Is… – By Georgia Bloyce
Risk analysis isn’t just for the product itself. Just as many risks can exist within the team itself. Georgia analyses some risks she’s observed before within her team.

Risk Is…What we strive to mitigate – By Ashley Graf
In this blog post, Ashley discusses various methods for identifying risk including a risk matrix, decision table and mind maps. They go on to discuss how the test approach can be designed around these risks.