Thanks:  0
Likes:  0
Dislikes:  0

# Thread: Risk Assessment- Using H, M & L

1. ## Risk Assessment- Using H, M & L

We have been assigning a Risk to test conditions based on Impact and Likelihood. So far we have just used High and Low for the Impact and Likelihood and calculate out what the Risk should be. We would like to work Medium into the mixture to give us more of a range, but are a little sure of what our Risk Value should be for each combination using the Medium. I know that Impact should be considered first. Is there anyone out there that has an existing calculation that they are using including the High, Medium and Low? This is our best stab at what we have developed so far....
Impact Likelihood Priority
High High 1
High Medium 2
Medium High 3
High Low 4
Medium Medium 5
Low High 6
Medium Low 7
Low Medium 8
Low Low 9

2. ## Re: Risk Assessment- Using H, M & L

I think that's a bit more detailed than you need. What really is the difference between a 7 and an 8?

Critical
High
Medium
Low

------------------
Jordan Gottlieb
Qualitech Solutions, Inc.
jgottlieb@qualitechsolutions.com

3. ## Re: Risk Assessment- Using H, M & L

I'm in a similar boat as Jordan and Digits...We use a scale of:

1 - Critical
2 - Serious
3 - Moderate
4 - Low

Again, very similar descriptions as to what Digits explained. Everything is on a scale both from an assessment of the issue and in what priority to address the issue....

------------------

[This message has been edited by DanB (edited 07-18-2001).]

4. ## Re: Risk Assessment- Using H, M & L

When assessing risk, break it down to two factors with four ratings each (sort of like you did):

Impact: The impact a failure of this test case would have on the application. (1 through 4, 1 being low)

Probability (or Likelihood): The probability of this test case failing. (Again, 1 through 4)

It's important to mention that these ratings are relative, meaning that a low may not really be low, but only in comparison to every other test case. If you do not use relative comparisons everything tends to sift towards a high risk, defeating the purpose.

At this point you actually have twelve (not eight) possibilities. Now, your missing link is to slap each case onto a grid (4 x 4, impact on the left, probability on the bottom) and see where things fall. Cases in the upper left would be rated a critical risk, cases in the lower left would be a low risk. Cases in the middle would be High or Medium. You have now reduced 12 possibilities to four (low, medium, high and critical).

[See the little attached screen shot to better explain.]

As for spelling...I don't think I have any test cases that specifically ask to check spelling, it's assumed. If a defect exists, then the Severity of the defect would always be low (based on my companies definitions), however the Priority of the entered defect would be decided by the project manager, based on the location of the typo.

Just to be clear, in this post, when I say Risk I mean a rating assigned to a test case or logical group of cases. By Priority and Severity I am referring to ratings that are assigned to a defect. It's also important to understand the difference between a defect's Priority and a defect's Severity, as they are not the same.

------------------
Mike

[This message has been edited by msnide (edited 07-18-2001).]

5. ## Re: Risk Assessment- Using H, M & L

Hi All,

We use some what similar to said in earlier replies, except that we use 'Show Stopper(SS)' instead of critical.

-Show Stopper
-High
-Medium
-Low

Kuppili

6. ## Re: Risk Assessment- Using H, M & L

I'm in the same boat as Jordan.

1. Critical
2. High
3. Medium
4. Low

Critical is the blue screen of death or equivalent. High is an error that inhibits the user from proceeding any further. Medium is something that is an error but does not affect the functionality, the user can continue past it. Low is a superficial issue.

Too many makes it impossible to see the forest for all of the trees

What I would like to know is how everyone classifies spelling errors. Many place them as Low - but a spelling error has a huge impact on the user (if they can't spell, how bad is their service/product??). I like to place them as a 3. Medium - that way I know they'll get fixed sooner rather than later.

------------------

7. ## Re: Risk Assessment- Using H, M & L

Thanks digits.

Spelling errors get rated depending on the client and on where in the app the error is. Something on the main screen is much more of an issue than the 4 point fine print at the bottom of an admin menu.

------------------
Jordan Gottlieb
Qualitech Solutions, Inc.
jgottlieb@qualitechsolutions.com

8. ## Re: Risk Assessment- Using H, M & L

Hi,
We're currently dealing with a medical software and we're using something much more complicated but it helps us to figure out where's the weakest points in our project after we draw a kiviat diagram (20 is the center).
This is the best way (so far) we've found to analyze risks.

------------------

9. ## Re: Risk Assessment- Using H, M & L

In my company we use three priority/risk levels where 1 is highest and 3 is lowest.

Priority 3 bugs are generally cosmetic, or in rarely used parts of the program and do not hinder testing or normal use of the program.

Priority 2 bugs are issues that, although serious, have workarounds and do not impede further progress.

Priority 1 bugs prevent further progress, and are typically crashes or related problems.

We generally find bugs in these catagories in a ratio of 1:3:5, but at the current stage in our software development, priority 1 bugs are rare. I thought about introducing a system with a greater number of priorities, but this became too complex for it's own good. Bugs generally easily fall into one of the categories, and if we ever have a problem we tend for the higher priority to be safe rather than sorry!

------------------

10. ## Re: Risk Assessment- Using H, M & L

We use Business Stopping, High , Med, Low. We also priority 1-10 to indicate any other influences the issue.

This means we can have strict rules as to what fits into each severity class. This means if a customer is screaming for a fix for a medium or low defect this can be tracked with out escalating the the severity of the defect and impacting our defect analysis.

------------------

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•
Search Engine Optimisation provided by DragonByte SEO v2.0.36 (Pro) - vBulletin Mods & Addons Copyright © 2016 DragonByte Technologies Ltd.