Risk-based quality management is a new approach to risk mitigation in the end-to-end quality effort which has a critical linkage to requirements and requirements traceability.

In developing requirements, you have to consider both the business and the IT risk of implementing new capabilities. The notion of being able to capture both dimensions of risk, by requirement, provides a powerful way to evaluate the criticality of the functionality to the business. If you look at each requirement individually and assess the type of process it represents (e.g. new functionality), the frequency of use, the number of users affected by the features, the impact to the business if that requirement fails, and the probability of failure, you can arrive at an objective assessment of the priority/risk associated with that requirement.

What would that allow you to do? Understanding the priority/risk associated with each requirement enables you to drive the right focus in the development/ validation effort. The weighting provides you the ability to make the right tradeoffs and channel your activities to ensure that the development, testing and validation resources are prioritized against the highest-risk, highest priority requirements for the business.

If you have an integrated system for tracking your testing efforts and you build and track your experience over time, you’ll also know how much time it takes you to test various requirements. Imagine how powerful it would be to balance the limited resources and time you have available for testing against that prioritized set of business requirements to ensure you have optimized your testing time and resources while minimizing business risk.

Equally important, when you consider the lifecycle of an application, it begins it’s “second life” when you put the application into production, link it to other applications and begin maintaining the application during the operations phase.

With risk-based quality management, you can unlock a new opportunity after the initial application deployment, while the application is in production. Requirements traceability is a critical capability to provide visibility to all of the tests, test assets, defects and related requirements associated with any individual requirement. By identifying which requirements are touched by the application when it changes and the risk levels associated with those requirements, combined with a profile of how long the quality cycle takes, you can build intelligence into your quality process and to enable process improvement throughout the lifecycle of the application.

For example, you can evaluate what has changed in an application and find that it touches a dozen requirements, four out of five of which are high-risk, high-priority requirements. Depending on the level of risk the business can tolerate and the amount of time you have for validation, you can develop a fairly precise estimate of how long a test cycle will take and where to focus your efforts. This allows you to pull together the critical information that project managers, QA directors and developers have needed for years.

Capturing an objective assessment of risk, tying requirements to downstream activities and pulling it into a set of integrated information across the application lifecycle gives you a level of visibility and estimation that was never possible before. This is the value of risk-based quality management.