Welcome to Requirements.net!

Requirements.net is home of the industry consortium for business analysis. Through focus on requirements definition, visualization, and management, the companies behind Requirements.net are driven to share and sponsor best practices and technologies to improve industry requirements practices.

Read More »

Events
  • There are currently no upcoming events.
See All Events »

Risk-Based Quality Management

Posted April 24th, 2008 by Tracy Lynne Dedore

Risk-based quality management is a new approach to risk mitigation in the end-to-end quality effort which has a critical linkage to requirements and requirements traceability.

In developing requirements, you have to consider both the business and the IT risk of implementing new capabilities. The notion of being able to capture both dimensions of risk, by requirement, provides a powerful way to evaluate the criticality of the functionality to the business. If you look at each requirement individually and assess the type of process it represents (e.g. new functionality), the frequency of use, the number of users affected by the features, the impact to the business if that requirement fails, and the probability of failure, you can arrive at an objective assessment of the priority/risk associated with that requirement.

What would that allow you to do? Understanding the priority/risk associated with each requirement enables you to drive the right focus in the development/ validation effort. The weighting provides you the ability to make the right tradeoffs and channel your activities to ensure that the development, testing and validation resources are prioritized against the highest-risk, highest priority requirements for the business.

If you have an integrated system for tracking your testing efforts and you build and track your experience over time, you’ll also know how much time it takes you to test various requirements. Imagine how powerful it would be to balance the limited resources and time you have available for testing against that prioritized set of business requirements to ensure you have optimized your testing time and resources while minimizing business risk.

Equally important, when you consider the lifecycle of an application, it begins it’s “second life” when you put the application into production, link it to other applications and begin maintaining the application during the operations phase.

With risk-based quality management, you can unlock a new opportunity after the initial application deployment, while the application is in production. Requirements traceability is a critical capability to provide visibility to all of the tests, test assets, defects and related requirements associated with any individual requirement. By identifying which requirements are touched by the application when it changes and the risk levels associated with those requirements, combined with a profile of how long the quality cycle takes, you can build intelligence into your quality process and to enable process improvement throughout the lifecycle of the application.

For example, you can evaluate what has changed in an application and find that it touches a dozen requirements, four out of five of which are high-risk, high-priority requirements. Depending on the level of risk the business can tolerate and the amount of time you have for validation, you can develop a fairly precise estimate of how long a test cycle will take and where to focus your efforts. This allows you to pull together the critical information that project managers, QA directors and developers have needed for years.

Capturing an objective assessment of risk, tying requirements to downstream activities and pulling it into a set of integrated information across the application lifecycle gives you a level of visibility and estimation that was never possible before. This is the value of risk-based quality management.

Carey Schwaber Webinar next Tuesday on RQNG
Requirement Ranking - No, No, No to High, Medium or Low

Comments

2 responses so far ↓

  • 1 William Makwinja // Jan 2, 2010 at 2:07 pm

    I am in the process of writing a thesis for a University of Wales MBA and my chosen topic is “Risk Based Quality in Large projects in South Africa”. My background is in Aerospace and Defence. This background exposed me to requirement traceability matrixes and a lot of tools including DOORS, etc. I have also used critical levels (DO 198) to determine software development quality activities for commercial airborne software systems. Your article, though short cuts across all these and I believe that it is the way to go. I am very impressed with it and will certainly mention it in my thesis. I only wish you had expanded a lot more on the subject.

  • 2 Tracy DeDore // Jan 12, 2010 at 3:28 pm

    Hi William,

    Thanks for the good news! I have much more data in this area if you are interested.

    One reference is a whitepaper that is available on requirements.net: http://www.requirements.net/content/?id=36

    We used to also have some recorded webinars out there but they’ve been archived off by now. Worst case, I have the script from one of the webinars from which I pulled a subset for the blog if you would be interested in that.

    Best,
    Tracy

Leave a Comment

About Requirements.net

Requirements.net is the industry's largest consortium for Requirements Definition, Requirements Visualization, and Requirements Management.

Members include Blueprint, HP Software , Cap Gemini, Orasi Software, CorTechs, BA Times, the Requirements Solutions Group, the Requirements Networking Group, Sky IT Group, and Zap Technologies.

These companies provide products and services in requirements definition , requirements management, and requirements visualization.

Downloads
Archives: Category

Archives: Date

Visit Blueprint Software

© 2009 requirements.net. All rights reserved