Skip to main content

Of What? To Who? When?


Fiona Charles ran a workshop on business risk analysis for my team at Linguamatics last week. Across the day we covered risk-based testing, how it can help with prioritisation, and how it is often overlooked as a factor in test design.

We also looked at how the presentation of risks and their potential impact to someone who matters can be a way to engage stakeholders in the testing effort. Hopefully, this would in turn encourage contribution to activities such as test idea generation, triage, and attempts to mitigate risk elsewhere during design and development.
Stakeholders often expect a level of testing we can't deliver. (Fiona Charles)
The approach to risk assessment that Fiona outlined has some similarity to a pre-mortem. Essentially: assume the system has been implemented then look for ways in which it could go wrong. It's important to understand who the relevant stakeholders are — they are more than just your users — and to solicit diverse perspectives in your analysis to represent them.
Orient your questions to business impact and seek concrete answers. (Fiona Charles)
A mind map of checklists provided triggers for evaluating each risk, who was at risk, the potential impact, under what conditions, for how long, how often, and other factors. We wondered as a group about attempting to calculate the probability of a particular risk but Fiona warned us about getting too formal.
Use qualitative evaluation over numeric. (Fiona Charles)
The conversation around this reminded me that there's a human tendency to forget about black swans in risk assessment, to miss those events that are extreme in both scarcity and size of effect. Related, we talked about the difficulty of constraining this kind of analysis, or directing it into productive avenues such as surfacing the "unknown unknowns". There was overlap here with the useful distinction between risk and uncertainty.

It was interesting to me that the group I was in initially tried to drive risk identification with the mind map. While it certainly had value as a mnemonic, something like Kipling's Serving Men, we found that it made for a very messy map.

Better, we eventually thought, to generate the risks and then place them as the central node of their own map, each map showing which factors were relevant to them. We didn't get chance to try it, but some kind of small multiples view of risk might be interesting in the aggregate.


In this made-up example above, nine risks (the shaded blue central nodes) are being assessed for each of six factors (the clear nodes, in particular top-left represents stakeholders and bottom-right represents impacts). Arranging the analysis this way suggests a potential correlation of yellow and pink stakeholders to red and green outcomes which might be useful to dig into, or perhaps to form equivalence classes in testing.

For around half of the day we tried to apply the method to a hypothetical project set inside our own company with some of our business stakeholders playing themselves. I wrote the scenario to be realistic but, with hindsight, I think there was too much scope to find stakeholder disagreement about scope and we tended to pursue that rather than the wider risk landscape.

This is unsurprising given that it's our day job to find those risks, the risks are easily uncovered and have immediate impact, and there was time pressure. While not the key point of the workshop, it was still valuable be reminded that we should step back and think more carefully about other kinds of risk to other kinds of stakeholders.

I've written before about how I hold myself to high standards on the training I organise for the team. In particular, as a participant, I want to be open to learning at the start, I want to engage and contribute while I'm there, and I want to take something directly into my own practice afterwards. I think I achieved those things and, on this occasion, my intention is to more frequently enumerate who a risk is to, what the potential effects are, and under what circumstances.
Image: https://flic.kr/p/6u9Rhn

Labels

Labels:

Comments

Robert Day said…
To a tester, "What could possibly go wrong?" isn't just a rhetorical question.

Having said that, I've just been reading (and frankly, struggling with) Daniel Kahneman's 'Thinking, Fast and Slow'. One of the things I **have** taken away from the book is properly evaluating the impact on risk analysis of unusual events. Kahneman suggests that we are likely to over-emphasise the importance of unusual events, seeing them as more frequent than they actually are because they have happened to us.

So (broadly speaking), I feel that risk analysis needs a wide range of inputs so that individual viewpoints - which may be biased - can be seen in more appropriate proportions.
September 27, 2019 at 12:14 PM

Post a Comment

Popular posts from this blog

Meet Me Halfway?

  The Association for Software Testing is crowd-sourcing a book,  Navigating the World as a Context-Driven Tester , which aims to provide  responses to common questions and statements about testing from a  context-driven perspective . It's being edited by  Lee Hawkins  who is  posing questions on  Twitter ,   LinkedIn , Mastodon , Slack , and the AST  mailing list  and then collating the replies, focusing on practice over theory. I've decided to  contribute  by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "Stop answering my questions with questions." Sure, I can do that. In return, please stop asking me questions so open to interpretation that any answ...
Post a Comment
Read more

The Best Programmer Dan Knows

  I was pairing with my friend Vernon at work last week, on a tool I've been developing. He was smiling broadly as I talked him through what I'd done because we've been here before. The tool facilitates a task that's time-consuming, inefficient, error-prone, tiresome, and important to get right. Vern knows that those kinds of factors trigger me to change or build something, and that's why he was struggling not to laugh out loud. He held himself together and asked a bunch of sensible questions about the need, the desired outcome, and the approach I'd taken. Then he mentioned a talk by Daniel Terhorst-North, called The Best Programmer I Know, and said that much of it paralleled what he sees me doing. It was my turn to laugh then, because I am not a good programmer, and I thought he knew that already. What I do accept, though, is that I am focussed on the value that programs can give, and getting some of that value as early as possible. He sent me a link to the ta...
Post a Comment
Read more

Can Code, Can't Code, Is Useful

The Association for Software Testing is crowd-sourcing a book,  Navigating the World as a Context-Driven Tester , which aims to provide  responses to common questions and statements about testing from a  context-driven perspective . It's being edited by  Lee Hawkins  who is  posing questions on  Twitter ,   LinkedIn , Mastodon , Slack , and the AST  mailing list  and then collating the replies, focusing on practice over theory. I've decided to  contribute  by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "If testers can’t code, they’re of no use to us" My first reaction is to wonder what you expect from your testers. I am immediately interested ...
Post a Comment
Read more

Beginning Sketchnoting

In September 2017 I attended  Ian Johnson 's visual note-taking workshop at  DDD East Anglia . For the rest of the day I made sketchnotes, including during Karo Stoltzenburg 's talk on exploratory testing for developers  (sketch below), and since then I've been doing it on a regular basis. Karo recently asked whether I'd do a Team Eating (the Linguamatics brown bag lunch thing) on sketchnoting. I did, and this post captures some of what I said. Beginning sketchnoting, then. There's two sides to that: I still regard myself as a beginner at it, and today I'll give you some encouragement and some tips based on my experience, to begin sketchnoting for yourselves. I spend an enormous amount of time in situations where I find it helpful to take notes: testing, talking to colleagues about a problem, reading, 1-1 meetings, project meetings, workshops, conferences, and, and, and, and I could go on. I've long been interested in the approaches I've evol...
3 comments
Read more

How do I Test AI?

  Recently a few people have asked me how I test AI. I'm happy to share my experiences, but I frame the question more broadly, perhaps something like this: what kinds of things do I consider when testing systems with artificial intelligence components .  I freestyled liberally the first time I answered but when the question came up again I thought I'd write a few bullets to help me remember key things. This post is the latest iteration of that list. Caveats: I'm not an expert; what you see below is a reminder of things to pick up on during conversations so it's quite minimal; it's also messy; it's absolutely not a guide or a set of best practices; each point should be applied in context; the categories are very rough; it's certainly not complete.  Also note that I work with teams who really know what they're doing on the domain, tech, and medical safety fronts and some of the things listed here are things they'd typically do some or all of. Testing ...
Post a Comment
Read more

Don't Know? Find Out!

In What We Know We Don't Know , Hillel Wayne crisply summarises a handful of research findings about software development, describes how the research is carried out and reviewed and how he explores it, and contrasts those evidence-based results with the pronouncements of charismatic thought leaders. He also notes how and why this kind of research is hard in the software world. I won't pull much from the talk because I want to encourage you to watch it. Go on, it's reasonably short, it's comprehensible for me at 1.25x, and you can skip the section on Domain-Driven Design (the talk was at DDD Europe) if that's not your bag. Let me just give the same example that he opens with: research shows that most code reviews focus more on the first file presented to reviewers rather than the most important file in the eye of the developer. What we should learn: flag the starting and other critical files to receive more productive reviews. You never even thought about that possi...
Post a Comment
Read more

Express, Listen, and Field

Last weekend I participated in the LLandegfan Exploratory Workshop on Testing (LLEWT) 2024, a peer conference in a small parish hall on Anglesey, north Wales. The topic was communication and I shared my sketchnotes and a mind map from the day a few days ago. This post summarises my experience report.  Express, Listen, and Field Just about the most hands-on, practical, and valuable training I have ever done was on assertiveness with a local Cambridge coach, Laura Dain . In it she introduced Express, Listen, and Field (ELF), distilled from her experience across many years in the women’s movement, business, and academia.  ELF: say your key message clearly and calmly, actively listen to the response, and then focus only on what is relevant to your needs. I blogged a little about it back in 2017 and I've been using it ever since. Assertiveness In a previous role, I was the manager of a test team and organised training for the whole ...
Post a Comment
Read more

My Adidas

If you've met me anywhere outside of a wedding or funeral, a snowy day, or a muddy field in the last 20 years you'll have seen me in Adidas Superstar trainers. But why? This post is for April Cools' Club .  --00-- I'm the butt of many jokes in our house, but not having a good memory features prominently amongst them. See also being bald ("do you need a hat, Dad?"), wearing jeans that have elastane in them (they're very comfy but "oh look, he's got the jeggings on again!"), and finding joy in contorted puns ("no-one's laughing except you, you know that, right?") Which is why it's interesting that I have a very strong, if admittedly not complete, memory of the first time I heard Run DMC. Raising Hell , their third album, was released in the UK in May 1986 and I bought it pretty much immediately after hearing it on the evening show on Radio 1, probably presented by Janice Long, ...
Post a Comment
Read more

Not a Happy Place

  A few months ago I stopped having therapy because I felt I had stabilised myself enough to navigate life without it. For the time being, anyway.  I'm sure the counselling helped me but I couldn't tell you how and I've chosen not to look deeply into it. For someone who is usually pretty analytical this is perhaps an interesting decision but I knew that I didn't want to be second-guessing my counsellor, Sue, or mentally cross-referencing stuff that I'd researched while we were talking. And talk was what we mostly did, with Sue suggesting hardly any specific tools for me to try. One that she did recommend was finding a happy place to visualise, somewhere that I could be out of the moment for a moment to calm disruptive thoughts. (Something like this .) Surprisingly, I found that I couldn't conjure anywhere up inside my head. That's when I realised that I've always had difficulty seeing with my mind's eye but never called it out. If I try to imagine ev...
1 comment
Read more

Software Sisyphus

The Association for Software Testing is crowd-sourcing a book,  Navigating the World as a Context-Driven Tester , which aims to provide  responses to common questions and statements about testing from a  context-driven perspective . It's being edited by  Lee Hawkins  who is  posing questions on  Twitter ,   LinkedIn , Mastodon , Slack , and the AST  mailing list  and then collating the replies, focusing on practice over theory. I've decided to  contribute  by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "How can I possibly test 'all the stuff' every iteration?" Whoa! There's a lot to unpack there, so let me break it down a little: who is suggesting that "al...
Post a Comment
Read more