Executing the product risk analysis (PRA)

Knowledge of the system, organisation, possible damage and chance of failure is required to execute the product risk analysis (PRA). Such knowledge is nearly always distributed across multiple parties and people within the organisation. In practice, the test manager is often the facilitator and organiser of the PRA, approaching various people who can contribute knowledge about the product risks. The test manager organises group sessions, conducts interviews or combines the two to execute the product risk analysis.

When executing the PRA, he must keep the purpose of the PRA in mind: an understanding, shared by all stakeholders, of the product risks corresponding to the characteristics and object parts of the product to be realised.

The test manager must devote attention to the fact that, in addition to the product risks, the PRA also reveals process risks (relating to the test process), new product requirements and test goals to light. He must ensure that these are recorded and submitted to the authorised party or person. Test process risks are included in a separate section in the (master) test plan, with the risk mitigating measures required.

The product risk analysis is executed in six steps:

  • Preparation of the PRA
    • In the first step, the test manager creates an overview of damage and chance of failure elements that may be relevant to the PRA. This is done on the basis of existing information, such as the requirements, designs, or similar documents.
  • Determining relevant elements
    • Based on the test goals, the participants determine the collection of damage and chance of failure elements on which the PRA must focus. The PRA is then executed for the subcollection of the damage and chance of failure elements collected in the preparation.
  • Determining chance of failure
    • The participants establish the chance of failure per characteristic based on the object parts that constitute the IT system (test object).
  • Determining damage
    • The participants determine the damage level for each characteristic based on the requirements for the processes.
  • Determining risk class
    • The participants determine the risk class for the combination of characteristic and object part on the basis of the damage and chance of failure.
  • Completeness check
    • A completeness check is the last step in this process.
pra process