Risk-based quality management

The risk-based quality management feature enables you to calculate at which level to test each requirement, based on the nature of the requirement and the resources you have available. You can then plan your testing process based on these recommendations.

Risk-based quality management overview

Risk-based quality management is helpful when you generally do not have unlimited resources available, and are not able to fully test every requirement. You must make compromises and only partially test requirements that have low criticality to the business, or those that have only a minor risk associated with their implementation.

Each requirement type with risk-based quality management enabled can support either risk analysis that is referred to as an analysis requirement, or an individual risk assessment that is referred to as an assessment requirement. For details about how to enable risk-based quality management for a requirement type, see Configure requirement types.

Analysis requirement

An analysis requirement is a requirement belonging to a type that represents higher levels in the requirements tree hierarchy, such as the Folder type.

You perform risk analysis on an analysis requirement based on the assessment requirements under the analysis requirement in the requirements tree.

The risk results of multiple assessment requirements are aggregated to give an overall risk analysis which can then be used to determine testing effort and test strategy.
Assessment requirement

An assessment requirement is a requirement belonging to a type that represents requirements that are children of analysis requirements and at a lower level in the requirements tree hierarchy.

Assessment requirements under a particular analysis requirement form the basis for risk analysis on that analysis requirement.

For each assessment requirement under the analysis requirement, you can assign or calculate the Risk and Functional Complexity.

  • Risk is composed of its Business Criticality and Failure Probability. Business Criticality measures how crucial a requirement is for the business. Failure Probability indicates how likely a test based on the requirement is to fail.

  • Functional Complexity indicates the complexity of the requirement's implementation.

You can customize the criteria, their possible values, and how these values determine the Business Criticality, Failure Probability, and Functional Complexity. You can also customize how the Business Criticality and Failure Probability are used to calculate the Risk.You can customize default settings for risk-based quality management. For details, see Customize risk-based quality management.

Back to top

Assess requirements

Determine the Business Criticality, Failure Probability, and Functional Complexity for each assessment requirement under an analysis requirement.

Note: If you do not determine the Business Criticality, Failure Probability, and Functional Complexity for a requirement, ALM does not include the requirement in the risk analysis.

To assess a requirement:

  1. In the Requirements module, choose View > Requirement Details. In the requirements tree, under an analysis requirement, select an assessment requirement. Click the Risk Assessment tab.

    UI Element

    Description
    Assessment Status

    The current status of the assessment requirement. An assessment status can be one of the following: Not Started, In Progress, and Completed.
    Exclude from Analysis

    Ignores the selected assessment requirement when performing risk analysis.

  2. Click the Assessment Questions tab. This tab displays lists of criteria used to determine Business Criticality, Failure Probability, and Functional Complexity.

  3. To view the Calculated Risk, Business Criticality, Failure Probability, and Functional Complexity, click the Assessment Results tab.

    You can ignore the value calculated on the basis of the values for the criteria, and use instead a custom value when performing risk analysis. In the Assessment Summary area of the Assessment Results tab, select Use custom. Possible values are A - High, B - Medium, and C - Low.

    UI Element

    Description
    Risk

    Calculates the risk based on the Business Criticality and Failure Probability for the requirement.
    Business Criticality

    Measures how important the requirement is to your business.

    A requirement affecting a minor feature that is likely to be used rarely might be assigned a Nice to Have Business Criticality, whereas a requirement that is essential to your application's functionality would probably be assigned a Critical Business Criticality.
    Failure Probability

    Measures how likely a test on the requirement is to fail.

    A requirement whose implementation involves making significant changes across most areas of your application would probability be assigned a High Failure Probability. In contrast, a requirement that involves changing an icon in your application would probably not have many associated risks, and so is likely to be assigned a Low Failure Probability.
    Functional Complexity

    Indicates the complexity of the requirement's implementation.

    A requirement whose implementation involves making significant changes to your application to enable it to communicate with other systems probably has a high complexity and would be assigned a High Functional Complexity. In contrast, a requirement that involves no significant changes to enable your application to communicate with other systems would probably not have many associated risks, and so is likely to be assigned a Low Functional Complexity.

  4. Repeat the steps above to assign or calculate the Risk and Functional Complexity for each assessment requirement under the analysis requirement.

Back to top

Define analysis constants

Define the initial settings for analyzing an analysis requirement and the assessment requirements under it.

To define analysis constants for an analysis requirement:

  1. In the requirements tree, select the analysis requirement. Click the Risk Analysis tab.

  2. Expand the Analysis Constants area, and define the initial settings for testing the analysis requirement and the assessment requirements under it.

    UI Element

    Description

    Show Defaults

    Opens the Risk-Based Quality Management Constants Defaults dialog box, enabling you to view the default constants in use.

    Restore Defaults

    Assigns default values to the constants used for the current requirement.

    Testing Time (full) per Functional Complexity

    The time needed to fully test a requirement with that Functional Complexity. For each Functional Complexity value, enter the estimated testing time.

    A requirement with a high Functional Complexity generally requires more testing time as it is more likely that the requirement's implementation contains defects.

    Testing Level (Full = 100%, None = 0%)

    Defines how much Testing Time is required for a requirement as a percentage of full testing.

    In the Partial and Basic boxes, enter the default Testing Time required for partial testing and basic testing of a requirement. Express this as a percentage of the effort required for full testing.

    A requirement whose Testing Level is set to None is not tested at all, and the testing effort is zero.

    If 20 hours are required to perform full testing on a requirement and partial testing is defined as 75% of full testing, ALM calculates that 15 hours are required to perform partial testing on the requirement.

    Testing Policy (in Hours) grid

    Defines the level at which to test a requirement of each Risk and Functional Complexity category.

    To define these levels, click the arrow next to the cell in the grid. Select a Testing Level from the available Testing Levels. The available Testing Levels are Full, Partial, Basic, and None. Next to each Testing Level, you can see the estimated time needed to test a requirement at that level, based on the Testing Efforts and Testing Levels you defined.

Back to top

Perform risk analysis

Calculate the Testing Level and Testing Time for each assessment requirement under an analysis requirement.

To perform risk analysis for an analysis requirement:

  1. In the requirements tree, select the analysis requirement.

  2. In the Risk Analysis tab, check the Scope of the risk analysis.

    It displays the number of requirements included in the risk analysis. Also provides a breakdown of which requirements were assessed, which were missing assessment, and which were not assessable.

    To display a list of requirements not included in the analysis, click the missing assessment or not assessable links. The Drill Down Results dialog box opens and displays a grid with a list of requirements in the category.

    Tip: The missing assessment link displays the requirements for which you did not determine a category or which you excluded explicitly from the analysis. Verify that there are no requirements that should be assigned a category. If you do not want to include a requirement in the analysis, then exclude it from the analysis explicitly.

  3. In the Risk Analysis tab., click Analyze to calculate the Testing Level and Testing Time for each assessment requirement under the analysis requirement that matches the current filter.

    This calculation is based on the assessment requirements' Risk Category, Testing Level, and Testing Time values you defined for the analysis requirement.

    The Total required test time, Total allocated testing time, and Total required development time are updated.

    Total required testing time

    Displays the total calculated time required to test all the assessment requirements under the analysis requirement matching the current filter and included in the risk analysis.
    Total allocated testing time

    The total time allocated to test the requirements included in the risk analysis.
    Total required development time

    Displays the total time required to develop all the assessment requirements under the analysis requirement, based on the required development time you optionally estimated for each assessment requirement.
    No. of Requirements graph

    Displays the number of sub-requirements of the analysis requirement of each Risk Category.

    To display a list of requirements included in the analysis, click a segment in the graph. The Drill Down Results dialog box opens and displays a grid with a list of requirements in the category.

    Total Testing Time graph

    Displays the total calculated testing time required to test all the requirements of each Risk Category.

    To display a list of requirements included in the analysis, click a segment in the graph. The Drill Down Results dialog box opens and displays a grid with a list of requirements in the category.

  4. Under Analysis Constants, you can make adjustments to the testing policy to ensure that you have enough time to perform all the testing, and that no resources are wasted.

    For details, see Define analysis constants.

  5. To propagate the analysis results to all assessment requirements under the analysis requirement that match the current filter, click Analyze and Apply to Children.

Back to top

View and edit risk analysis of assessment requirements

You can view and edit the risk analysis for each assessment requirement under an analysis requirement.

Prerequisite:

You must first perform analysis on the relevant analysis requirement (parent requirement) and apply results to all assessment requirements (children requirements). For details, see Perform risk analysis.

To view the testing policy:

Select the assessment requirement and check the Testing Policy area of the Assessment Results tab.

Data

Description
Based on analysis requirement

Displays the analysis requirement on which the last analysis that included the current requirement was performed. You can click the analysis requirement's name to go to the analysis requirement in the requirements tree.
Calculated Testing Level

The level at which to test the requirement, as calculated in the last analysis that included the current requirement.
Calculated Testing Time

The time allocated to test the requirement, as calculated in the last analysis that included the current requirement.
Estimated development time (optional)

The estimated time needed to develop the requirement. ALM can then calculate the total estimated development time for an analysis requirement and its children as the sum of the estimated development times of the children. Assigning the estimated development time is optional, and does not affect the risk analysis.
Last analyzed on date

The date on which the last analysis that included the current requirement was performed.
Use these for the next calculation

Overrides the calculated values in the next calculation, and instead uses custom values.

In the Testing Level box, select the Testing Level to use for the next calculation. In the Testing Time box, type the Testing Effort to use for the next calculation. When you next perform an analysis that includes the current requirement, these values are used instead of the calculated values.

To override the calculated values:

You can override the calculated values and use custom values in the next calculation.

  1. In the Testing Policy area of the Assessment Results tab, select the Use these for the next calculation option.

  2. In the Testing Level box, select the Testing Level to use for the next calculation.

  3. In the Testing Time box, type the Testing Effort to use for the next calculation.

To specify estimated development time:

If you specify the estimated time needed to develop a requirement, ALM can then calculate the total estimated development time for an analysis requirement and its children as the sum of the estimated development times of the children. Assigning the estimated development time is optional, and does not affect the risk analysis.

To specify the estimated development time, In the Testing Policy area of the Assessment Results tab, enter a value in the Estimated development time (optional) field.

Back to top

Generate risk analysis report

You can generate a report for analyzing the testing strategy for the analysis requirement and for the assessment requirements under it.

Prerequisites:

  • To generate a report, you must first save the analysis and apply it to all assessment requirements under the analysis requirement.

  • To generate a report, Microsoft Word must be installed on your machine.

  • The analysis results are only valid for the requirements at the time the analysis was last performed. If you subsequently modify the Risk or Functional Complexity Categories of the requirements, or the testing policy, you should re-perform the analysis.

To generate a report:

  1. In the requirements tree, select the analysis requirement.

  2. In the Risk Analysis tab, click Report.

  3. In the Generate Report dialog box, specify the following:

    UI Element

    Description
    Default location

    The location and name of the Microsoft Word file to which you want the data to be exported.

    You can click the browse button to select a location from the Save As dialog box.
    Add report as an attachment

    Adds the report as an attachment to the analysis requirement.
    Include list of requirements in the report

    Includes a list of the requirements in the report.

  4. Click Generate.

Back to top