Unit 23 Risk Analysis & Systems Testing (D/618/7437) Assignment Brief 2026

Unit 23 Risk Analysis & Systems Testing Assignment Brief 2026

Introduction

Risk-based testing prioritises tests during the system testing phase, based on the highest impact and probability of system failure.

The aim of this unit is to give students the knowledge and skills they need to use risk-based testing (RBT), using a medium-sized application, developing a full and detailed RBT procedure and documenting the results. Students will then be able to evaluate the effectiveness of the application and the testing procedures employed. RBT is used widely in industry to organise software testing and to use test resources more efficiently.

This unit introduces students to prioritising testing software features according to risk of failure, evaluated as a function of criticality or importance and impact of failure. Risk of software failure determines the priority of tests within a Test Plan, strategically carrying out testing over multiple test cycles. Among the topics included in this unit are: how to classify and evaluate software risks using the risk formula, risk matrix, RBT testing and test build strategies, priority test cycles, security testing, coverage analysis and risk reduction reports.

As a result of studying this unit, students will develop skills such as communication literacy, critical thinking, analysis, reasoning and interpretation, which are crucial for gaining employment and developing academic competence.

Learning Outcomes

By the end of this unit students will be able to:

LO1 Examine risk-based testing and requirements

LO2 Create a customised, risk-based test strategy, plans and techniques for a given specification

LO3 Demonstrate a risk-based Test Plan, producing associated outcomes

LO4 Evaluate a risk-based Test Plan and its associated outcomes.

Essential Content

LO1 Examine risk-based testing and requirements

Risk-based testing and requirements:

Understand risk-based testing stage model (ISO/IEC 9126-1).

Define no risk/no test; distinguish risk classifications, business/operational, security, technical, external, apply risk formula r(f) = P(f)*C(f), test risk assessment and criticality, develop risk weighted matrix, develop risk quality matrix, assess risk reduction methods, detail project risks, identify methods of reporting progress.

The principles underpinning the psychology of testing, including required mindset and development mindset difference, how this can influence success of software testing activities.

LO2 Create a customised risk-based test strategy, plans and techniques for a given specification

Risk-based test strategy planning:

Identify and create test scenarios including identification of typical security vulnerabilities to be addressed by different types of testing e.g. penetration testing for known or unknown software flaws.

Develop test risk matrix with selection of risk-based tests, considering latest knowledge of technological developments in software testing.

Classification of tools to support testing.

Develop risk test plan and build environment rollout plan including functional testing, structural testing, automated testing as part of the systems development lifecycle and regression testing, sub-system integration (use-case, whole system, interface).

Maintenance following changes or reviews, after length of time or stress/overload.

User evaluation, including analysis of requirements, actual outcomes, acceptance, alpha, beta.

Ensuring requirements traceability.

Testing plan:

Examine test cycles, prioritising security testing.

Example test data, including normal, erroneous and extreme.

Define expected outcomes, including valid, invalid and information gained, reporting of risk.

Understand the difference between error, defect and failure, including the distinction between the root cause of a defect and its effects.

Analyse test coverage and follow up, fault density analysis.

Choose appropriate testing methods, e.g. static testing, change related, sequential, iterative and suitable metrics for the defect management process.

Prioritisation of further test cycles, changes to specification, changes to analysis, design, amendments to code written, modifications to risk test strategy and plan, create risk reduction reports.

Techniques:

Apply static testing techniques, e.g. review, static analysis visual evaluation.

Functional testing, e.g. control flow, data flow.

Structural testing, e.g. boundary value, branch condition, validation, verification.

Apply a regression strategy, including selection of tests, maintenance of regression suites and identifying tests suitable for automation.

Understand the importance of defect management, using defect tracking tools.

LO3 Demonstrate a risk-based Test Plan, producing associated outcomes

Outcomes:

Follow software testing frameworks and methodologies including conforming to appropriate industry standards e.g. GDPR, health informatics, safety critical.

Test code and analyse results to correct errors found using unit testing.

Review code coverage results and analysis, analyse cause defects, check fault density results.

Conduct a range of test types, e.g. integration, system, user acceptance, non-functional, performance and security testing.

Review actual results against expected results, e.g. valid information or action, invalid information, or action, system-generated messages, program-generated messages.

Modifications:

Prioritisation of further test cycles, including changes to specification, changes to analysis, design, amendments to code written, modifications to risk test strategy and plan, create risk reduction reports.

Links between the testing and software development lifecycles (sequential and iterative), the role of testing in continuous development and integration, the importance of regression testing, approaches to defect tracking and version control.

LO4 Evaluate a risk-based Test Plan and its associated outcomes

Evaluation:

Evaluation to include developing risk heuristics evaluation criteria (probability, severity, classification), identifying risk-based testing benefits and drawbacks, defining fit for purpose criteria (functionality, accuracy, security effectiveness), alterations to tests carried out, possible improvements, program specification and design, self-reflection, management aspects.

Maintainability:

Perform risk testing and reporting refinement, usefulness to self, usefulness to others.

Create analysis artefacts, such as use cases and/or user stories.

Learning Outcomes and Assessment Criteria

Recommended Resources

Textbooks

DeMarco, T. and Lister, T. (2003) Waltzing with Bears: Managing Risk on Software Projects. Dorset House Publishing.

Nettleton, D. (2006) Risk-based Software Validation: Ten Easy Steps. Parenteral Drug Association.

Journals

Mottahir, M. and Khan, A.I. (2013) Risk-based Testing Techniques: A Perspective Study. International Journal of Computer Applications. Article.

Links

This unit links to the following related unit:

Unit 7: Software Development Lifecycles.

Answer

Request Answer of this Assignment