Risk-based testing: prioritise testing based on risk (probability × impact).
Steps:
1. Identify risks.
For each feature / module:
- Probability of failure: likely / moderate / unlikely.
- Impact if it fails: critical / major / minor.
2. Score:
Risk = Probability × Impact.
3. Prioritise:
- High risk: comprehensive testing.
- Medium risk: standard testing.
- Low risk: smoke testing only.
Examples:
- Payment processing — high impact (money). High risk; thorough testing.
- User profile photo — low impact. Low risk; light testing.
- New feature replacing critical workflow — high impact. High risk; thorough.
- Cosmetic UI tweak — low impact. Low risk; minimal.
Risk factors:
- Complexity of code.
- Recent changes.
- Past defect density.
- Business-critical paths.
- Customer-facing.
- Compliance-relevant.
Application:
For a release:
- Identify what changed.
- Score risks.
- Allocate testing effort accordingly.
- Don't test everything equally.
For a feature:
- Critical paths = comprehensive.
- Edge cases = limited.
Common pitfalls:
- Equal effort across all features — wastes time on low risk.
- Skipping risk assessment — random prioritization.
- Ignoring risk for thoroughness — testing without focus.
Senior insight: risk-based testing maximizes ROI of test effort. Critical at scale.
The senior framing: testing budget is limited; risk-based allocation maximizes value.