TestmanagementChanging the world one bug after amother…

Risk Management

Risk Management incorporates the following measures
  • Identification
  • Analysis
  • Evaluation
  • Monitoring and
  • Control

Risk Management is based on the following Norms and Standards
  • DIN IEC 62198:2002-09
  • ISO 31000: 2009
  • ONR 49003
  • ISO 31000
  • Kontroll- und Transparenzgesetz (KonTraG)
  • IdW-Prüfungsstandard PS 340

R = risk
W = occurrence probability
S = damage assessment

The occurrence probability can range from, for example, 0 % (an impossibility) and 1 % - 100 %.
damage assessment can be measured qualitatively or quantitatively.

Regarding the detailed identification and evaluation of the total risks, a Risk Matrix can be made which includes the given risk factors with the following dimensions:
  • occurrence probability and
  • damage assessment
The following chart follows the ALARP-Principle (as low as responsible, practicable),
which means that risks should be reduced to a level in which the highest degree of security is guaranteed, yet is
sensible enough to be doable.

This means, for example, the identified risks should be implemented only if they are practicable (financial investment or acceptable effort).

FMEA = Failure Mode and Effects Analysis
FMECA = Failure Mode and Effects and Criticality Analysis
FTA = Fault Tree Analysis
FTA greatly improves the analyses for critical security systems from FMEA and FMECA.

Risk-based optimization of test effort
During testing software, risks are reduced though finding, fixing and retesting defects.
Tests which are high risks should be performed first.

Important areas of risks:
  • Corporate
  • Financial services and systems
  • Environmental
  • Technical
  • Insurance
  • Project Management
  • Product and Medical
  • Software: Aspects of Risk Management should reflect the entire system-life-cycle.


Risk Management, especially in software development, is essential in order to minimize risks.

Through timely identification, analysis, and control of risks, the Test Manager is able to optimize the test plan and the test process, reducing project and product risks.

We support you in all phases of Risk Management insuring for adequate planning measures and their execution.
© 2018 Holger Mayer Consulting HMC2