There are different techniques to perform Quality Risk Analysis. One of these is the Cost of Exposure technique.
The cost of exposure concept is borrowed from the financial world wherein the cost calculated is equal to the likelihood of risk occurring multiplied by the average cost of each occurrence of the risk. In a financial scenario, given a large sample of risks for a long time frame, the expectation is that the total amount lost tends towards the total costs calculated for all the risks.
Cost of exposure quality risk analysis focuses on identifying the expected losses associated with the different risks and trying to determine how much should be spent to reduce those risks ? The cost of exposure technique allows the project management team to make economic decisions about testing.
For each quality risk identified, the cost of testing as well as the cost of not testing i.e. the cost involved in taking the risk should be estimated. If the cost of testing is less than the cost of not testing then we expect testing to save us money in relation to that specific risk. If the cost of testing were estimated to be higher than the cost of taking the risk (not testing), testing would not be the right thing to do from a monetary perspective.
The above estimates when expressed in terms of money, tends to make business sense. However, the ability to effectively use this technique depends on being able to make reasonably accurate predictions of likelihood of risk occurrence and cost. This requires sufficient data to be able to make any probable estimates. Also, the technique focuses primarily on the monetary aspect to decide whether to test something and if so how much to test. In many cases, the impact may not be easily quantifiable in monetary terms. Examples include loss of further business, tarnishing the organization's brand or image, loss of trust. This technique would be useful in a financial world wherein given sufficient data and tools, one could attempt to make reasonable predictions. It is normally not recommended for use in testing of critical software applications.
The cost of exposure concept is borrowed from the financial world wherein the cost calculated is equal to the likelihood of risk occurring multiplied by the average cost of each occurrence of the risk. In a financial scenario, given a large sample of risks for a long time frame, the expectation is that the total amount lost tends towards the total costs calculated for all the risks.
Cost of exposure quality risk analysis focuses on identifying the expected losses associated with the different risks and trying to determine how much should be spent to reduce those risks ? The cost of exposure technique allows the project management team to make economic decisions about testing.
For each quality risk identified, the cost of testing as well as the cost of not testing i.e. the cost involved in taking the risk should be estimated. If the cost of testing is less than the cost of not testing then we expect testing to save us money in relation to that specific risk. If the cost of testing were estimated to be higher than the cost of taking the risk (not testing), testing would not be the right thing to do from a monetary perspective.
The above estimates when expressed in terms of money, tends to make business sense. However, the ability to effectively use this technique depends on being able to make reasonably accurate predictions of likelihood of risk occurrence and cost. This requires sufficient data to be able to make any probable estimates. Also, the technique focuses primarily on the monetary aspect to decide whether to test something and if so how much to test. In many cases, the impact may not be easily quantifiable in monetary terms. Examples include loss of further business, tarnishing the organization's brand or image, loss of trust. This technique would be useful in a financial world wherein given sufficient data and tools, one could attempt to make reasonable predictions. It is normally not recommended for use in testing of critical software applications.
