Risk

Risk-Based Testing

Prioritising tests by the likelihood and impact of failure — the highest-risk areas get the most coverage, low-risk areas get less. The honest answer to 'we can't test everything before the release date'.

Probability (in risk-based testing)

The likelihood that a feature, component, or scenario will fail in production — assessed from code complexity, change frequency, past defect density, third-party dependency reliability, and team familiarity with the area. In a risk matrix, probability is one axis and impact is the other; multiplying them yields the risk score that determines test priority. High-probability areas (recently changed code, complex integrations, legacy modules with no tests) receive the deepest exploratory coverage. Low-probability, low-impact areas can be covered by a single smoke-test assertion or deferred when schedule is constrained.

Impact

In risk-based testing, impact is the severity of harm if a feature or component fails — measured by factors such as data loss, financial exposure, safety risk, regulatory penalty, or user experience degradation. Combined with probability (likelihood of failure), impact determines the overall risk score and therefore test priority and depth. High-impact areas warrant deep coverage, dedicated exploratory sessions, and tighter regression regardless of how unlikely failure seems. Typical impact categories: Critical (data loss, security breach, service outage), High (major feature broken, revenue loss), Medium (degraded experience, workaround exists), Low (cosmetic or minor inconvenience).

Test Strategy

The high-level, organisation-wide approach to testing — what gets tested, by whom, with what tools, at what stage. Broader and more permanent than a test plan.