Testing Risk Document

Page 1 of 14

<Customer Name>

<Project Name>

Risk Management Plan - TESTING

<Version No.>

Prepared By Reviewed By Approved By

Name

Role

Signature

Date

Controlled copyControlled copyControlled copyControlled copy

Project ID:<Project ID.> <SCI.ID.> / Ver: <Ver No.>

Release ID: QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected

Page 2 of 14

How to use the Risk Assessment Sheet?This Risk assessment sheet is divided into 5 sections. (a) Client Engagements(b) Program & Project management.(c) Quality & Process(d) Technology & Architecture(e) Project Specific RisksEach section contains a series of multiple choice questions based on risk sources. Based on the choice you select for each of these questions, the risk probability is assessed and displayed in the "Risk probability" cell. Risk impact needs to be given (between 0 to 1) in the next cell. Any additional risks (maximum 25) can be added under "Project specific risk" section, but, for which the risk probability and impact have to be entered.

This Risk assessment sheet gives the Risk Exposure Values for each Risk source based on the response for the Risk questionnaire and the degree of Risk impact given in the worksheet. The risk exposure value can be used for Developing the Risk response Plan.

When to use the Risk Assessment sheet in the Project?It needs to be created when the project is started.It needs to be revisited during project status review or atleast when each of the planned phases is complete.This will help keep track of the changing risk perception in the project.

What is Risk Response Plan ?Risk response plan need to be developed for the risk sources given based the Risk scores (as displayed in the Risk assessment report) for the known Risk sources and any other Risk item/source that you have identified for the project/program. Both Mitigation Plan and Contingency Plan are mandatory for High Severity risks; Atleast one of Mitigation Plan and Contingency Plan is mandatory for Medium severity risks; Both Mitigation Plan and Contingency Plan are optional for Low severity risks. This sheet can also be used for tracking your risks (& mitigation activities). Pls add more rows as required.

How to use "Risk Management Menu" in Risk Response Plan?Risk Response plan menu offers three choices(a) Refresh Response Plan - Execution of this menu option, ensure the Risk Response plan sheet to be revised with severity data and ordering based on the Risk exposure value in assessment sheet.(b) Populate Risk in Cost Benefit Analysis Sheet - Execution of this menu option ensures the population of Risk C-B Analysis sheet with risks that have a cost impact. Mitigation Plan, Owner and Severity are copied for the risk from the Response plan.(c) Baseline Risk Measure for Tracking - Execution of this menu option ensures baselining of Risk exposure value which is used for tracking the risk exposure value trend.

When to do Cost befit analysis for Risks?Risk Cost benefit analysis to be performed for the risk, which involves Procurement of hardware/software/any other infrastructure/other services to be acquired like training that have been identified for the project/program. This menu option "Populate Risk in cost benefit analysis sheet" helps to port these risks which have cost impact to "Risk C-B Analysis" sheet.

What is Risk Tracking Sheet?Risk Tracking worksheet provides facilities to baseline the Risk exposure value, whenever the characterization of risks are changed. This baseline value is used in the Risk chart sheet to view the trend.

How to track the Risks, using Risk Tracking Sheet?(a) When you click on "Baseline" Risk Measure get Populated as on that date.(b) Risk Measures are getting populated based on the selections in Risk Assessment Sheet(c) Baseline date can be changed, however it is not recommended.(d) it is recommended to Baseline, whenever you change the selections in Risk assessment sheet, so that you can view the change in trends.

Page 3 of 14

Risk Assessment Date: <<Date>>

Client Engagement

# Question Response

1 Are the business objectives well defined and related to the scope of work? No 1 0.5 0.50

2 Is the scope of work managed formally (documentation, sign-off etc)? No 1 0.5 0.50

3 Is the project scope well defined (Both in scope and out of scope)? No 1 0.5 0.50

4 Is the customer experienced in the offsourcing Testing work? No 1 0.5 0.50

5 Is the System to be Tested extremely complex? Yes 1 0.5 0.50

6 Is the client environment conducive / congenial? Entire environment is hostile 1 0.5 0.50

7 Is the business impact of the application clearly stated / documented? No 1 0.5 0.50

8 Are the stakeholders / point of contact of customers for applications clearly identified? No 1 0.5 0.50

Project & Program Management

Question Response

1 Has a good Knowledge Management System been proposed (or in place)? No 1 0.5 0.50

2 Specify the size of the Project Team > 40 1 0.5 0.50

3 Is there a dependency for project execution on other vendors? Yes (For almost all aspects) 0.8 0.5 0.40

4 How strong is the skill matrix (demand vs supply)? Weak matrix 1 0.5 0.50

5 Is the schedule / cost / SLA very aggressive for the project? Extremely aggressive 1 0.5 0.50

6 Will there be a substantial change in Business process / policies? Many 1 0.5 0.50

7 Is the Acceptance criteria clearly documented? No 1 0.5 0.50

8 Will the resource movement during execution affect the SLAs? Yes 1 0.5 0.50

Quality & Process

Question Response

1 Rate the team's experience in terms of familiarity of process / technology / domain New to all 1 0.5 0.50

2 Are the standards(Client / Technology / CTS) that need to be followed defined explicitly? No 1 0.5 0.50

3 Is the Deliverable clearly defined and documented? No 1 0.5 0.50

Project: <<Name>>

Risk Probability

Risk Impact (value between 0 to 1)

Risk Exposure value

Risk Probability


Risk Exposure value

Risk Probability


Risk Exposure value

QTDM-TESTRSK - Risk Assessment <Project Name/ Program Name>Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.> Last updated by <name > on <date>

Page 4 of 14


Technology & Architecture

Question Response

1 Is the Technology / Architecture of the System to be tested extremely complex? New to Cognizant & Complex 1 0.5 0.50

2 Are the Test data requirements complex? Need to be prepared by us and 1 0.5 0.50

3 Are the non-functional requirements to be tested complex? New to Cognizant & Complex 1 0.5 0.50

4 Rate the complexity of System Interfaces ( in terms of number and complexity) Many & Complex 1 0.5 0.50

5 Is the System being tested, will be implemented in multiple locations? Exactly one 0 0.5 0.00

6 Is performance part of non-functional requirements? If yes, are the environment in which to be teste Yes, Not defined / quantified 1 0.5 0.50

7 Is the system to be tested built on … Proprietary Technology but NO 1 0.5 0.50

Project Specific Risk

# Risk Perceived Risk Classification

1 Others 1.00 0.50 0.50

2 Others 1.00 0.50 0.50

3 Others 1.00 0.50 0.50

4 Others 1.00 0.50 0.50

5 Others 1.00 0.50 0.50

6 Others 1.00 0.50 0.50

7 Others 1.00 0.50 0.50

8 Others 1.00 0.50 0.50

9 Others 1.00 0.50 0.50

10 Others 1.00 0.50 0.50

11 Others 1.00 0.50 0.50

12 Others 1.00 0.50 0.50

13 Others 1.00 0.50 0.50

14 Others 1.00 0.50 0.50

15 Others 1.00 0.50 0.50

Risk Probability


Risk Exposure value

Risk probability

(value between 0 to

1)Risk Impact (value between 0

to 1)Risk Exposure

value

Page 5 of 14


16 Others 1.00 0.50 0.50

17 Others 1.00 0.50 0.50

18 Others 1.00 0.50 0.50

19 Others 1.00 0.50 0.50

20 Others 1.00 0.50 0.50

21 Others 1.00 0.50 0.50

22 Others 1.00 0.50 0.50

23 Others 1.00 0.50 0.50

24 Others 1.00 0.50 0.50

25 Others 1.00 0.50 0.50

Analysis of calculated % Risk:

Low Risk (0-0.3) 0.3

Medium Risk(>0.3 and <=0.7) 0.7

High Risk( >0.7) > 0.7

Page 6 of 14

Risk Management Menu

Risk Classification Risk Source Risk Owner

Mitigation Plan Contingency Plan Risk Follow-up

Action item Action item

Client Engagement Poorly defined Business Objectives Medium ###Client Engagement Insufficient details about the contract Medium ###Client Engagement Creeping User Requirements Medium ###

Client EngagementInsufficient operational experience for the customer Medium

###Client Engagement Complexity of Application / System Medium ###Client Engagement Non conducive client environment Medium ###Client Engagement Lack of knowledge of critical-to-business factors Medium ###

Client EngagementLack of Application ownership by client personnel Medium

###Project & Program Managemen Insufficient Knowledge management Medium ###Project & Program Managemen Difficulty in status tracking and co-ordination Medium ###Project & Program Managemen Unrealistic SLAs Medium ###Project & Program Managemen Weak skill matrix Medium ###Project & Program Managemen Aggressive Schedules / Cost / SLAs Medium ###Project & Program Managemen Volatile client business processes Medium ###Project & Program Managemen Acceptance crideria not clear Medium ###Project & Program Managemen Dependency on Resources Medium ###

Quality & ProcessInsufficient Process / Technology / Domain knowledge Medium

###Quality & Process Lack of communication Medium ###Quality & Process Lack of communication with client Medium ###Technology & Architecture Complex technology/architecture Medium ###Technology & Architecture Complex System Interfaces Medium ###Technology & Architecture Performance as a critical-to-quality factor Medium ###Technology & Architecture Complex Data requirements Medium ###Technology & Architecture Complex Non-functional requirements (NFR) Medium ###Technology & Architecture Technical Skill level of proprietary system Medium ###Technology & Architectur Environment dependency between LocationsLow ###

Help

Severity (High,

Medium, Low)

Cost impact in Mitigating

the Risk (Yes/No)

Planned closure date

Actual closure date

Planned closure

date

Actual closure

date

Date on which next

follow-up is

required

Actual Follow-up Date

Follow-up

details

QTDM-TESTRSK - Risk Response Plan <Project Name/ Program Name>Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.>

Last updated by <name > on <date>

GO

Low4%

Medium96%

Risk Severity Distribution

F5

Mitigate before the risk occurs

I5

Implement once the risk occurs

L5

(a) Mitigation and contigency plan evaluation. (b) Followup on closure of Mitigation Plan (c) Followup on closure of contigency plan

Page 7 of 14

Using the Risk Cost benefit Analysis Sheet

Risk Source Risk Owner Mitigation Plan

Risk Cost benefit analysis Sheet need to be developed for the risk sources that you have identified for the project/progra involves Procurement of hardware/software/any other infrastructure/other services to be acquired like training.This sheet helps the PM do a Cost Benefit analysis on the Mitigation cost and the Risk Cost. This sheet can also be tailored as per the projects needs .Pls add more rows / columns as required.

Severity (High, Medium, Low)

Mitigation Cost

(<UOM>)

QTDM-TESTRSK - Risk Response Plan <Project Name/ Program Name>Form NO:QTDM-QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.>


Page 8 of 14

Using the Risk Cost benefit Analysis Sheet

Cost Benefit Analysis Decision

Risk Cost benefit analysis Sheet need to be developed for the risk sources that you have identified for the project/progra involves Procurement of hardware/software/any other infrastructure/other services to be acquired like training.This sheet helps the PM do a Cost Benefit analysis on the Mitigation cost and the Risk Cost. This sheet can also be tailored as per

Risk Cost (<UOM>)

QTDM-TESTRSK - Risk Response Plan <Project Name/ Program Name>Form NO:QTDM-QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.>


Page 9 of 14

Using the Risk Tracking Sheet:

Risk Classification Source of risk Select 9/17 10/2 10/17 11/1 11/16

This Risk Tracking worksheet provides facilities to baseline the Risk exposure value, whenever the characterisation of risks are changed. This baseline value is used in the Risk chart sheet to view the trend. Click "Baseline" to Baseline Risk Exposure valueUse the filter option to select the risks for which you would like to see the trend over the life time of the project

Baseline

QTDM-TESTRSK - Assessment Report <Project Name/ Program Name>Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.> Last updated by <name > on <date>

Page 10 of 14

QTDM-TESTRSK - Assessment Report <Project Name/ Program Name>Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.> Last updated by <name > on <date>

Page 11 of 14

12/1 12/16 12/31 1/15 1/30 2/14 3/1 3/16

Page 12 of 14

Page 13 of 14

0

2

4

6

8

10

12Risk Exposure Value

Row 8 Row 9 Row 10 Row 11 Row 12 Row 13 Row 14



Row 29 Row 30 Row 31 Row 32 Row 33

QTDM-TESTRSK - Assessment Report <Project Name/ Program Name>Form NO:QTDM-TESTRSK.xls / 2.0 / 15.11.2004 C3: Protected Controlled Copy Project ID:<Project Id.> <SCI.ID.> / Ver: <Ver No.>


Page 14 of 14

Change Log

Please note that this table needs to be maintained even if a Configuration Management tool is used.

Version Number Changes madeV1.0 <First version>V1.1

Page no Changed by Effective date Changes effected

V1.2Page no Changed by Effective date Changes effected

<If the change details are not explicitly documented in the table below, reference should be

<If the change details are not explicitly documented in the table below, reference should be provided here>

Testing Risk Document

Documents