Analyse the business risk of software defects

I would be surprised if anyone has been spared the annoyance of having an IT application crash while they were using it, but have...


I would be surprised if anyone has been spared the annoyance of having an IT application crash while they were using it, but have you ever wondered why an organisation decides to go live with an application that has defects?



Although many bugs will be minor and will not affect users, problems can occur when the software is mission-critical and bugs could potentially bring the application down.

Organisations take a chance by stating that a certain percentage of the defects are acceptable and can be fixed by patches, as there is no way of knowing how critical or damaging the defects are.

There is an alternative to taking such uncalculated risks. Organisations can use risk analysis to highlight the areas of an application that would have the largest impact on business operations if they failed.

Once the risk analysis is complete, a test strategy can be developed which concentrates testing efforts on the higher risk elements of the application - the mission-critical defects.

This means a company is then able to gauge which defects are acceptable and which are not, rather than taking a blanket approach and saying that a certain number of defects can be tolerated without knowing which part of the application or business process they might affect.

Consider, for example, an e-commerce application. Risk analysis would show that defects or bugs in the payment and ordering part of the application would seriously affect the company's bottom line, whereas a defect in the product catalogue of the application might not be so critical.

Not only does risk analysis allow you to make more informed decisions about how critical the risk is, it also allows the IT department to be more effective in dealing with pressure from other parts of the business to go live with applications.

Research by Compuware found that 60% of senior IT professionals have been asked to go live with an application that had quality problems. A risk analysis would allow IT teams to demonstrate the business risks of going live and show how these risks could be reduced by focused testing and letting business people decide the level of risk they are prepared to carry.

You will never be able to test every part of an application because of time constraints, but by using a risk-based approach, you can be sure you are testing the right areas to reduce the risk to the business and the bottom line.

Sarah Saltzman is technology manager at Compuware

Read more on Antivirus, firewall and IDS products