Guideline: 1. Determining Participants

Assessing product risks is difficult. You need to have knowledge of the system and the organisation, of possible damage and the chance of defects. The test manager does not possess this knowledge, or only to a limited extent. Moreover, the knowledge is usually distributed over various parties or persons. Therefore the organisation and client are responsible for the correct assessment of the product risks. In practice, the test manager is usually the facilitator and organiser of the PRA, approaching various people who can contribute knowledge about the product risks.

As a rule, the receiving parties are in the best position to estimate the damage and frequency of use, while the supplying parties can best estimate the chance of defects. Below you will find several examples of receiving and supplying parties, respectively:

Receiving parties - Client, (end) users, line managers, project board members, project manager and (functional and system) administrators can, in view of their knowledge of the environment in which the system will be used, provide insight into the damage due to failure and the expected frequency of use.
Suppliers - Architects, requirement managers, developers, designers, programmers, database administrators, quality management personnel, test managers, and project manager, in view of their knowledge of the creation process and the technical operation, can provide a good indication of the chance of defects.

In this step, the test manager estimates how many – and which - parties and persons are necessary to perform a PRA with sufficient reliability. He must take the test assignment into consideration, i.e. the fact if it is a PRA for a master test plan or a (supplementary) PRA for a system or acceptance test plan. For instance, the product risks for the system test are usually in “does the system do what is specified”, while for a users acceptance test, they focus more on the question “does the system support the organisation”.

The persons to be involved are not necessarily the same people listed for the activity “Understanding the assignment”. The PRA is intended as a further elaboration of the information obtained through the Understanding step, but is more test-specific and focused on the completeness of the product risks associated with the system.

In addition to the fact that the PRA serves as the basis for the test strategy, another advantage is that the various parties become more aware of both the risks and the contribution testing can make to make them more manageable. A shared and widely supported image of the main risks with their classifications is created. In the rest of the testing process, this helps realise commitment if decisions must be made in the relevant field.

Tips:

The complexity of the subject matter makes it difficult to ensure that a PRA is fully objective and detailed: PRAs are overall estimates. The test manager should make this clear to the participants.
In a PRA, the test manager requests a lot of input from different stakeholders. Because he asks for so much input, some parties may start to feel that the test manager is unable to do his work autonomously. The test manager can prevent this by explaining in advance in which period their input will be asked and making as many proposals as possible to serve as starting points.