What is quality risk? We see the evidence of quality risk becoming an issue when bugs are discovered. The International Software Testing Qualifications Board define a defect as:

 

"...an imperfection or deficiency in a work product where it does not meet its requirements or specifications"

​

Of course, projects try and stop defects in two ways:

1. Prevent defects using a development process to lessen defects occurring; and

2. Detect defects before go-live with testing.

​​

Quality risk management is the process of managing the detection, assessment and prevention of quality risks before they become issues. For too long the time/cost/quality triangle has been the default description of this process. And the usual thing that goes with it - "You can only pick two!"

​

We take a more holistic view to concentrate on the true outcome of a project - success, and those things that can affect that success. You can have all five if you want, but it's more important to understand the relationship between each, and how changes could affect the project outcome.

 

Testing, after all, is only a part of quality risk mitigation. It isn't quality risk management. 

​