name	risk-based-testing
description	Focus testing effort on highest-risk areas using risk assessment and prioritization. Use when planning test strategy, allocating testing resources, or making coverage decisions.
category	testing-methodologies
priority	high
tokenEstimate	1000
agents	qe-regression-risk-analyzer, qe-test-generator, qe-production-intelligence, qe-quality-gate
implementation_status	optimized
optimization_version	1
last_optimized	Tue Dec 02 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
dependencies
quick_reference_card	true
tags	risk, prioritization, test-planning, coverage, impact-analysis

Risk-Based Testing

When planning tests or allocating testing resources: 1. IDENTIFY risks: What can go wrong? What's the impact? What's the likelihood? 2. CALCULATE risk: Risk = Probability × Impact (use 1-5 scale for each) 3. PRIORITIZE: Critical (20+) → High (12-19) → Medium (6-11) → Low (1-5) 4. ALLOCATE effort: 60% critical, 25% high, 10% medium, 5% low 5. REASSESS continuously: New info, changes, production incidents

Quick Risk Assessment:

Probability factors: Complexity, change frequency, developer experience, technical debt
Impact factors: User count, revenue, safety, reputation, regulatory
Dynamic adjustment: Production bugs increase risk; stable code decreases

Critical Success Factors:

Test where bugs hurt most, not everywhere equally
Risk is dynamic - reassess with new information
Production data informs risk (shift-right feeds shift-left)

Quick Reference Card

When to Use

Planning sprint/release test strategy
Deciding what to automate first
Allocating limited testing time
Justifying test coverage decisions

Risk Calculation

Risk Score = Probability (1-5) × Impact (1-5)

Score	Priority	Effort	Action
20-25	Critical	60%	Comprehensive testing, multiple techniques
12-19	High	25%	Thorough testing, automation priority
6-11	Medium	10%	Standard testing, basic automation
1-5	Low	5%	Smoke test, exploratory only

Probability Factors

Factor	Low (1)	Medium (3)	High (5)
Complexity	Simple CRUD	Business logic	Algorithms, integrations
Change Rate	Stable 6+ months	Monthly changes	Weekly/daily changes
Developer Experience	Senior, domain expert	Mid-level	Junior, new to codebase
Technical Debt	Clean code	Some debt	Legacy, no tests

Impact Factors

Factor	Low (1)	Medium (3)	High (5)
Users Affected	Admin only	Department	All users
Revenue	None	Indirect	Direct (checkout)
Safety	Convenience	Data loss	Physical harm
Reputation	Internal	Industry	Public scandal

Risk Assessment Workflow

Step 1: List Features/Components

Feature | Probability | Impact | Risk | Priority
--------|-------------|--------|------|----------
Checkout | 4 | 5 | 20 | Critical
User Auth | 3 | 5 | 15 | High
Admin Panel | 2 | 2 | 4 | Low
Search | 3 | 3 | 9 | Medium

Step 2: Apply Test Depth

await Task("Risk-Based Test Generation", {
  critical: {
    features: ['checkout', 'payment'],
    depth: 'comprehensive',
    techniques: ['unit', 'integration', 'e2e', 'performance', 'security']
  },
  high: {
    features: ['auth', 'user-profile'],
    depth: 'thorough',
    techniques: ['unit', 'integration', 'e2e']
  },
  medium: {
    features: ['search', 'notifications'],
    depth: 'standard',
    techniques: ['unit', 'integration']
  },
  low: {
    features: ['admin-panel', 'settings'],
    depth: 'smoke',
    techniques: ['smoke-tests']
  }
}, "qe-test-generator");

Step 3: Reassess Dynamically

// Production incident increases risk
await Task("Update Risk Score", {
  feature: 'search',
  event: 'production-incident',
  previousRisk: 9,
  newProbability: 5,  // Increased due to incident
  newRisk: 15         // Now HIGH priority
}, "qe-regression-risk-analyzer");

ML-Enhanced Risk Analysis

// Agent predicts risk using historical data
const riskAnalysis = await Task("ML Risk Analysis", {
  codeChanges: changedFiles,
  historicalBugs: bugDatabase,
  prediction: {
    model: 'gradient-boosting',
    factors: ['complexity', 'change-frequency', 'author-experience', 'file-age']
  }
}, "qe-regression-risk-analyzer");

// Output: 95% accuracy risk prediction per file

Agent Coordination Hints

Memory Namespace

aqe/risk-based/
├── risk-scores/*        - Current risk assessments
├── historical-bugs/*    - Bug patterns by area
├── production-data/*    - Incident data for risk
└── coverage-map/*       - Test depth by risk level

Fleet Coordination

const riskFleet = await FleetManager.coordinate({
  strategy: 'risk-based-testing',
  agents: [
    'qe-regression-risk-analyzer',  // Risk scoring
    'qe-test-generator',            // Risk-appropriate tests
    'qe-production-intelligence',   // Production feedback
    'qe-quality-gate'               // Risk-based gates
  ],
  topology: 'sequential'
});

Integration with CI/CD

# Risk-based test selection in pipeline
- name: Risk Analysis
  run: aqe risk-analyze --changes ${{ github.event.pull_request.files }}

- name: Run Critical Tests
  if: risk.critical > 0
  run: npm run test:critical

- name: Run High Tests
  if: risk.high > 0
  run: npm run test:high

- name: Skip Low Risk
  if: risk.low_only
  run: npm run test:smoke

Related Skills

agentic-quality-engineering - Risk-aware agents
context-driven-testing - Context affects risk
regression-testing - Risk-based regression selection
shift-right-testing - Production informs risk

Remember

Risk = Probability × Impact. Test where bugs hurt most. Critical gets 60%, low gets 5%. Risk is dynamic - reassess with new info. Production incidents raise risk scores.

With Agents: Agents calculate risk using ML on historical data, select risk-appropriate tests, and adjust scores from production feedback. Use agents to maintain dynamic risk profiles at scale.

risk-based-testing

Install Skill

SKILL.md