Imagine there are two requirements for a banking website. Requirement one states that users can transfer funds between their accounts, and Requirement two states that users can look up the closest bank branch or ATM.
Let’s first assign the requirements’ Damage and Frequency Class with a value of 1 to 5, one being low and 5 being high. For Requirement one, you may assign a value of 5 to the Damage Class, because the bank will face major fines if a money transfer fails and the user loses money. You may assign a value of 2 to the Frequency Class because the transfer functionality isn’t used that often. With these two numbers, we calculate the Requirement Weight for Requirement one by raising 2 to the exponential of the damage class and adding that with raising 2 to the exponential of the frequency class. In this case, it will be 25 + 22 = 36.
For Requirement two, you may assign a value of 1 to the Damage Class because failing to find a nearby branch or ATM isn’t that damaging to the business. You may assign a value of 3 for the Frequency Class since looking up a branch location is relatively used more often than making monetary transfers. Using these two numbers, the Requirement Weight for Requirement two would be 21 + 23 = 9.
Once all the Requirement Weights have been calculated, we can calculate the Requirement Risk. For Requirement one, the Requirement Risk is its Requirement Weight, 36, divided by the total Requirement Weight (36 + 9), which gives us 36 / (36 + 9) = 80%. Requirement Risk of Requirement 2 is 9 / (9 + 36) = 20%.
The Requirement Risk can also be seen as the business risk impact of the requirement. Note, that the sum of the Requirement Risk of all the requirements should always add up to 100%.
Next, is the Test Coverage calculation. If Requirement one has only 3 out of 5 test cases being tested than the test coverage would be 3 / 5, making the Test Coverage 60%. For Requirement two, if there are 2 out of 5 test cases being tested, then the Test Coverage would be 2 / 5 = 40%
Requirement Risk Coverage can now be calculated by multiplying each requirement’s Requirement Risk by the Test Coverage. For Requirement one it would be 80% x 60% = 48% and the Risk Coverage for Requirement two is 20% x 40% = 8%.
And finally, we sum up the Risk Coverage of all the requirements to get the Total Risk Coverage. In this example there are only 2, we have 48% + 8% = 56% total Risk Coverage for our banking website. That means that the current test suite is only testing 56% of the business risk of this application.