Sample Project Risk Assessment Questionaires

SAMPLE RISK ASSESSMENT FORMS
2000 2007, Rice Consulting Services, Inc. 1

Risk Assessment Checklist
Area of Focus: Correctness Completed By: Date:
uestion Comments Yes No N/A Weight Numeric
Factor Score
ave project requirements been 1 3 3
ocumented in writing for the
pplication?
ave functional requirements been 1 1 1

pplication functions?
ave test objectives been defined for 1 2 2

e application, based on project
quirements?
there a defined process in place for 1 3 0

eveloping the application?
a defined process followed by web 1 4 0

evelopers and testers in developing
e e-commerce web site?

viewed for correctness?
ave test cases been defined to cover 1 4 4

l business processes performed in
e application?
ave test cases been defined to 1 3 3

alidate all edits?
ave test cases been defined to test 1 2 2

l calculations?
ave tests been performed to cover 1 1 0

l planned test cases?
Total 28 15
The weighting factor is based on relative criticality and importance to this area of assessment focus. Recommend range is from
one to 5. (The weighting factors shown in this example are not intended to be recommended values.)
The numeric score is automatically calculated. To recalculate values, select the table and press F9.

Area of Focus: Security Completed By: Date:
Factor Score
a security policy documented in 1 3 0
riting for the application?
ave response procedures been 1 1 1

ocumented in the event of a security
each?
as a security assessment been 1 2 2

erformed for the application?
re adequate security testing tools in 1 3 0

ace for the application?
re adequate security preventative 1 4 0

nd detection tools in place for the
pplication?

viewed for security?
ave firewall installation and 1 4 4
aintenance procedures been
valuated?
ave security functions been 1 3 3

dependently tested by a third party?
there someone responsible for 1 2 0

dministering security of the
pplication?
oes the security administrator keep 1 1 0

breast of security threats, issues,
ols, and solutions.
Total 28 10

Area of Focus: Usability Completed By: Date:
Factor Score
re usability objectives documented in 1 3 0
ave web site standards been 1 1 1

ocumented?
ave early prototypes of the site been 1 2 2

viewed by representative customers?
a usability test team in place? 1 3 3
re usability surveys and forms used 1 4 0

y usability testers?

viewed for usability?
usability feedback provided early in 1 4 4
e development life cycle?
ave usability functions been 1 3 3

as site navigation been tested for 1 2 2

ability?
ave customer instructions been tested 1 1 1

om a usability standpoint?
Total 28 16

Area of Focus: Performance Completed By: Date:
Factor Score
ave performance objectives been 1 3 0
pplication?
ave stress points been identified in the 1 1 1

pplication?
ave critical transactions been 1 2 2

entified and documented for load
sting?
re adequate load testing tools in place 1 3 3

r the application?
o testers understand how to use the 1 2 0

ad testing tools effectively?

viewed for performance?
ave load projections been 1 4 4
ocumented?
as site performance been adequately 1 3 3

ad tested?
as transaction throughput been tested 1 4 0

r the application?
re adequate monitoring tools in place 1 5 0

measure server performance and
ert system administrators when stress
onditions occur?
Total 32 18

Area of Focus: Compatibility Completed By: Date:
Factor Score
ave the target platforms been 1 3 0
entified for the application?
ave test plans been developed for 1 1 1

sting the application of the target
atforms?
Were the differences in target platforms 1 2 2

onsidered during development?
re all target platforms available for 1 3 0

sting?
there a controlled test environment 1 4 0

r compatibility testing?
the test itself compatible between 1 5 0

atforms?
as time been built into the schedule 1 4 4

the scope of compatibility testing 1 3 3

mall enough to reasonably perform?
there a strategy in place to involve 1 3 0

ustomers in compatibility testing?
beta testing is used for compatibility 1 4 0

sting, is there a reliable way to
pture test results from customers?
Total 32 10

Area of Focus: Integration Completed By: Date:
Factor Score
ave project integration 1 3 0
quirements been documented in
ave specific points of integration 1 1 1

een documented in writing for the
o test objectives include integration 1 2 2

ith internal business systems?

ith external business systems?
ith external organizations and
usiness?
viewed for correctness regarding
terfaces?

l points of integration with the
pplication?
o test scenarios span all points of 1 3 3

tegration in the application?
ave the appropriate people been 1 2 2

ontacted in other organizations to
oordinate external interface testing?
ave interfaces been tested at the 1 1 0

nit and system levels?
Total 28 20

Area of Focus: Reliability Completed By: Date:
Factor Score
ave reliability requirements been 1 3 3
pplication?

ave test objectives been defined for 1 2 2

e application reliability, based on
oject requirements?
there a way to measure reliability 1 3 3

the application?
a tool in place to automate 1 4 0

liability testing?

viewed for reliability?

ocesses that impact reliability of
e application?
ave backup and recovery 1 3 3

ocedures been defined in writing?
ave backup and recovery 1 2 2

ocedures been adequately tested?
ave tests been performed to cover 1 1 1

l planned reliability test cases?
Total 28 19

Sample Risk Spreadsheet
Business Process/Function Risk Assessment
# Business Process/Function Criticality to the Criticality and Criticality and sensitivity of Fraud Ability to Degree of Criticality of Size of user Level of Total
organization's sensitivity to well- data and information for: potential produce dependence external area affected process or score for
mission being, safety, or competitive advantage; audit trails on system interfaces with functional process/fu
interest of general customer confidence; other systems complexity nction
public, client, and ensuring privacy, or
customers confidentiality, or security organizations
1 0
2 0
3 0
4 0
5 0
6 0
7 0
8 0
9 0
10 0
11 0
Scoring legend: High Risk = 5, Moderate Risk = 3, Low Risk = 1, No Risk = 0
If the total risk for a process or function is between 30 and 45, it is high risk. If the score is between 15 and 30, it is moderate risk. If between 0 and 15 it is low risk.

BLANK RISK ASSESSMENT FORMS

Area of Focus: Correctness Completed By: Date:
Factor Score
ave project requirements been 0
pplication?
ave functional requirements been 0

ave test objective been defined for 0

e application, based on project
quirements?
there a defined process in place for 0

eveloping the application?
a defined process followed by web 0

evelopers and testers in developing
e e-commerce web site?

viewed for correctness?
ave test cases been defined to cover 0

l business processes performed in
e application?
ave test cases been defined to 0

alidate all edits?
ave test cases been defined to test 0

l calculations?
ave tests been performed to cover 0

l planned test cases?
Total 0 0
one to 5.

Area of Focus: Security Completed By: Date:
Factor Score
a security policy documented in 0
ave response procedures been 0

ocumented in the event of a security
each?
as a security assessment been 0

erformed for the application?
re adequate security testing tools in 0

ace for the application?
re adequate security preventative 0

nd detection tools in place for the
pplication?

viewed for security?
ave firewall installation and 0
aintenance procedures been
valuated?
ave security functions been 0

there someone responsible for 0

dministering security of the
pplication?
oes the security administrator keep 0

breast of security threats, issues,
ols, and solutions.
Total 0 0
one to 5.

Area of Focus: Usability Completed By: Date:
Factor Score
re usability objectives documented in 0
ave web site standards been 0

ocumented?
ave early prototypes of the site been 0

viewed by representative customers?
a usability test team in place? 0
re usability surveys and forms used 0

y usability testers?

viewed for usability?
usability feedback provided early in 0
e development life cycle?
ave usability functions been 0

as site navigation been tested for 0

ability?
ave customer instructions been tested 0

om a usability standpoint?
Total 0 0
one to 5.

Area of Focus: Performance Completed By: Date:
Factor Score
ave performance objectives been 0
pplication?
ave stress points been identified in the 0

pplication?
ave critical transactions been 0

entified and documented for load
sting?
re adequate load testing tools in place 0

r the application?
o testers understand how to use the 0

ad testing tools effectively?

viewed for performance?
ave load projections been 0
ocumented?
as site performance been adequately 0

ad tested?
as transaction throughput been tested 0

r the application?
re adequate monitoring tools in place 0

measure server performance and
ert system administrators when stress
onditions occur?
Total 0 0
one to 5.

Area of Focus: Compatibility Completed By: Date:
Factor Score
ave the target platforms been 0
entified for the application?
ave test plans been developed for 0

sting the application of the target
atforms?
Were the differences in target platforms 0

onsidered during development?
re all target platforms available for 0

sting?
there a controlled test environment 0

the test itself compatible between 0

atforms?
as time been built into the schedule 0

the scope of compatibility testing 0

mall enough to reasonably perform?
there a strategy in place to involve 0

ustomers in compatibility testing?
beta testing is used for compatibility 0

sting, is there a reliable way to
pture test results from customers?
Total 0 0
one to 5.

Area of Focus: Integration Completed By: Date:
Factor Score
ave project integration 0
quirements been documented in
ave specific points of integration 0

een documented in writing for the
o test objectives include integration 0

ith internal business systems?

ith external business systems?
ith external organizations and
usiness?
viewed for correctness regarding
terfaces?

l points of integration with the
pplication?
o test scenarios span all points of 0

tegration in the e-commerce
pplication?
ave the appropriate people been 0

ontacted in other organizations to
oordinate external interface testing?
ave interfaces been tested at the 0

nit and system levels?
Total 0 0
one to 5.

Area of Focus: Reliability Completed By: Date:
Factor Score
ave reliability requirements been 0
pplication?

ave test objectives been defined for 0

e application reliability, based on
oject requirements?
there a way to measure reliability 0

the application?
a tool in place to automate 0

liability testing?

viewed for reliability?

ocesses that impact reliability of
e application?
ave backup and recovery 0

ocedures been defined in writing?
ave backup and recovery 0

ocedures been adequately tested?
ave tests been performed to cover 0

l planned reliability test cases?
Total 0 0
one to 5.

Sample Project Risk Assessment Questionaires

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Sample Project Risk Assessment Questionaires

Diunggah oleh

Hak Cipta:

Format Tersedia

SAMPLE RISK ASSESSMENT FORMS

2000 2007, Rice Consulting Services, Inc. 1

ave functional requirements been 1 1 1

ave test objectives been defined for 1 2 2

there a defined process in place for 1 3 0

a defined process followed by web 1 4 0

ave functional requirements been 1 5 0

ave test cases been defined to cover 1 4 4

ave test cases been defined to 1 3 3

ave test cases been defined to test 1 2 2

ave tests been performed to cover 1 1 0

2000 2007, Rice Consulting Services, Inc. 2

ave response procedures been 1 1 1

as a security assessment been 1 2 2

re adequate security testing tools in 1 3 0

re adequate security preventative 1 4 0

ave functional requirements been 1 5 0

ave security functions been 1 3 3

there someone responsible for 1 2 0

oes the security administrator keep 1 1 0

2000 2007, Rice Consulting Services, Inc. 3

ave web site standards been 1 1 1

ave early prototypes of the site been 1 2 2

a usability test team in place? 1 3 3

re usability surveys and forms used 1 4 0

ave functional requirements been 1 5 0

ave usability functions been 1 3 3

as site navigation been tested for 1 2 2

ave customer instructions been tested 1 1 1

2000 2007, Rice Consulting Services, Inc. 4

ave stress points been identified in the 1 1 1

ave critical transactions been 1 2 2

re adequate load testing tools in place 1 3 3

o testers understand how to use the 1 2 0

ave functional requirements been 1 5 5

as site performance been adequately 1 3 3

as transaction throughput been tested 1 4 0

re adequate monitoring tools in place 1 5 0

2000 2007, Rice Consulting Services, Inc. 5

ave test plans been developed for 1 1 1

Were the differences in target platforms 1 2 2

re all target platforms available for 1 3 0

there a controlled test environment 1 4 0

the test itself compatible between 1 5 0

as time been built into the schedule 1 4 4

the scope of compatibility testing 1 3 3

there a strategy in place to involve 1 3 0

beta testing is used for compatibility 1 4 0

2000 2007, Rice Consulting Services, Inc. 6

ave specific points of integration 1 1 1

o test objectives include integration 1 2 2

o test objectives include integration 1 3 3

ave test cases been defined to cover 1 4 4

o test scenarios span all points of 1 3 3

ave the appropriate people been 1 2 2

ave interfaces been tested at the 1 1 0

2000 2007, Rice Consulting Services, Inc. 7

ave functional requirements been 1 1 1

ave test objectives been defined for 1 2 2

there a way to measure reliability 1 3 3

a tool in place to automate 1 4 0

ave functional requirements been 1 5 0

ave test cases been defined to cover 1 4 4

ave backup and recovery 1 3 3