It's impossible to test everything-even in the most trivial of systems. Tight time schedules and shortages of trained testing personnel exacerbate this problem; so do changing priorities, feature creep, and loss of resources. In many companies, test professionals either begin their work on whichever components they encounter first, or the parts they're most familiar with. Unfortunately, these approaches may result in the delivery of a system where the most critical components remain untested. Or, at the very least, critical components are tested later in the lifecycle when there may not be time to fix the problems found. All of this adds to the risk of a project. One way to overcome every one of these challenges is to employ the use of risk analysis. Rick Craig demonstrates the basics of a usable process for assigning testing priorities based on relative risk.
With risk-based testing, you identify risks and then run tests to gather more information about them. Formal risk analysis is often necessary for identifying and assessing risks with new domains or technologies. A common problem, however, is how to assess risks when you have little information. Learn how to use testing to identify risks, reach team agreement on risk magnitude, and identify actions which allow these risks to be understood and mitigated.