decorative image for blog on fmea risk assessments
November 11, 2021

Replacing the FMEA Risk Assessment: How to Manage Risk in an Agile World

Application Lifecycle Management

Product failures and defects can occur on many different shapes and levels, impacting any part of the user experience, functionality, and even safety. In the past, organizations were taking the approach of of Failure Mode and Effects Analysis (FMEA) for risk assessment. This allowed teams to identify and prevent failure before a product or update is released.

In this blog, we discuss how risk management has evolved beyond FMEA risk assessments, and the steps organizations use to manage and prevent risk throughout the lifecycle of their applications.

Why Was FMEA Important?

FMEA was important, not only to keep production costs at a minimum, but also to protect the business — and potentially the user — from harm.

Organizations are required today to increase their velocity without compromising quality or safety. Therefore, the FMEA approach requires adjustments to the Agile reality we’re living in. Simply conducting FMEA, without folding it into a proper risk management strategy, can create visibility and quality gaps that can potentially leave the business vulnerable to costly product recalls, regulatory actions, and a damaged reputation.

Let’s review why and how to create a quality strategy that puts risk management at the forefront of what was previously an FMEA risk approach.

How (Formerly FMEA) Risk Assessment Impacts Your Bottom Line

If you’re in a regulated or safety-critical industry, product failure can lead to injury or put life at stake. Clearly user safety is a top priority, but that’s not the only thing that can go wrong.

In any industry, product failure impacts the user experience — which influences their overall impression of and trust in your brand. Even if the consequences are not devastating to the user, they could devastate your ability to create revenue. 

Consider if you buy a car and it has a recall. Even if that recall does not put you and your family in danger, you may question the overall safety of that manufacturer. Additionally, now you have to dedicate time to bring your car in, which could disrupt your plans and schedule. Even the most loyal customer can get fed up quickly.

In a world where online reviews drive business, you can’t risk foreseeable product failure. 

A good risk management strategy takes all these possible failures into consideration and ensures that testing happens early enough to not only mitigate all the risks, but keep production on schedule.

How to Create a Quality Strategy to Better Manage (FMEA) Risk

Outside of using a template or worksheet to actually conduct what used to be FMEA risk assessment, today you need an overall Agile risk management strategy to be effective. This should be considered part of your overall life cycle management, and connect to business values.

A quality strategy ensures that everyone is on the same page, everything is done at the correct time, and all processes are thorough enough to mitigate all risks.

We’ll outline high-level steps that you can use to build your strategy.

However, considering the most common reasons for potential failures, it’s important to first establish the foundation of your strategy.

The Core of Your Plan 


The foundation of any successful risk management plan will have the following two characteristics.

1. Testing Requirements

Specifically, testing requirements that address potential failures and their impact outlined with the product requirements.

By including the testing requirements (which include all failure modes) as a standalone section of your requirements, you’re asking yourself what could go wrong at the beginning of the production lifecycle. This is the best way to ensure that you’re testing early, and you’re tying testing into every step of the workflow.

Doing this helps you establish effective quality gates, so that you can narrow down or eliminate critical defects when they occur. You prevent identifying issues past the point of context that is needed to fix it quickly. Furthermore, you’re not going back to a developer to ask about a functionality that was developed months ago. They won’t have any idea. In the case they do, switching contexts doesn’t come for free.

The cost of fixing a defect grows as you get closer to production or a release. And if the defect is part of the release, the cost could be your business or a life.

2. Established Traceability

Two major issues are solved when you incorporate traceability into your risk management.

First, by tracing test cases to requirements in a central repository, you create a single source of truth. This is the easiest way to combat what happens when teams are siloed or disorganized. 

If one person is using a spreadsheet to track requirements, and another person uses a notebook to capture changes, and another person jots down thoughts on a napkin while in a lunch meeting, there is no way the testing team will get the right information. And even if all of these people can centralize their versions, similar confusion happens when different teams use different tools for their workflows. Traceability puts everyone on the same page.

The second reason why traceability is critical to the foundation of your risk management is that often teams don’t know in which mode or area of product the failure occurred. Or they don’t know the impact of that failure on other areas.

For example, if you have a software solution and your login test cases fail, it's not just that specific functionality that’s impacted. Dozens of functions are not accessible when a login module isn’t working. Similarly, a certain chip or module within the engine of a car will have a collateral impact on more than just one test case. 

Using a risk assessment that creates traceability between requirements, test cases, their actual execution creates transparency for the test coverage, progress, and expected issues.

In other words, understanding the potential, complete impact of a failure allows a tester to build a proper test plan to ensure it doesn’t happen.

Replacing FMEA: Steps to a Good Risk Management Strategy

Understanding the importance of tying risk management into your requirements, and having traceability across teams, you’re ready to build an overall strategy. Here are the basic steps we recommend.

  1. Identify each potential business risk and the negative consequences of each risk. When you complete writing your requirements, ask yourself what may go wrong. 
  2. Identify prevention methods for each. When you finish writing out a consequence, break down what can be done to prevent/mitigate that risk. What are the tests that need to be written to eliminate it?
  3. For each test, articulate the definition of done. Done means that an effective and meaningful testing plan has eliminated any potential risk tied to it.  
  4. Draft all scenarios and create a testing plan that tests everything. Every requirement should be broken into a very detailed test plan that says these are the positive cases we want to test; these are the negative cases we want to test. If result A happens, it means it fails. If B happens, it passes. If C occurs, we need to get back to the product team to understand what it means. 
  5. Make sure you’ve connected the risk management to the requirements and created that traceability. This is challenging to do with a spreadsheet; we recommend using a traceability tool that automates this.
  6. Use that traceability to measure progress and check alignment. Again, test early and test often so that you don’t have to scramble to go back.

Close Gaps More Easily with a Traceability Tool

As traceability is paramount to a successful risk management strategy, it should be top of mind when choosing a solution. Helix ALM is an excellent traceability tool you can customize to work the way you do. You can create a risk assessment matrix and automatically link all artifacts associated with a particular risk to the rest of your core items such as requirements, issues, test cases and more.

Additionally, it allows you to:

  • Set rules that prevent a user from moving forward until a specific condition is met
  • Assign ownership of the risk management plan
  • Create visibility across the entire development lifecycle
  • And more

See How Helix ALM Reduces Risk

At the end of the day, an automated traceability tool like Helix ALM reduces risk, lowers development costs, improve cross team collaboration (and thus overall efficiency) and expedite your time to market. Watch an on-demand demo to see what else it can do for you.

WATCH THE DEMO