School of Computing, Engineering
& Mathematical Sciences
Introduction
Imagine a company is implementing a brand-new software system, and they want to ensure they deliver the
highest quality of software to their customers. A primary approach for delivering high quality software is to
conduct a quality risk assessment early in the software development lifecycle, to identify project and product
risks that can be mitigated (treated) by testing and quality assurance activities. This allows us to strategise
and plan an approach to testing and QA that prevents and detects defects much earlier in the lifecycle.
Generative AI can be helpful for brainstorming quality risks, but can we trust it to do the job for us?
The aim of this assignment is to:
1. Demonstrate your capabilities in conducting a quality risk assessment, and
2. Learn the advantages and limitations of using generative AI to identify project and product risks.
You are welcome to use ideas and materials from lecture 2 and lab 2 to support this assignment, and the risk
assessment questionnaire that has been provided for lab 2 and the assignment..
Individual Assignment
This is an individual assignment. You are not permitted to work in groups when writing your answers to this
assignment. However, you are welcome to brainstorm risks together with other students, as part group
activities associated withs lab 2 and 3.
When submitting the assignment, students are required to submit their own work only. La Trobe University
treats plagiarism seriously. When detected, penalties are strictly imposed. Further information can be found
on https://www.latrobe.edu.au/students/admin/academic-integrity.
Total Subject Grade Contribution
This assignment contributes a total of 45% to your overall mark for the subject.
Due Date
This assignment is due at end of day (11.59pm) on Sunday 15th September 2024.
A penalty of 5% per day will be imposed for late assignments, and assignments can be submitted up to 5 days
late at most (except in situations where special consideration applies). If you resubmit your assignment after
the due date, it will be considered a late submission and will incur a 5% penalty per day (except in situations
where special consideration applies).
Submission
You are welcome to submit your answers in MS Excel, MS Word or PDF. It is preferable that all work be
submitted in one file and that the file not be zipped.
Subject Intended Learning Outcomes
This assignment is designed to contribute towards the following learning outcomes:
? Relate the multiple industry-based roles involved in modern software testing
School of Computing, Engineering
& Mathematical Sciences
Page 3 of 8
Assignment Tasks
The following tasks are mandatory and must be completed for this assignment.
Task 1 C Quality Risk Assessment
In this task, you will conduct a quality risk assessment for a chosen customer and system, based on the
quality characteristics and sub-characteristics in the ISO/IEC 25010 product quality model.
You are not permitted to use generative AI for this task. All ideas and answers must be your own. All answers
must be written in your own words.
Complete the following tasks:
1. Choose a customer and system as the basis for your quality risk assessment. Specify the customer s
name, system name (if known), and briefly describe the system.
You do not need to submit a customer profile for this task (although you may find the process we
followed in lab 1 will support you in understanding your chosen customer).
2. Using the ISO/IEC 25010:2023 product quality model, and the risk assessment questionnaire
provided in lab 2, identify a set of project and product risks for your system. For each risk, identify
potential impacts, risk levels, and risk mitigations (including preventative and detective testing & QA
activities that can mitigate each risk).
Include the following in your risk assessment:
a) At least 1 risk per sub-characteristic from the ISO/IEC 25010:2023 product quality model (i.e.
minimum 40 risks). To support the process, read the risk assessment questionnaire, and consider
how each characteristic and sub-characteristic might matter to your customer and their
stakeholders (e.g., executives, managers, customers, staff, end-users). Please ensure you list the
quality characteristic and the sub-characteristic for each risk.
b) At least 1 risk per project risk type from the risk assessment questionnaire (i.e. minimum 8
project risks).
c) Identify potential impacts, risk levels and mitigations for each risk.
d) Document the above in a risk register.
e) Provide a risk matrix to support your assignment of risk level.
f) Document your assumptions (minimum 5 assumptions).
School of Computing, Engineering
& Mathematical Sciences
Page 4 of 8
Task 2 C AI-Generated Quality Risks
In this task, you will use a generative AI tool to generate quality risks for the same customer and system.
The aim is to find out what types of risks generative AI tools are able to produce, based on their current levels
of capability. You do not need to reword or improve the risks or mitigations.
For the same customer and system, use the generative AI tool to complete the following tasks:
3. Choose a generative AI tool, specifying the name and URL of the tool.
4. For the same customer and system, ask the tool to generate:
a. A set of 40 (minimum) product quality risks. You may need to run a series of prompts to
generate a minimum of 40 risks.
b. A set of 8 (minimum) testing project risks.
c. Potential risk impacts, risk levels, and risk mitigations including preventative and detective
testing and QA activities, for each risk.
d. Document the above in a risk register.
e. Document the prompts that were used to generate the above.
School of Computing, Engineering
& Mathematical Sciences
Page 5 of 8Task 3 C Compare the Results
In this task, you will compare the risks you identified, against those that were generated by the AI tool.
You are not permitted to use generative AI for this task. All ideas and answers must be your own. All answers
must be written in your own words.
5. Compare the risks that were identified in tasks 1 and 2, providing answers to the following questions
(including rationale/justification for each answer):
a) Did the AI tool generate any risks that were not included in your risk register?
a. Would any of the new risks have been useful to include in your risk register (e.g., to
produce a higher-quality system for the customer)?
b. Were any of the new risks not useful?
b) Were any ISO/IEC 25010:2023 product quality sub-characteristics missed by the AI tool?
a. Which sub-characteristics were missed?
b. Why do you think they were missed?
c. Could any of the missing sub-characteristics impact on the quality of the system?
c) Did the AI tool introduce any new risk types that were not included in the ISO/IEC 25010:2023
product quality model?
a. Were they useful?
b. Would they be useful to include in the ISO/IEC 25010 product quality model?
d) Which approach to risk identification do you think could result in a higher-quality system C task