Before your team starts scoring risks, it's worth shaping Risk-Based Testing to fit how your organization thinks about risk. TestCollab ships with defaults, so you can start immediately - but a few minutes tailoring the statuses, categories, scoring scales, and severity bands makes every risk score far more meaningful to your business.
Everything here is configured per project, so each project can have its own risk setup.
✍️ Only the administrators have access to risks settings.
Getting to Risk Settings
Open your project, go to its Settings, and choose Risks. This opens the Risk Settings page.
Risk Settings is organized into five tabs:
Statuses · Risk types · Likelihood · Impact · Exposure bands
Tab 1 - Statuses
Statuses are the lifecycle states a risk moves through.
Every status is either open or closed. "Closed" means the risk is considered resolved - this drives your residual-risk and coverage reporting, so it matters that the flag is set correctly.
Defaults out of the box:
Status | Treated as |
Identified | Open |
Analyzed | Open |
Mitigating | Open |
Mitigated | Closed |
Accepted | Closed |
This already mirrors how most teams work: a risk is spotted, assessed, actively worked on, then either reduced (Mitigated) or knowingly tolerated (Accepted).
To add or edit a status, click Add status (or Edit on a row). You set:
Name (e.g., Monitoring)
Color - pick a swatch so the status is easy to spot in the register
Treat risks in this status as closed / resolved - the open/closed toggle
Built-in safeguards (so reporting never breaks):
Keep at least one open and one closed status.
You can't delete a status that risks are using.
Names must be unique within the project.
Tab 2 - Risk types
Risk types are the categories used to classify risks - "such as Business, Technical, Schedule, Compliance or Security." They help you slice your register by the kind of risk.
Defaults: Business · Technical · Schedule · Compliance · Security (each with its own color).
To add or edit a type, click Add type, then set a Name and Color.
Safeguards:
Keep at least one risk type (every risk needs a category).
You can't delete a type that risks are using
Names must be unique.
Tabs 3 & 4 - Likelihood and Impact scales
These two tabs are the engine of risk scoring. Every risk is scored by picking one Likelihood value and one Impact value, and TestCollab multiplies their numbers to produce the risk's exposure.
Each scale value has three parts:
Name - what testers pick from (e.g., Possible)
Score - the number that drives the math (must be 1 or higher; "Higher score = higher likelihood. Drives the exposure calculation.")
Color
Default Likelihood scale:
Name | Score |
Rare | 1 |
Unlikely | 2 |
Possible | 3 |
Likely | 4 |
Almost certain | 5 |
Default Impact scale:
Name | Score |
Very low | 1 |
Low | 2 |
Medium | 3 |
High | 4 |
Critical | 5 |
With these defaults, exposure ranges from 1 (Rare × Very low) to 25 (Almost certain × Critical).
To add or edit a value, click Add likelihood / Add impact, then set the name, score, and color.
Safeguards:
Keep at least one value on each scale (you can't score a risk otherwise).
You can't delete a value that risks are currently scored with - re-score those affected risks first.
Names must be unique
⚠️ Important for admins - changing a score re-grades existing risks. Because exposure is likelihood × impact, editing a value's score updates the exposure of every risk already using it.
For example, raising Possible from 3 to 4 will recalculate and possibly re-band live risks across your project. This is intentional, but plan score changes deliberately - ideally before large numbers of risks are recorded.
Tab 5 - Exposure bands
Exposure is a number calculated as likelihood × impact. Exposure bands turn that number into a severity label everyone understands: Low, Medium, High, Critical - each with its own color, shown as a pill throughout the app.
This tab comes with a live matrix preview: as you adjust the thresholds, you immediately see how every likelihood × impact combination is colored. The four band names and their order are fixed; you control where each band starts and ends, and its color.
Default (4-band) scheme:
Band | Exposure range | Color |
Low | 1 – 3 | Green |
Medium | 4 – 8 | Yellow |
High | 9 – 14 | Orange |
Critical | 15 and up | Red |
What you can do here:
Adjust thresholds - set where each band begins; ranges stay contiguous (no gaps or overlaps), up to the maximum possible exposure for your scales (25 with the default 1–5 scales).
Change colors per band.
Add band / Remove band - removing a band merges its range into the neighbor. "Risks already classified keep their stored band until they are next scored."
Reset to the 4-band default, or Reset to the 3-class default (High / Medium / Low) for teams that prefer a simpler three-level scheme.
Save changes when you're done (nothing is applied until you save), or Discard unsaved changes.
Safeguard: you must keep at least 2 bands.
⚠️ Adjusting bands restates severity across the project. Changing a threshold doesn't change any risk's exposure number, but it can move risks into a different band. If a bank decides that anything scoring 12 or above is now Critical (instead of 15), more customer-impacting risks will light up red the next time the register loads.
Good practices for setting up
Start from the defaults. They're well-balanced; tweak only what doesn't match your vocabulary.
Agree your scales early. Likelihood and Impact definitions are the foundation - settle them before scoring many risks, since score changes re-grade existing risks.
Make "Critical" mean something specific. Tie your top impact level to a concrete business consequence (e.g., customer funds at risk, regulatory breach) so scoring stays consistent across testers.
Mirror your real lifecycle in Statuses, and be deliberate about which statuses count as closed - it directly affects your coverage and residual-risk numbers.