risk-management-in-software-engineering

Last updated Mar 6, 2023

1. Reactive

• crisis management mode –> burnout

2. Proactive

• more intelligent
• potential risks are identified long before technical work is initiated.
• probability and impact are assessed and ranked by importance
• can be used to reduce technical debt

1. Risk

• uncertainty
• Loss

2. Project risks

• budgeting
• scheduling
• staffing and organization
• requirements disarray
• project complexity
• structural uncertainty

3. Technical risks

• Design, Implementation, Interface, Verification, & Maintenenance problems
• Specification ambiguity
• technical uncertainty
• technical obsolescence
• usage of new technologies

4. Business risks

• building a product no one wants (market risk)
• building a product that doesn’t fit into business strategy (strategic risk)
• building a product that the sales team doesn’t know how to sell (sales risk)
• losing the support of senior execs (management risk)
• budget cuts (budget risks)

1. Maintain a global perspective
2. Take a forward-looking view.
3. Encourage open communication
4. Integrate
5. Emphasize a continuous process
6. Develop a shared product vision
7. Encourage teamwork

1. Generic risks
2. Product-specific risks

• product size: risks associated with the overall size of the software to be built or modified
• business impact: risks associated with constraints imposed by management or the marketplace
• stakeholder characteristics: risks associated with the sophistication of the stakeholders and the developer’s ability to communicate with stakeholders in a timely manner.
• process definition: risks associated with the degree to which the software process has been defined and is followed by the development organization.
• development environment: risks associated with the availability and quality of the tools to be used to build the product.
• technology to be built: risks associated with the complexity of the system to be built and the “newness” of the technology that is packaged by the system.
• staff size and experience: risks associated with the overall technical and project experience of the software engineers who will do the work.

1. Have managers formally committed to support the project?
2. Are end users committed to the product to be built?
3. Are requirements fully understood by the software engineering team and its customers?
4. Have customers been involved fully in the definition of requirements?
5. Do end users have realistic expectations?
6. Is the project scope stable?
7. Does the software engineering team have the right mix of skils?
8. Are project requirements stable?
9. Does the project team have experience with the technology to be implemented?
10. Is the number of people on the project team adequate to do the job?
11. Do all users agree on project importance?

Source: U.S. Air Force [AFC88]

1. Performance risk: the degree of uncertainty that the product will meet its requirements and be fit for intended use.
2. Cost risk: the degree of uncertainty that the project budget will be maintained
3. Support risk: the degree of uncertainty that the resultant software will be easy to correct,adapt, and enhance
4. Schedule risk: The degree of uncertainty that the project schedule will be maintained and that the product will be delivered on time.
5. Types of risk: negligible, marginal, critical, catastrophic

1. Establish a scale that reflects the perceived likelihood of a risk
2. Delineate the consequences of the risk
3. Estimate the impact of the risk on the project and the product.
4. Assess the overall accuracy of the risk projection so that there will be no misunderstandings

• can be determined by making individual estimates and then developing a single consensus value
• can use fuzzy logic to determine the characteristics that make software projects that are prone to failure.
• a weighted average can be used if one risk component has more significance for a project.
• fuzzy logic is a type of logic that recognizes more than simple true and false values. with fuzzy logic, propositions can be represented with degrees of truthfulness and falsehood. fuzzy logic has proven to be useful in artificial intelligence applications that involve making decisions involving incomplete or uncertain information.