RISK MANAGEMENT IN
SOFTWARE ENGINEERING
Term Paper
By
Clive Matiku
CONTENTS
• Introduction
• Need for Risk Management
• Risk Management
Identifying risk
Analyzing
Prioritizing
Monitoring risks etc.
• Experiments
• Conclusion
• References
INTRODUCTION
What is Risk?
An event that may happen that will
negatively affect project success
What is Risk management?
It’s a practice with processes, methods and
tools for identifying , addressing and
eliminating software risks before they
negatively impact a project.
NEED FOR RISK MANAGEMENT
In Software development
New technology
• Challenging or unknown requirements
• Tight schedules
• Tight budget
•
Exposes software project to several types
of risk.
IMPLEMENTING RISK MANAGEMENT
Steps involved in risk management
• Identify risks
• Analyze risks
• Prioritize risks
• Plan
• Mitigate
• Monitor
• Communicate
IDENTIFY RISKS
• Generic risks
• Product specific risks
Factors to consider
• Technology risks
• Process risks
• People risks
• Customer risks
• Size risks, etc.
ANALYZE RISKS
• Transform Identified risk into decision
making information
• Each risk should be quantified by its
probability and impact.
• Assess the probability of occurrence in
future and estimate its cost.
PRIORITIZE RISKS
• Deal with the most important risks first
and should decide how many of these it
has the resources to mitigate.
Risk exposure(RE)=P*C
P=Probability of occurrence
C=Impact of loss
• After prioritization cut off determined.
Risk above cut off given attention.
PLAN
• Plan developed for each risk within cut off
Examples of risk planning action include
Get Information.
Contingency plan
Risk reduction
Risk acceptance
MITIGATE RISKS
•
Goal is to develop strategies to reduce
possibility or loss impact of risk.
Risk Avoidance -Not develop product
Risk Protection-fault tolerance
strategies.
• Team must do cost benefit analysis
MONITOR RISKS
• Documentation of risks summarize the
project’s risks well.
• Revisit risk to reevaluate each risk.
• Keep tracking reports for critical risks.
• More Information is gained about risk as
time goes. May alter risk profile.
COMMUNICATE RISKS
• Management, Team and Stakeholders
need to communicate
• Sharing of information important for
effective risk management
EXPERIMENTS & STUDIES
Perspective Based Risk Analysis
• University of Lund, Sweden.
• Investigate effectiveness compared to
traditional methods
• Software controlled train door system.
• Traditional method:- planning,
identification, determine likelihood and
consequence
EXPERIMENTS CONTD…
• Perspective based- same but planning had
perspective (software engineer, tester and
train staff)
Table 3. Results from the experiment[1].
Group La
Group Label
Applied
Treatment
# of Relevant
risks found
# of non
relevant risks
M1
M2
M3
T1
T2
T3
PBRA
PBRA
PBRA
TRA
TRA
TRA
14
19
13
7
9
10
3
0
1
0
0
1
PATTERNS FOR RISK
MANAGEMENT
• Project schedule laid out with goals, plan
& mitigation plans
• Mitigation plans may fail-project facing
critical problem
• During planning, define contingency plan
for each mitigation plan
• Contingency plan-activation of alternate
action plan to reduce same risk in within
same time
PATTERNS CONTD…
2.PATTERN: IMMINENT FIRST
• Activation of contingency plan more
expensive.
• Problem – attention may go most severe
risk instead of most urgent one
• Misses critical time to activate appropriate
contingency plan
• Solution is to present decision maker with
a list showing imminent first
PATTERNS CONTD..
How to create imminent first list
• Look at risk with contingency plan
separating the time frame into imminent,
near &far
• Imminent-contingency plan on critical
path & failing to activate will lead to
problems
• Near-near decision but not on it
• Far –where we are far from decision point
RISK MANAGEMENT
CONCLUSION
• Effective risk management focuses on
avoiding future problems.
• Understanding the factors under risk
management process and focus on
strategies mentioned could help build risk
free products.
References
1.
2.
3.
4.
Sulaman. S, Wnuk, K., Host, M., Perspective Based Risk Analysis-A
Controlled Experiment. Proceedings of the18th International
Conference on Evaluation and Assessment in Software
Engineering.
Weiler, M., Homsky, O, .Patterns for Risk Management in Projects.
Proceedings of the 15th European Conference on Pattern
Languages of Programs
Lobato, L., Neto, P, Machado, I. Alemida, E., Meira, S., Risk
Management in Software
Product Lines: An Industrial Case
Study. Proceedings of 1st International Conference on
Software
and System Process
Lobato, L., Bitter, T., Risk Management Approach for Software
Product Line
Engineering, Proceedings of Annual
Conference on Brazilian Symposium on Information
Systems
(May 2015, Brazil),