TERM PAPER: Risk management in software engineering
CSC 532 Advanced Software Engineering
Vijaya Sankar Karri
Louisiana Tech University
Table of contents
Abstract
1. Introduction
2. Risk Management Concepts
3. Framework Overview
4. The principles of risk management
5. Risk management in project management
6. Conclusion
7. References
Page No
1
2
3
4
5
5
6
Term Paper
Vijaya Sankar Karri
RISK MANAGEMENT
vsk007@latech.edu
Abstract
Basically in software engineering risk management is an important part of project
management. This term paper gives a detail introduction to the risk management concepts,
overview of a framework. The main goal of the risk management framework is to reduce
the chances of uncertain events, and to maintain all possible outputs under tight
management. Risk management has to making judgments about various types of risk,
software development risk, operational risk, and information security risk etc.
The risk management framework is mainly intended for risk management principles for
improving the quality of software development.
1. Introduction
Even if most of the organizations uses risk management framework while developing
software development system. The framework is used as a foundation for comprehensive
risk management methodology and it also provide help for evaluating and improving
software’s risk management practice.
The risk management framework can be applied in all phases of the system development
life cycle. And it also can be used to demonstrate the management of different types of risk.
The technical report provides the detailed introduction for risk management framework,
risk management concepts, framework overview, the principles of risk management, Risk
management in project management.
The main purpose of this report is to provide the risk management framework to manage
risk effectively. This document provides specific methods, tools, and techniques for
managing different types of risk.
2. Risk Management Concepts
2.1 Definition of Risk:
Risk is the possibility of suffering loss. [Doro fee 1996].
Risk is a future harm that might occur or might not be occur we don’t know.
2.2 Conditions of Risk:
The following three conditions must be satisfied [Charette 1990]:
1. The potential for loss must exist.
2. Not clear with respect to the consequent outcome must be present.
3. Decision or choice is required to deal with the uncertainty loss.
2.3 Types of Risks:
 Generic risks: generic threats across all projects.
Example: changing of requirements, loss of team members.
 Product Specific Risks: high level risks associated with the type of product being
developed.
 For example: availability of testing resources.
 Project Risks: Project risks affects resources or project schedule.
 Product Risks: This type of risk affects performance of software or product quality.
2.4 Risk measures:
There are three kinds of measures
Probability-It is a measure of the likelihood that a threat will occur.
Impact- It is a measure of the loss that occur when threat is realized.
Risk exposure- It helps to measure the magnitude of a risk
2.5 Risk Management Paradigm:
Figure 1: Risk Management Paradigm
Control: It can control the risks in management system.
Identify: In this phase we have to search for the risks before it create a problem.
Analyze: Analyze the nature, type of risk and collect information about the risk.
Plan: In this phase it converts into actions and implement.
Communicate: Discuss about the emerging risks and the current risks and the plans to be
undertaken.
Track: We have to guide the important actions.
3. Framework Overview:
There are three phases of the framework.
Figure 2: Framework Structure
Prepare for risk management (Phase 1):
This is phase is get ready for next two phases. And it can be completed before activities in the other
phases are executed.
Perform risk management (Phase 2):
This phase is used to manage risk. In this phase activities are performed to manage over
time.
Sustain and improve risk management (Phase 3):
In this phase the activities are used to indicate the improvements of risk management.
Dataflow diagrams:
Figure 3: Dataflow diagram.
Inputs—this is an item that is used by a phase to produce an output.
Outputs—the results that can be produced by a phase.
Constraints—items that restrict the execution of a phase and its activities
Resources—items that are used while execution of a phase and its activities
4. The principles of risk management
 Global perspective: In this principle it can consider large system design and
implement.
 Forward looking view: In this principle we have to find possible risks and we also
try for getting solution for those risks.
 Open Communication: This principle provides the communication between the
customers and team and for can get some clarity about the risks.
 Integrated management: It can integrate some risks and finding the solution for
those two risks at a time.
5. Risk management in project management:
The project management can be deals with following steps
 Planning: In this step the main intension is to get good results, and which strategies
to be applied to manage the risk.
 Directing: In this step it provides the Communication between customer and team
member and exchange the ideas can be performed.
 Controlling: Evaluation for the risk management can be done in this phase.
 Organizing: In this phase organizing the things can be done, and due to this it gives
good efficiency.
6. Conclusion
 For managing the risks we have to establish a good bondage between the team
members and customer.
 A good base about risk management could give a best deal in handling the risks.
 Risk not always is negative and it is an opportunity to develop our projects in a
better way with good results.
References:
 Christopher J. Alberts, Audrey J. Doro fee. Risk Management Framework,
TECHNICAL REPORT CMU/SEI-2010-TR-017 ESC-TR-2010-017
 Charette, Robert N. Application Strategies for Risk Analysis. New York, NY: McGrawHill Book Company, 1990.
 Kontio, Jyrki: Software Engineering Risk Management: A Method, Improvement
Framework, and Empirical Evaluation.
 http://en.wikipedia.org/wiki/Risk_management