RISK MANAGEMENT IN SOFTWARE ENGINEERING
Instructor: Box Leangsuksun
PREPARED BY
PRASAD ARADYULA
ABSTRACT
Risk management is a process of identifying a risk, analyzing it and finding mitigation methodologies so as to reduce the negative consequences of that particular risk on the product. Every organization should implement this process of risk management to successfully accomplish the given task by reducing the risks that are affecting the organization to complete the task. Risk management doesnot completely removes the risk but the main aim is to identify the primary risks and give appropriate methodologies to mitigate the risk.
INTRODUCTION
Today all the organizations and industries involves with large scale projects , huge development costs and complex systems which requires multiple technologies to make progress in the projects and to accomplish within the allocated dead line time and for their development. This development must be in a systematic way and must be well structured so that they can manage the complexity and can make future maintenance and evolution of system. Therefore it is necessary to have systematic and structured approaches for the development of these complex systems.
Many Software engineers have attempted to provide the methodologies that are systematic and well structured that are lack in software development projects. Even though the projects are well guided, they still related with many different high risks. These risks will affect the growth of a software development projects in numerous ways like exceeding the allocated budget, missing the deadline of a project, time of accomplishment and more importantly not meeting the requirement of the product.
. Although risk taking is an essential to progress, and failure in it is key part of learning, it is not the thing that risks are unavoidable, just it is the inability to recognize and manage risks to reduce the negative consequences the software project have to face. So a process called risk management process should be present which can minimize the risks and can help in creating a new and better software. Moreover this risk management process is particularly difficult for large software projects and it cannot be handled in the same way as for small projects or by providing more resources for all development factors.
PURPOSE
This paper tries to give a overview how a risk is identified and what is the procedure to be followed for identifying a risk, assessing it and number of mitigation techniques to be used to reduce the negative consequences or completely removing the risk with the use of available managerial resources software projects can be managed efficiently in order to avoid risk and can obtain the desired outcome which meets the requirements . This paper illustrates the complexities of software development and discusses software engineering methods, techniques, notations for identification and managing of risks that occurs in software development projects.
Many risk analysis and risk management methods have been developed in order to reduce the affects of the risks to the various organizations
This study will systemize structure and discuss strengths and weaknesses of the risk management process in any organization.
2 Risk in Software Engineering
A software risk denotes a particular aspect of a development task, process, or environment, which, if ignored will increase the likelihood of project failure . The degree of risk is assessed either in quantitative terms as the probability of unsatisfactory events multiplied by the loss associated with their outcome, or in qualitative terms by referring to the uncertainty surrounding the project and the magnitude of potential loss associated with project failure.
Risk Management
Risk management is human activity which integrates recognition of risks, risk assessment and developing strategies to manage these risks and mitigation of risk with managerial resources.
The strategies employed to reduce the risk factor are as follows:
Ø Transferring the risk to another party
Ø Avoiding the risk
Ø Reducing the negative effect of the risk
Ø Accepting all the consequences of a particular risk.
The main objective ofrisk management is to reduce different risks related to a specific risk in any organisation. It may refer to any type of threats like threats caused by humans, environment,and other organizations. On the other hand it involves all means available for humans, or in particular, for a risk management entity (person, staff, organization).
General Strategies of risk management for any project will be as follows:
Ø foreseeing potential project problems.The main job of Risk officer is to plan how risk management to be held for a particular project. Plan should include risk management tasks to be undertaken, responsibilities of every individual, activities that are required and budget of the project.
Ø Assigning a risk officer - a team member other than a project manager should be assigned separately to look for all the risks that may cause to a particular project in any organisation
.
Ø Should maintain a project risk database. The following should be the attributes: opening date, title of the risk, short description about the risk, probability and importance of the risk and its impact upon the project
Ø Creating anonymous risk reporting channel. Each team member should have possibility to report risk that he foresees in the project.
Ø The risks that are chosen to mitigate are to be reduced by preparing mitigation plans. The purpose of the mitigation plan is to describe how this particular risk will be handled – how and at what time the plan is used so that it can reduce the negative consequences the organization have to face with that particular risk.
Ø Summarizing planned and faced risks while accomplishing the task, effectiveness of mitigation activities that are used to reduce the risk, and effort spent for the risk management.
The following are the steps involved in the risk management process
Ø Establishment of context
Ø Risk identification
Ø Risk assessment
Ø Risk analysis
Ø Risk Evaluation
Ø Risk Treatment
The following steps are elaborated below
Establishment of context :
Establishment of context involves
1) Identification of risk
2) Planning of remainder of process
3) Developing a frame work and a future plan for identification
4) Developing a risk analysis involved in the process
5) Mitigation of the risks by the available managerial resources
Risk Identification
Risk identification should be done in a methodological way so that all the significant activities of the organization are identified and all the risk associated with these activities are defined.
Some common risk identification methods are as follows:
1) Object based Risk Identification:
Each and every organization and its projects teams have their own objectives respectively. Any event that may endanger achieving objective partly or completely to that particular organization or project team is identified as risk.
2) Scenario-based Risk Identification:
For every project, different scenarios are created to accomplish the project. The scenarios may be the alternative ways to achieve an objective, or an analysis of the interaction of forces in, for example, a market or battle. Any event that triggers an undesired scenario alternative is identified as risk.
3) Taxonomy-based risk identification:
The taxonomy in taxonomy-based risk identification is a breakdown of possible risk sources. Based on the taxonomy and knowledge of best practices, a questionnaire is compiled. The answers to the questions reveal risks.
4) Common risk checking method:
In this method, a list of known risks are listed for every project. Each risk is checked for application at a particular situation. In this way, for every project all the risks that are listed are checked at a particular situation.
Risk Assessment
Risk assessment is the first step in the process of risk management. All organisations and industries uses this risk assessment process to estimate the risk associated and also to determine the potential threat to the organization with the particular risk.
With the help of risk assessment, Organisations identifies the appropriate actions that are to be taken in risk mitigation process to reduce the negative consequences or eliminating the total risk that are to be faced by the organization with that particular risk.
Risk Analysis
“The process of examining identified risks factors for probability of occurrence, potential loss and potential risk-handling strategies”.
As a part of risk management, the process of risk analysis is to create a risk register which includes the identification and quantify of a risk and its potential impact on the product.
This process is carried out by a group of 6 -10 members from different sections like project members, project manager, technicians etc. As Risk management is a continuous process , these group of people should meet at regular intervals and project milestones to look at the situation and and review the risk register to make any appropriate changes that are required to mitigate the risk and to reduce the consequences on the product associated with that particular risk.
Risk Evaluation
Risk evaluation is a decision- taking tool that enable the organization to identify the risk and analyzing , mitigating the risk with the available managerial resources.
With the help of Risk Evaluation, program manager anticipates and identifies program risks. This process has a set of activities that begins the process of managing risks.
The significance of the risk evaluation is that the program manager can take decisions about the significance of the risk to the organization and he can take decision to accept or treat that particular risk.
By the help of the risk evaluation, it can possible to look for the risks that are to be considered first because once we identify the major risk of the project , then it will be easy to accomplish the task.
Risk Mitigation
Once the identification, analyzing of the risk is completed , every organization should follow some techniques to manage the risk so as to accomplish the task efficiently and effectively.
It is impossible to completely remove all the risks occurs for a product in any organization. So Organisation should look for the techniques that helps to minimizes the negative affects that are caused by the risks.
Generally, risk Mitigation falls in five categories
Ø Risk Elimination
Ø Risk Reduction
Ø Transfer of Risk
Ø Risk Planning
Ø Acceptance of Risk
Risk Elimination
Risk Elimination ( also called as Risk Avoidance) is process of eliminating all the activites that includes risk. Elimination may be an answer to avoid risks, but eliminating activities means organizations may lose the potential gain that may come by accepting a risk.
For example, there is loss of profits for a person who don’t want to enter business to avoid risks in the future .
Risk Reduction
Risk reduction is a process of using methods that reduces the severity of loss. All Organisations that develop the required products develops software incrementally to reduce the affects of the risks on the product.
Transfer of Risk
Transfer of Risk is a method of reducing the affects of the risk in the organization. By transferring the selected risk to other department or other organization, an organization can be free from that risk and can continue to accomplish the remaining part of the task.
Risk Planning
Risk planning is a method of reducing the risk by prioritizing all the major risks and implementing them. By doing this, all the major risks are solved that will reduces the risk allocation time and organisations can effectively complete the task within the allocated time.
Acceptance of the Risk
This is the method of accepting the potential risk that organization faced and continue with the process and implementing controls to reduce the affect of that risk to an acceptable level.
References
1) Stoneburner, Gary; Goguen, Alice and Feringa, Alexis (July 2002). Risk Management Guide for Information Technology Systems.
2) Risk Management in Software Management and the source is from the link (http://www.theirm.org/publications/PUstandard.html).
3) Boehm, Barry W.. IEEE Software, Jan91, Vol. 8 Software risk management principles and practices.
4) Risk management from the link (http://www.sei.cmu.edu/risk/)
5) Software Risk Management by Dedolph, F.Michael, Bell Labs Technical Journal.
6) Software Risk Management.Preview By: Fairley, Michard E.. IEEE Software, May/Jun2005, Vol. 22 Issue 3