Risk Management in Software Engineering

Sunil Sapkota Advanced Software Engineering 10/20/11

Risk Management in Software Engineering

Introduction:
The term risk is defined as the potential future harm that may arise due to some present actions as explained in Wikipedia. Risk management in software engineering is related to the various future harms that could be possible on the software due to some minor or non-noticeable mistakes in software development project or process. Software projects have a high probability of failure so effective software development means dealing with risks adequately www.thedacs.com!." Risk management is the most important issue involved in the software project development. This issue is generally managed by #oftware $roject %anagement #$%!. &uring the life cycle of software projects' various risks are associated with them. These risks in the software project is identified and managed by software risk management which is a part of #$%. #ome of the important aspects of risk management in software engineering are software risk management' risk classification and strategies for risk management.

Software Risk Management:

*. Risk Index: +enerally risks are categori,ed into two factors namely impact of risk events and probability of occurrence. Risk index is the multiplication of impact and probability of occurrence. Risk index can be characteri,ed as high' medium' or low depending upon the product of impact and occurrence. Risk index is very important and necessary for prioriti,ation of risk (oodat' (. ) Rashidi' (.!. -. Risk Analysis: There are quite different types of risk analysis that can be used. .asically' risk analysis is used to identify the high risk elements of a project in software engineering. /lso' it provides ways of detailing the impact of risk mitigation strategies. Risk analysis has also been found to be most important in the software design phase to evaluate criticality of the system' where risks are analy,ed and necessary counter measures are introduced (oodat' (. ) Rashidi' (.!. The main purpose of risk analysis is to understand risks in better ways and to verify and correct attributes. / successful risk analysis includes important elements like problem definition' problem formulation' data collection (oodat' (. ) Rashidi' (.!. 0. Risk Assessment: Risk assessment is another important case that integrates risk management and risk analysis. There are many risk assessment methodologies that focus on different types of risks. Risk assessment requires correct explanations of the target system and all security features (oodat' (. ) Rashidi' (.!. 1t is important that a risk referent levels like performance' cost' support and schedule must be defined properly for risk assessment to be useful.

Risk Classification:

The key purpose of classifying risk is to get a collective viewpoint on a group of factors. These are the types of factors which will help project managers to identify the group that contributes the maximum risk. / best and most scientific way of approaching risks is to classify them based on risk attributes. Risk classification is considered as an economical way of analy,ing risks and their causes by grouping similar risks together into classes (oodat' (. ) Rashidi' (.!. #oftware risks could be classified as internal or external. Those risks that come from risk factors within the organi,ation are called internal risks whereas the external risks come from out of the organi,ation and are difficult to control. 1nternal risks are project risks' process risks' and product risks. 2xternal risks are generally business with the vendor' technical risks' customers3 satisfaction' political stability and so on. 1n general' there are many risks in the software engineering which is very difficult or impossible to identify all of them. #ome of most important risks in software engineering project are categori,ed as software requirement risks' software cost risks' software scheduling risk' software quality risks' and software business risks. These risks are explained detail below (oodat' (. ) Rashidi' (.!. #45TW/R2 R2671R2%28T R1#9# *.:ack of analysis for change of requirements. -.;hange extension of requirements 0.:ack of report for requirements <.$oor definition of requirements =./mbiguity of requirements >.;hange of requirements ?.1nadequate of requirements

@.1mpossible requirements *A.1nvalid requirements

#45TW/R2 ;4#T R1#9# *.:ack of good estimation in projects -. 7nrealistic schedule 0.The hardware does not work well <.(uman errors =.:ack of testing B. :ack of monitoring >.;omplexity of architecture ?.:arge si,e of architecture @.2xtension of requirements change *A.The tools does not work well **.$ersonnel change' %anagement change' technology change' and environment change *-.:ack of reassessment of management cycle

#45TW/R2 #;(2&7:18+ R1#9# *.1nadequate budget -.;hange of requirements and extension of requirements 0.(uman errors

<.1nadequate knowledge about tools and techniques =.:ong-term training for personnel B.:ack of employment of manager experience >.:ack of enough skill ?.:ack of good estimation in projects

#45TW/R2 67/:1TC R1#9# *.1nadequate documentation -.:ack of project standard 0.:ack of design documentation <.1nadequate budget =.(uman errors B.7nrealistic schedule >.2xtension of requirements change ?.$oor definition of requirements @.:ack of enough skill *A.:ack of testing and good estimation in projects **.1nadequate knowledge about techniques' programming language' tools' and so on

Strategies for Risk Management:

&uring the software development process various strategies for risk management could be identified and defined according to the amount of risk influence. .ased upon the amount of risk influence in software development project' risk strategies could be divided into three classes namely careful' typical' and flexible .oban' %. et.!. +enerally' careful risk management strategy is projected for new and inexperienced organi,ations whose software development projects are connected with new and unproven technologyD typical risk management strategy is well-defined as a support for mature organi,ations with experience in software development projects and used technologies' but whose projects carry a decent number of risksD and flexible risk management strategy is involved in experienced software development organi,ations whose software development projects are officially defined and based on proven technologies .oban' %. et.!.

Conclusion:
1n this way' software risk management' risks classification' and strategies for risk management are clearly described in this paper. 1f risk management process is in place for each and every software development process then future problems could be minimi,ed or completely eradicated. (ence' understanding various factors under risk management process and focusing on risk management strategies explained above could help in building risk free products in future.

References:

*. (oodat' (.' ) Rashidi' (. -AA@!. E ;lassification and /nalysis of Risks in #oftware 2ngineering". World /cademy of #cience' 2ngineering ) Technology' =B<<B-<=-. Retrieved from 2.#;4host. -. .oban' %.' $o,gaj' F.' #ertic' (. E #trategies for successful software development risk management"' Gwww.efst.hrHmanagementHIol?8o---AA0H<-boban-po,gaj-sertic.docJ 0. ERisk %anagement" GhttpKHHen.wikipedia.orgHwikiHRiskLmanagementJ <. E#oftware 2ngineering RiskK 7nderstanding ) %anagement #2R7%!" GhttpKHHwww.thedacs.comHdatabasesHurlHkeyH->AH->>H0=0=J.