2 Risk Management
Introduction:
In every activity of human life there is a risk. The person who manages the risk efficiently is a successful person. On the other hand, to avoid risk some people drop many activities in their life. Therefore, such people cannot progress well in this competitive world. In the same way risks play a major role in software development also. In order to face challenges in software life cycle risk management techniques must be applied. The main objective of this chapter is to introduce the risk management techniques and to explain the role of risk management for quality management. This chapter also tries to explain the impact of Risk in software Quality and suggests the methods used to measure software risk.
A risk is a potential problem – it might happen and it might not, this is uncertainty. However it must be managed. In a Software project, we don’t know whether a new problem that will have a negative impact on the project will occur or not. The risk may be coming from people who are newly recruited, from a newly added code or from virus and other problems. The software project manager and the developers must expect risk and must handle them effectively whenever they occur. In a Software project, risk may occur due to poor planning, collection of incomplete requirements, design errors and implementation problems. All this may lead to loss and the project leader must compute the risk exposure based on size of loss and the probability of loss. Risk is different from a problem since, problem is an event which has already occurred but risk is unpredictable.
Risk management paradigm
The Risk management paradigm consists of six steps namely Risk identification, Risk analysis, Planning of risk management, Risk tracking, Control of risk and Risk communication.
- Identify: Search for the risks before they create a major problem
- Analyze: understand the nature , kind of risk and gather information about the risk.
- Plan: convert them into actions and implement them.
- Track: we need to monitor the necessary actions.
- Control: Correct the deviation and make any necessary amendments.
- Communicate: Discuss about the emerging risks and the current risks and the plans to be undertaken.
Risk Management in Software Engineering
Risk management in software engineering is related to the various threats including virus and other types of harms that will create problems to the software development. It could be possible on the software due to some minor or non-noticeable mistakes in the software development project or process. “Software projects have a high rate of failure and hence, effective software development techniques along with risk analysis must be provided. In software engineering, risk management is the most important challenge which is to be addressed by the software project management team. During the life cycle of software projects, various risks are associated with them in all the phases. These risks in the software projects are identified and managed by software risk management team which is a part of software project management team. Some of the important aspects of risk management in software engineering are software risk management, risk classification and strategies for risk management.
In software development, risk can be managed either reactively or proactively. In the proactive risk management preventive steps are taken in such a way that risks are minimized. On the other hand in reactive risk management, risks prevention measures are taken only after they occur in the code or design documents.
Risks are categorized into three categories by Pressman namely project risk, technical risk and business risk. Project risks are occurring due to lateness in schedule and the application of old methods. Technical risks occur due to change in platform, hardware, network and software. Business risk is depending on the money invested, money spent and current state of the industry. The scope of all this risks are not limited to software alone.
Risk can be categorized in many other ways also. If they are cate gorized by type the potential risk will be known, predictable and unpredictable. Risk can be categorize by drivers namely performance, schedule, cost and support. With respect to shortfall of time, money, resource and information. Based on lifecycle phases, risk can be classified into analysis, design, coding, implementation. Finally, risk can be classified based on their impact namely mild, moderate, severe and catastrophic. Another classification is by likelihood namely doubtful, questionable and probable.
The top 10 risks identified by pressman are :
- No Management Support
- No Enthusiastic Commitment
- Requirements Not Understood
- Requirements not Defined by Customers
- Too-Great Expectations
- Unstable Project Scope
- Unbalanced Development Team
- Unstable Requirements
- Insufficient Experience and Inadequate Staffing
Similarly the top 10 risks are identified by Boehm’s for software quality include Personnel shortfalls, Unrealistic schedules and budgets, Developing wrong software functions, Developing wrong user interface, Gold Plating, Continuous requirement changes, Shortfalls: external components, Shortfalls: externally-performed tasks, Shortfalls: real- time performance and Strained capabilities
In both the ordering some metrics are given importance namely requirement analysis and staffing. If these two risks are handled properly, the risks can be reduced to a maximum extent. However due to Pressman, the top level risks are associated with the customer, developer, team stability, technology used and schedule and budget.
On other hand, in the Boehm list, developers are given more importance than the customers. From these two view points, it can be seen that the development team is more important and it must be stable for success of the software project.
In many industries, the risks occurred and managed are on the production team, schedule and budget as given in Boehm’s list
A formal definition for risk: A risk is defined as an event that a probability of occurrence and which has an impact on the project.
A risk can be expressed as a triplet:
< ri , pi ,xi >, where
• r is the particular risk
• p is the probability of the risk occurring
• x is the potential loss
Best Risk Management Techniques
They are four approaches for risk management. They are
- eliminating the risk,
- monitoring the situation,
- managing the risk by decreasing its probability and
- planning of contingencies for risk management.
For example, when we go for a picnic by a car with family we can avoid the risk by not using the car. We can monitor the situation by checking the tread? and pressure. We can manage the risk by insisting on car with puncture proof tyres. We can plan contingencies by carrying spare parts. Similar type of risk management should be carried out in software development also. There are four steps in risk management. They are risk identification, determining the likelihood of risk, assessing the impact and managing the risk.
In risk identification, we can use a checklist or we can apply the past experience of domain experts or managers. It can be identified using others and by optimistic approach. In a picnic trip, potential risks include bad weather, transportation trouble and personal injuries. However, the scope for risk identification is high including risk in each and every component of the car, running out to of gas, locking keys inside the car etc. similarly, in software development also potential risks are due to the hardware, networks, operating systems, database systems, power failure, disk failure and so on will occur. It is necessary to identify all these for better risk management.
For determining the likelihood of risk, in a picnic example personal injury is one risk which is likely due to insect bite and sunburn. It is possible due to sprains. It is imp robable due to food poisoning and other reasons. It is extremely unlikely for events such as bear attack and snake bite. In software development also the likelihood of all the risks must be listed out for effective risk handling.
The next step in risk management is assessment of the impact on risk for example, in the picnic scenario if there is a rainy weather, there is a miserable weekend. Similar to these, in software development if there is a virus attack, there will be a bad day of work in the office.
Finally, the risk management process needs the effective management of risk. In a rainy day, for the picnic example, having the indoor activity is one type of risk management activity one can perform. In the similar way, the software developme nt also risks should be managed efficiently.
According to Pressman, risk in software engineering can be represented as the triplet < r, p, x > repetition. In this,
r can occur to varying degrees
p is often VERY hard to calculate
x often difficult to measure, much less predict
“If it was well- understood and easily measured, it probably wouldn’t be a risk”
Pressman’s Example
Pressman provides the following example to compute the risk exposure (RE)
r: only 70% of scheduled-to-be- reused software will actually be available
p: 80%
- x: 18 developed from scratch, at 100 LOC (average) and $14/LOC, x = $25,200
- r: only 60% of scheduled-to-be-reused software is actually be available
- p: 90%
- x: 24 developed from scratch, at 110 LOC (average) and $15.40/LOC, x = $40,656
RE = p·x = $36,590, (vs $20,200 in Pressman) (+81%)
From this example, it can be observed that the values of r,p and x are all important with respect to effective risk management.
Summary
- “The goal of software risk management is not to guarantee success, but rather to prevent crisis situations” [Fairley90].
- The developer in a software project must have an awareness that all projects have problems, and overtly plan to minimize their effect.
Web Links