An industrial case study of implementing software risk management

Explicit risk management is gaining ground in industrial software development projects. However, there are few empirical studies that investigate the transfer of explicit risk management into industry, the adequacy of the risk management approaches to the constraints of industrial contexts, or their cost-benefit. This paper presents results from a case study that introduced a systematic risk management method, namely the Riskit method, into a large German telecommunication company. The objective of the case study was (1) to analyze the usefulness and adequacy of the Riskit method and (2) to analyze the cost-benefit of the Riskit method in this industrial context. The results of (1) also aimed at improvement and customization of the Riskit method. Moreover, we compare our findings with results of previous case studies to obtain more generalized conclusions on the Riskit method. Our results showed that the Riskit method is practical, adds value to the project, and that its key concepts are understood and usable in practice. Additionally, many lessons learned are reported that are useful for the general audience who wants to transfer risk management into new projects.

[1]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[2]  Victor R. Basili,et al.  Risk Knowledge Capture in the Riskit Method , 1996 .

[3]  M. Patton Qualitative evaluation and research methods, 2nd ed. , 1990 .

[4]  Julian L. Simon,et al.  Basic research methods in social science , 1985 .

[5]  D Rasinski,et al.  Risk management in practice. , 1982, Der Internist.

[6]  Barry W. Boehm,et al.  Software Risk Management , 1989, ESEC.

[7]  Jyrki Kontio,et al.  Experiences in improving risk management processes using the concepts of the Riskit method , 1998, SIGSOFT '98/FSE-6.

[8]  Richard E. Fairley,et al.  Risk management for software projects , 1994, IEEE Software.

[9]  Larry Yu,et al.  Risk Management in Practice , 2002 .

[10]  Martina McGuinness,et al.  Against The Gods , 1999 .

[11]  Egon Berghout,et al.  The Goal/Question/Metric Method: , 2000 .

[12]  Robert N. Charette,et al.  Software Engineering Risk Analysis and Management , 1989 .

[13]  Jyrki Kontio,et al.  The Riskit Method for Software Risk Management, version 1.00 , 1997 .

[14]  David Loader,et al.  Against the Gods , 2002 .

[15]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[16]  S. French Decision Theory: An Introduction to the Mathematics of Rationality , 1986 .

[17]  M. Patton,et al.  Qualitative evaluation and research methods , 1992 .

[18]  Lionel C. Briand,et al.  Practical guidelines for measurement-based process improvement , 1996, Softw. Process. Improv. Pract..

[19]  Victor R. Basili,et al.  Empirical Evaluation of a Risk Management Method , 1997 .

[20]  C. Mahoney,et al.  Managing risk , 2011 .

[21]  Gerhard Getto,et al.  Risk Management in Complex Project Organizations: A Godfather-driven Approach , 1999 .

[22]  Barry Boehm,et al.  A collaborative spiral software process model based on Theory W , 1994, Proceedings of the Third International Conference on the Software Process. Applying the Software Process.

[23]  James W. DeLoach,et al.  Enterprise-wide risk management : strategies for linking risk and opportunity , 2000 .

[24]  Victor R. Basili,et al.  Experiences from an Exploratory Case Study with a Software Risk Management Method , 1996 .

[25]  John C. Groth,et al.  Common‐sense Risk Assessment , 1992 .