Effecting and measuring risk reduction in software development

This paper describes an application of SERUM (Software Engineering Risk: Understanding and Management), a risk management methodology, to the definition and prioritisation of changes in a network management system at NEC. SERUM makes use of two risk reduction strategies: (i) performing a business analysis as the means of establishing required system changes and (ii) using an evolutionary delivery mechanism as a means to implement those changes. SERUM also makes use of explicit risk management techniques. These are effected right at the start in the business analysis stage and through to the stage where evolutionary system changes are planned. As part of the planning process, SERUM uses a metric, Relative Risk Reduction Efficacy (RRRE), which helps to assess the risk-reducing effect of a system change. This metric, along with assessments of costs, benefits and development risks, enables system changes to be prioritised in preparation for implementing them in an evolutionary fashion.