An empirical study on the implementation and evaluation of a goal-driven software development risk management model

Context: Building a quality software product in the shortest possible time to satisfy the global market demand gives an enterprise a competitive advantage. However, uncertainties and risks exist at every stage of a software development project. These can have an extremely high influence on the success of the final software product. Early risk management practice is effective to manage such risks and contributes effectively towards the project success. Objective: Despite risk management approaches, a detailed guideline that explains where to integrate risk management activities into the project is still missing. Little effort has been directed towards the evaluation of the overall impact of a risk management method. We present a Goal-driven Software Development Risk Management Model (GSRM) and its explicit integration into the requirements engineering phase and an empirical investigation result of applying GSRM into a project. Method: We combine the case study method with action research so that the results from the case study directly contribute to manage the studied project risks and to identify ways to improve the proposed methodology. The data is collected from multiple sources and analysed both in a qualitative and quantitative way. Results: When risk factors are beyond the control of the project manager and project environment, it is difficult to control these risks. The project scope affects all the dimensions of risk. GSRM is a reasonable risk management method that can be employed in an industrial context. The study results have been compared against other study results in order to generalise findings and identify contextual factors. Conclusion: A formal early stage risk management practice provides early warning related to the problems that exists in a project, and it contributes to the overall project success. It is not necessary to always consider budget and schedule constraints as top priority. There exist issues such as requirements, change management, and user satisfaction which can influence these constraints.

[1]  Timo Saarinen,et al.  An expanded instrument for evaluating information system success , 1996, Inf. Manag..

[2]  Tore Dybå,et al.  The Future of Empirical Methods in Software Engineering Research , 2007, Future of Software Engineering (FOSE '07).

[3]  Daniela E. Damian,et al.  Selecting Empirical Methods for Software Engineering Research , 2008, Guide to Advanced Empirical Software Engineering.

[4]  R. Yin Case Study Research: Design and Methods , 1984 .

[5]  Kalle Lyytinen,et al.  Components of Software Development Risk: How to Address Them? A Project Manager Survey , 2000, IEEE Trans. Software Eng..

[6]  Mira Kajko-Mattsson,et al.  Integrating risk management with software development : State of practice , 2008, IMECS 2008.

[7]  Azlinah Mohamed,et al.  Risk factors in software development projects , 2007, ICSE 2007.

[8]  Shareeful Islam,et al.  Integrating risk management activities into requirements engineering , 2010, 2010 Fourth International Conference on Research Challenges in Information Science (RCIS).

[9]  Mark Keil,et al.  Software project risks and their effect on outcomes , 2004, CACM.

[10]  Siv Hilde Houmb,et al.  Offshore-outsourced software development risk management model , 2009, 2009 12th International Conference on Computers and Information Technology.

[11]  Yacov Y. Haimes,et al.  Risk associated with software development: a holistic framework for assessment and management , 1993, IEEE Trans. Syst. Man Cybern..

[12]  Islam,et al.  Towards an Integrated Approach to Requirement Engineering , 2009 .

[13]  Paul L. Bannerman,et al.  Risk and risk management in software projects: A reassessment , 2008, J. Syst. Softw..

[14]  Shari Lawrence Pfleeger,et al.  Principles of survey research: part 1: turning lemons into lemonade , 2001, SOEN.

[15]  Christopher J. Alberts,et al.  Continuous Risk Management Guidebook. , 1996 .

[16]  Kalle Lyytinen,et al.  A framework for identifying software project risks , 1998, CACM.

[17]  Shareeful Islam,et al.  Software development risk management model: a goal driven approach , 2009, ESEC/FSE Doctoral Symposium '09.

[18]  Say Wei Foo,et al.  Software risk assessment model , 2000, Proceedings of the 2000 IEEE International Conference on Management of Innovation and Technology. ICMIT 2000. 'Management in the 21st Century' (Cat. No.00EX457).

[19]  Eva Geisberger,et al.  Requirements Engineering Reference Model (REM) , 2007, Softwaretechnik-Trends.

[20]  Peter Kaiser,et al.  An industrial case study of implementing software risk management , 2001, ESEC/FSE-9.

[21]  Shareeful Islam,et al.  Towards a Framework for Offshore Outsource Software Development Risk Management Model , 2011, J. Softw..

[22]  Barry W. Boehm,et al.  Using the WinWin Spiral Model: A Case Study , 1998, Computer.

[23]  Gary Klein,et al.  Software development risks to project effectiveness , 2000, J. Syst. Softw..

[24]  Frank J. Sisti,et al.  Software Risk Evaluation Method Version 1.0. , 1994 .

[25]  Kurt R. Linberg Software developer perceptions about software project failure: a case study , 1999, J. Syst. Softw..

[26]  Geoffrey G. Roy,et al.  A risk management framework for software engineering practice , 2004, 2004 Australian Software Engineering Conference. Proceedings..

[27]  Robbie T. Nakatsu,et al.  A comparative study of important risk factors involved in offshore and domestic outsourcing of software development projects: A two-panel Delphi study , 2009, Inf. Manag..

[28]  Robert L. Glass Software Runaways: Monumental Software Disasters , 1997 .

[29]  Per Runeson,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009, Empirical Software Engineering.

[30]  Shari Lawrence Pfleeger,et al.  Preliminary Guidelines for Empirical Research in Software Engineering , 2002, IEEE Trans. Software Eng..

[31]  Kalle Lyytinen,et al.  Identifying Software Project Risks: An International Delphi Study , 2001, J. Manag. Inf. Syst..

[32]  T. Moynihan,et al.  How Experienced Project Managers Assess Risk , 1997, IEEE Softw..

[33]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[34]  Mark Keil,et al.  Understanding software project risk: a cluster analysis , 2004, Inf. Manag..

[35]  Dale Karolak,et al.  Software engineering risk management , 1995 .

[36]  June M. Verner,et al.  Case study: factors for early prediction of software development success , 2002, Inf. Softw. Technol..

[37]  Manfred Broy,et al.  A meta model for artefact-orientation: fundamentals and lessons learned in requirements engineering , 2010, MODELS'10.

[38]  Edzreena Edza Odzaly,et al.  Software risk management barriers: An empirical study , 2009, ESEM 2009.

[39]  Steve McConnell,et al.  Rapid Development: Taming Wild Software Schedules , 1996 .

[40]  John W. Creswell,et al.  Research Design: Qualitative, Quantitative, and Mixed Methods Approaches , 2010 .

[41]  Mary Beth Chrissis,et al.  CMMI: Guidelines for Process Integration and Product Improvement , 2003 .

[42]  Software Engineering Risk Management: A Just-in-Time Approach , 1995 .

[43]  Y. Kwak,et al.  Project risk management: lessons learned from software development environment , 2004 .

[45]  Robert M. Davison,et al.  Principles of canonical action research , 2004, Inf. Syst. J..

[46]  Rafael Prikladnicki,et al.  Risk Management in Distributed IT Projects: Integrating Strategic, Tactical, and Operational Levels , 2006, Int. J. e Collab..

[47]  Robbie T. Nakatsu,et al.  A risk profile of offshore-outsourced development projects , 2008, CACM.

[48]  Manfred Broy,et al.  Requirements Engineering as a Key to Holistic Software Quality , 2006, ISCIS.

[49]  Jyrki Kontio,et al.  Software engineering risk management : a method, improvement framework, and empirical evaluation , 2001 .

[50]  Suzanne Rivard,et al.  Toward an Assessment of Software Development Risk , 1993, J. Manag. Inf. Syst..

[51]  Jyrki Kontio,et al.  Experiences in improving risk management processes using the concepts of the Riskit method , 1998, SIGSOFT '98/FSE-6.

[52]  Axel van Lamsweerde,et al.  Requirements Engineering - From System Goals to UML Models to Software Specifications , 2009 .

[53]  Bernhard Schätz,et al.  Model-Based Development of Embedded Systems , 2002, OOIS Workshops.

[54]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[55]  Shari Lawrence Pfleeger Risky business: what we have yet to learn about risk management , 2000, J. Syst. Softw..