Risk Management: Implicit and Explicit

Experience has shown that software development involves substantial risk. It follows therefore that risk must be addressed effectively within the software development process. This can be achieved by identifying risks explicitly at various stages in the process and then determining how best to deal with those risks. Alternatively, some (perhaps most) of the significant risks can be handled covertly by building risk reduction techniques into the development process. This paper argues that both forms of risk management are needed, with initial emphasis placed on the implicit approach as that is where the greatest return for effort is likely to be obtained. This point is illustrated by considering the earliest stages of requirements engineering for software in which the business context for change is examined. Two particular techniques are discussed: (i) Checkland and Wilson's Soft Systems Methodology (SSM); and (ii) Gilb's Evolutionary Delivery. In each case the implicit risk reduction value of the technique is identified and then the further advantage of an explicit risk treatment explored. This work is contributing to the development of RACE (Requirements Acquisition and Controlled Evolution), a new requirements engineering method.

[1]  B. Boehm Software risk management: principles and practices , 1991, IEEE Software.

[2]  Suresh L. Konda,et al.  Taxonomy-Based Risk Identification , 1993 .

[3]  S. B. Kiselev,et al.  The capability maturity model: guidelines for improving the software process , 1995 .

[4]  Tom DeMarco,et al.  Peopleware: Productive Projects and Teams , 1987 .

[5]  Andrew P. Sage,et al.  Behavioral and Organizational Considerations in the Design of Information Systems and Processes for Planning and Decision Support , 1981, IEEE Transactions on Systems, Man, and Cybernetics.

[6]  Dick Bowman,et al.  Principles of software engineering management , 1989, APLQ.

[7]  David W. Bustard,et al.  Progress Towards RACE: A 'Soft-Centered' Requirements Definition Method , 1994, Software Quality and Productivity.

[8]  Fred P. Brooks,et al.  The Mythical Man-Month , 1975, Reliable Software.

[9]  John Mingers,et al.  The Use of Soft Systems Methodology in Practice , 1992 .

[10]  Leslie P. Willcocks,et al.  Shaping the Future. Business Design Through Information Technology , 1991, J. Inf. Technol..

[11]  Telecommunications Agency,et al.  Introduction to the management of risk , 1993 .

[12]  Tom Gough Systems: Concepts, Methodologies and Applications (2nd Edition) , 1991 .

[13]  Des Greer,et al.  Towards an evolutionary software delivery strategy based on soft systems and risk analysis , 1996, Proceedings IEEE Symposium and Workshop on Engineering of Computer-Based Systems.

[14]  Desmond Greer,et al.  Enhancing Soft Systems Methodology with Risk Management Techniques , 1994 .

[15]  Robert N. Charette,et al.  Software Engineering Risk Analysis and Management , 1989 .

[16]  Barry W. Boehm,et al.  Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[17]  Mark C. Paulk,et al.  The Capability Maturity Model: Guidelines for Improving the Software Process , 1994 .

[18]  Brian Wilson,et al.  Systems: Concepts, Methodologies, and Applications , 1990 .

[19]  Yacov Y. Haimes,et al.  Assessment and Management of Software Technical Risk , 1994, IEEE Trans. Syst. Man Cybern. Syst..

[20]  Robert M. Hayes,et al.  Systems analysis and design , 1970, ACM '70.

[21]  Richard E. Fairley,et al.  Risk management for software projects , 1994, IEEE Software.