RISK MANAGEMENT

*Thanks to acidcraze for sharing on YouTube.

If we think about the possibilty of robbery of house event, we certainly know that we can change the probability of this uncertainty by changing the conditions at home. For example, securing the home with an alarm system is the first thing that comes to mind. This is a part of security actions to prevent this possible event. By this manner, we actually try to control this uncertainty, risk, in other words; we actually try to manage the risk.

We can deal with risks like a regular activity in our life, but, in our business and in our organization, we have to manage these possibilities of loss, in more attentive toward and in a formal way. By this perspective, Risk Management field has come into existence and has been gained popularity in challenging environment of the world.

Every organization or business has a mission to accomplish. Their management should provide that the work to accomplish the mission should go in its expected way by identifying and preventing the risks before those risks arise in a problem; in other words by including risk management in their regular management process.

By this view of point, risk management has vital importance to all size of companies, organizations, business units or projects in different markets and sectors. The management group should understand and should accept the importance of risk management.

Formally, Risk Management can be defined as the process of identifying, assessing the risk and developing strategies to manage it [4]. Strategies may include transferring the risk to another party, avoiding it, reducing the negative effect, and accepting some or all of the consequences of a risk.

In different markets or sectors there are different types of risks and so, the risk management procedures and techniques vary in their application ways but the target is same; putting the risks under control and accomplishing the mission as expected.

For example, a corn field has different risks than a financial credit company, or than a software development project. These days, with their industry specific risks, software development projects have very important role in this challenging world and should be managed by considering and including the risk management activities to reach the success.

Risk Management in Software Development Projects

In today’s world, software development is a big market. In U.S. only, according to the CHAOS 2004 report [5], total software project spending was $255 billion in a year. Only 29% of those projects have been finished, successfully; 18% of the projects have failed without giving any delivery, and the other part, 53% of the projects have been finished with overtime or over their budget. According to the statistics, simply $55 billion was waste, just in the year 2004 [5].

Those statistics gives very negative opinion about the reliability of software project management steps. According to another research, 45% of the project failures, over time and budget issues could be controlled and resolved by the project management group.

Software development projects have important limits on 3 key factors to be counted as a successful project;

• Time
• Budget
• Requirements

A successful software development project should be completed in estimated time and budget with the satisfaction of all requirements. Any uncertainty, possibility of loss in project processes may result in problems with any of those 3 key factors and the project may become a part of the statistics which corresponds to the 71% of all projects with a stamp of failure, overtime or over budget.

“In a development project, the loss describes the impact to the project which could be in the form of diminished quality of the end product, increased costs, delayed completion, loss of market-share, or failure.” [2]

In the frame of this unpleasant picture, considering the competition in the sector, user satisfaction, shrinking margins of profit and significantly fast technological changes, the risk management in the software development projects is not option but an obsolete necessity, a must. All software projects have some level of risk associated with them, even if the product under development is simply another version of an existing system or product. In every size of project, risk management should be a part of project management process.

Many initiatives and studies in academic environments, government and private sector have been done about the risk management concepts for projects after late 1980s. Some methodologies have been developed and published in the industry.

All the developed risk methodologies conducted by different organizations have these 3 fundamental objectives [6]:

• Risk prevention
• Risk mitigation and correction
• Ensuring safe system failure

To achieve these 3 fundamental objectives, risk management methodologies should have some important principles; shared product vision, teamwork, global perspective, forward-looking view, open communication, integrated management and continuous process (illustrated in Figure 2) [6].

Shared product vision

• sharing product vision based upon common purpose, shared ownership, and collective commitment
• focusing on results

Teamwork

• working cooperatively to achieve a common goal
• pooling talent, skills, and knowledge

Global perspective

• viewing software development within the context of the larger system-level definition, design, and development
• recognizing both the potential value of opportunity and the potential impact of adverse effects, such as cost overrun, time delay, or failure to meet product specifications

Forward-looking view

• thinking toward tomorrow, identifying uncertainties, anticipating potential outcomes
• managing project resources and activities while anticipating uncertainties

Open communication

• encouraging the free flow of information between all project levels
• enabling formal, informal, and impromptu communication
• using consensus-based process that values the individual voice (bringing unique knowledge and insight to identifying and managing risk)

Integrated management

• making risk management an integral and vital part of project management
• adapting risk management methods and tools to a project’s infrastructure and culture

Continuous process

• maintaining constant vigilance
• identifying and managing risks routinely throughout all phases of the project’s life cycle

If we look at the software development projects in a global perspective, a typical software project involves technology, hardware, software, people, cost, and schedule. And all parts of this development system are potential sources for software risks. So, while the system complexity increasing, the risks are becoming harder to manage (Figure 3) [6].

Figure 3: Risk / System Complexity Graph

Apparently, there is an increasing need for more systematic methods and tools to provide risk management procedure under control and widely in all parts of the software development system. Many managers believe that they are managing risk in its multifaceted dimensions but actually they are merely managing cost and schedule along with limited isolated cases.

Lots of work, studies, theories and methodologies exist on the process of risk management but the majority of these studies are devoted to theories and methodologies that have not been subjected to the test of practice [6]. Software Engineering Institute at Carnegie Mellon University developed some risk management methodologies and theories that have been successfully deployed and tested in the field and they have stated SEI Risk Program.