Beruflich Dokumente
Kultur Dokumente
Abstract— Risk Management in software projects has been tools implement simulation techniques to help RM, but only
increasingly its importance and value, being pointed as an in specific RM processes, without a holistic approach.
important basis of project success. However, many projects are Some areas of RM have received high attention in the
still carried out without giving importance to this knowledge literature, as it is the case of the risk identification process
area. This work discusses some of the main aspects of Risk [2]. However, the current methodologies are very dependent
Management and introduces the concept of collaborative work on the projects stakeholders’ sensibility and risk perception.
in risk management. It is presented a work-in-progress that In software projects this issue is amplified, because of the
aims to contribute to a better understanding of the different many variables that must be considered like, for instance, the
attitudes towards risk and the impact that this may have on
need to deal with new technologies or with new knowledge
risk assessment.
areas [9]. Several authors built lists of the most common
Keywords- Project Management, Risk Management, errors in RM in software projects. However, they realize that
Software Projects, Risk Identification the perception of risk differs with the type of stakeholders,
culture and time [9, 10].
Simulation can represent an interesting approach to
I. INTRODUCTION identify analyze and explore the impact of risks. The risks
In their lifecycle, companies develop many projects can be imitated through a model that allows the analysis and
under hard conditions. Time pressure, limited budgets and exploration of new hypotheses without compromising the
high stakeholders’ expectations are some examples; all of real system [11]. For instance, it would be useful to have a
them performed in an uncertain and constantly changing simulation process to enable not only a better risk
world. Managing all these issues represents a complex and identification, but also to enable analyzing how the
demanding challenge where the room for error is getting combination of risks can lead to new risks (combined or
smaller all the time [1]. singular). Moreover, the simulation would also help to get a
Projects have an unpopular reputation of failure, better understanding on how the risks evolve over time.
especially software projects [2-4]. Every year, huge amounts The paper is organized as following. After providing a
of financial resources are loss due project’s failures [5-7]. work contextualization in the introduction, Section 2 outlines
Project’s failures may involve a high waste of material and some of the main concepts, tools and techniques of the Risk
intangible resources (e.g. monetary, motivation, and Management (RM) knowledge area. Section 3 describes the
deterioration of company brand). With the actual economic concept and idea of our contribution to Risk Management in
reality, these consequences may cause a huge and the planning phase. Finally, it will be presented some final
irreversible impact on organizations. remarks regarding to the proposed work.
Periodically, research results and organizations reports
are published identifying some of the causes behind the II. RISK MANAGEMENT
project failures, such as the Standish Group’s CHAOS RM describes a set of methods and techniques to
Report. The poor attention given to the Risk Management identify, analyze and manage potential problems before they
(RM) throughout the project life cycle is one of top the occur, increasing the probability of project success [9].
problems identified in these studies [2, 3, 5, 8]. Frequently risk is associated with negative events, excluding
There are several references that include and describe the opportunities it can bring. In the business world, risk is
RM best practices, but there is a gap in software tools to help always present and is considered a condition for progress and
RM process based on existing models (e.g. PMBoK). For innovation. Risks arise when looking for opportunities with
instance, Microsoft Project 2010 (probably the worldwide limited resources in uncertainty contexts. Since we cannot
most used PM software) does not include a RM module. The avoid risks, managing them becomes essential. The
few existing tools dedicated for RM, such as the Risky challenge is to balance these factors to generate opportunities
Project and @Risk, are characterized by being data [9].
repositories where the project manager inserts the risk data,
namely its probability, impact and assigned resources. Some
158
each project team member. Figure 1 shows an example of the A. Collaborative risk identification
CoRM that is globally explained in the following sections. One of the first activities in a project is defining the
Project goals and project goals and description. This information is very
restrictions important to understand the range and complexity of the
project. Usually this process is developed by the
professionals who are closed to the clients like, for instance,
project leader and consultants (or, in some cases, the entire
Collaborative risk identification: project team).
Risk(1,1): P(1,1) = medium I(1,1) = high With the goals defined, team members, according to their
Risk(1,2): P(1,2) = low I(1,2) = high skills and experience, can start identifying risks that can
/ Risk(1,n): P(1,n)= ? I(1,n)= ? affect the project goals, including the risks which have
positive and negative impact. For each identified risk they
will categorize the risk impact and the probability in a scale:
low, medium and high. In this process, project members
Risk(2,1): P(1,1) = low I(2,1) = high
preform the risk identification alone. This approach may be
Risk(2,2): P(1,2) = medium I(2,2) = medium
useful to determine the risk attitude and risk tolerance of
/ Risk(2,n): P(2,n)= ? I(2,n)= ?
each member or group area, which will allow identifying the
organization global risk tolerance. This will also allow
understanding future decisions and monitoring the risk
/ Risk(n,m): P(n,m)= low, I(n,m)= low, tolerance evolution of the organization.
medium, medium, This stage ends with a first draft of the risk register of
high high each project member, describing the probability and impact.
B. Collaborative risk selection and combination
After generating the preliminary risk records, the project
Collaborative risk selection and leader analyzes all risks and may change, filter or merge
combination some risks. Then him, with the project team, can analyze and
Risk(1): P(1) = medium I(1) = high identify the risk dependencies (identifying the risks that may
Risk(2): P(2) = low I(2) = high be influenced by other risks). The probability and impact
Risk(3): P(3) = low I(3) = medium assessment of the risk will follow the Kwan Wah [22] risk
Risk(4): Risk(1) → Risk(5) dependency theory, used to compute the final combined risk
Risk(n): P(n) = ? I(n) = ? probability and impact. By this way, the project team will be
/
……. able to identify and analyze the risks and evaluate if its
Project Impact
combination can lead to disproportioned project failure.
team low
Negative impacts
medium high
R(6)
high
R(2)
Positive impacts
medium low
After the selection and combination, the project team
high high
will generate the risk probability matrix according to the
R(9) R(1) R(7)
scale (low, medium or high). This matrix gives a visual
Probability
Probability
R(11)
medium medium
low low
The output of this stage is the risk register with the
low medium high high medium low
filtered risks sort by priority.
Negative impacts Positive impacts
Impact
159
IV. CONCLUSIONS [6] SG. (2009). Standish Newsroom - CHAOS 2009. Available:
http://www1.standishgroup.com/newsroom/chaos_2009.php
Lack of RM has been appointed in the past years has a [7] J. L. Eveleens and C. Verhoef, "The rise and fall of the Chaos
major cause for project failure with all it encompasses. report figures," IEEE Software, vol. 27, pp. 30-36, 2010.
Indeed, project failure can be defined has the result of the [8] C. Rodrigues, I. Teles, J. B. Cruz, and J. Varajão, "Risk
multiplicity of risks inherent to software project environment Management in scope of Project Management," presented at the 6th
[23]. This is not due to the lack of frameworks, best practices International Conference on Information Systems and Technology
guidelines or even the absence of knowledge of the Management Brazil, 2009.
importance of risk management by projects managers, but [9] P. L. Bannerman, "Risk and risk management in software
projects: A reassessment," Journal of Systems and Software, vol. 81, pp.
due to the complexity and time involved (mainly in small 2118-2133, 2008.
projects). [10] M. Keil, A. Tiwana, and A. Bush, "Reconciling user and project
In order to contribute to improve this situation, are manager perceptions of IT project risk," Information Systems Journal, vol.
needed new approaches, agile and collaborative, to enable 12, pp. 103-119, 2002.
project managers and team members to participate in the [11] S. Robinson, "General concepts of quality for discrete-event
assessment of software project risk. simulation," European Journal of Operational Research, vol. 138, pp. 103-
People and organizations have their own risk perception, 117, 2002.
tolerance, appetite and attitude regarding risk. Some are [12] C. G. von Wangenheim, D. A. d. Silva, L. Buglione, R. Scheidt,
uncomfortable with risk (risk-averse); others face risk as a and R. Prikladnicki, "Best practice fusion of CMMI-DEV v1.2 (PP, PMC,
SAM) and PMBoK 2008," Information and Software Technology, vol. 52,
normal issue when searching for opportunities (risk-neutral); pp. 749-757, 2010.
and others like the risk even when the probability of success [13] PMI, Practice Standard for Project Risk Management: Project
is low (risk-seeking). These different attitudes will define the Management Institute, Inc., 2009.
person/organization actions when a potential threat/ [14] ISACA, The Riks IT Practitioner Guide: ISACA, 2009.
opportunity appear. Understanding the risk attitudes of each [15] ISO, "ISO GUIDE 73:2009," ed: International Organization for
person may lead to the understanding of the organization (or Standardization, 2009.
group) risk attitude. [16] K. Schwalbe, Information Technology Project Management, 6
Our work-in-progress highlights the collaborative work ed.: Course Technology, 2010.
in the risk management, by collecting and store the [17] M. Leitch, "ISO 31000:2009—The New International Standard
individual perception of risk identification and assessment. on Risk Management," Risk Analysis, vol. 30, pp. 887-892, 2010.
As future work we will explore the influence that a group of [18] PMI, A Guide To The Project Management Body Of
individuals has in the risk identification process. This will be Knowledge (PMBoK Guides), Fourth edition ed.: Project Management
Institute, Inc., 2008.
done through the study of real cases of software projects,
[19] K. T. Wah and H. K. N. Leung, "A Risk Management
which already perform RM according to an existing standard Methodology for Project Risk Dependencies," IEEE Transactions on
(PMBoK, CMMI, PRINCE2, etc.). This will provide a Software Engineering, vol. 37, pp. 635-648, 2011.
comparative basis with our proposal of work. [20] C. H. Loch, A. DeMeyer, and M. T. Pich, Managing the
Unknown: A New Approach to Managing High Uncertainty and Risk in
REFERENCES Projects: John Wiley & Sons, Inc., 2006.
[1] H. Kerzner, Project Management: A Systems Approach to [21] N. Cerpa and J. M. Verner, "Why did your project fail?,"
Planning, Scheduling, and Controlling: John Wiley & Sons, Inc., 2009. Communications of the ACM, vol. 52, pp. 130-134, 2009.
[2] H. Taylor, "Risk management and problem resolution strategies [22] K. Tak Wah and H. K. N. Leung, "A Risk Management
for IT projects," Project Management Journal, vol. 37, pp. 49-63, 2006. Methodology for Project Risk Dependencies," IEEE Transactions on
[3] C. Chapman and S. Ward, "Why risk efficiency is a key aspect Software Engineering, vol. 37, pp. 635-648, 2011.
of best practice projects," International Journal of Project Management, [23] Y. H. Kwak and J. Stoddard, "Project risk management: lessons
vol. 22, pp. 619-632, 2004. learned from software development environment," Technovation, vol. 24,
[4] K. de Bakker, A. Boonstra, and H. Wortmann, "Does risk pp. 915-920, 2004.
management contribute to IT project success? A meta-analysis of empirical
evidence," International Journal of Project Management, vol. 28, pp. 493-
503, 2010.
[5] R. N. Charette, "Why software fails," Spectrum, IEEE, vol. 42,
pp. 42-49, 2005.
160