Beruflich Dokumente
Kultur Dokumente
discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/221408636
CITATIONS READS
75 276
3 authors, including:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Lars Mathiassen on 19 May 2014.
Abstract 1. Introduction
We present a simple, but powerful framework Considerable hopes in improving the
for software risk management. The frame- performance in software development
work synthesizes, refines, and extends current have been placed in techniques and
approaches to managing software risks. We guidelines that identify, analyze and
illustrate its usefulness through an empirical tackle software risks (Alter & Ginzberg
analysis of two software development epi- 1978, Boehm 1989, 1991, Burns & Den-
sodes involving high risks. The framework
nis 1985, Charette 1989, Davis 1982,
can be used as an analytical device to evalu-
Fairly 1994, McFarlan 1982). Software
ate and improve risk management approach-
es and as a practical tool to shape the atten- risks are incidents that endanger a suc-
tion and guide the actions of risk managers. cessful development process leading to
wrong or inadequate software operation,
software rework, implementation diffi-
culty, delay or uncertainty (Boehm
1991). They involve the concept of a
consequence which incurs losses, is un-
certain and introduces choice (Barki et
al. 1993, Boehm 1989, Charette 1989).
Research on software risk manage-
ment has primarily focused on crafting
guidelines for specific tasks (Alter &
Actors Management
Environment
Structure Technology
Task
Risk-based Management
Process
Actors Project
Environment
Structure Technology
Task
Development
Process
Actors System
Environment
Structure Technology
Task
1991, Charette 1989). It can (often un- cidents which can prevent the project
consciously) change the development from meeting its aspiration levels and
environment by enacting heuristics. For thus incur losses.
example, it can launch experiments with Risk profiles can be attacked in two
the technological platform. Through ways: actively and skilfully where actors
such risk resolution activities (Boehm heedfully scan the environments, feel re-
1989, Charette 1989) one or all of the en- sponsible and committed, and wilfully
vironments will change (Boehm 1989). change aspiration levels; or passively by
Software risks can be seen to con- ignoring risks due to lack of accountabil-
dense into project specific risk profiles. ity, insufficient organizational commit-
Such profiles are continually shaped by ment, incompetence, information over-
component interactions and changes in- load, stress, opportunism or laziness. In
troduced by the risk-based management the latter situation the aspiration levels
process. In different project stages risk are decreased de facto and ex post with-
profiles vary, and at each development out introducing an explicit choice. These
stage the risk profile contains several in- two extreme strategies to deal with soft-
Project Structure
TABLE 1. Project task relates to system
This component refers to the systems of
environment risk factors
communication, authority and work
System task: flow. Systems of communication specify
Is the task understood? who should be communicating with
Is the task unstructured with many excep-
tions? whom, when, how frequently communi-
How many tasks are included? cations take place, and how formal com-
What is the impact on user tasks? munications are (Andersen et al. 1990,
Will actors be critically dependent on the Davis et al. 1990). Risks transpire when
system? actors communicate ineffectively, when
Is there much unarticulated, tacit knowl-
edge involved? the appropriate actors are not involved in
What is the extent of tasks? communications, or when the scope of
How much variation and flexibility are communications is limited (Curtis et al.
involved in the tasks? 1988, Heiskanen 1994). The systems of
ment in Figure 1. Software risks are born based management forms an integral
in all three environments. Table 2 offers part of the project management activi-
a set of generic questions that can be ties. This corresponds to the continuous
used to search for specific risks in a soft- view of risk management advocated by
ware project. Table 1 offers more specif- Boehm (1988, 1989, 1991), and Alter &
ic questions focusing on the system envi- Ginzberg (1978). Sometimes risk-based
ronment and hence related to the project management forms a discrete event
task. which relates only to the very early phas-
The risk-based management task is es of a software project. This corre-
dynamic: it differs through project phas- sponds to the discrete view of risk man-
es and between development projects agement presented by Davis (1982) and
and it involves a feedback loop indicated McFarlan (1982).
by the small arrow. Through this loop
managers become more competent and Management Actor
experienced, the organization integrates Risk managers are expected to take de-
new experiences and schemes into its liberate actions to tackle risks. Usually
systems of interpretation (Weick & Daft this role is assigned to a project manager.
1983), and new methods, codifications But other project members and groups
of procedures, and decision making rules such as project committees can also car-
are adopted. ry out risk management tasks. Risk man-
We can observe a large variation in agers form a proactive part of the man-
how the risk management task is formu- agement environment: they decide what
lated and accomplished. Sometimes risk actions should be taken, what risk man-