A Review of Software Risk Management Strategies

1. Introduction:- has been effective in addressing the

needs of a signal organization and its
World has changed dramatically
relationship with its clients and
during few years ago. This change is
subcontractors [4].
due to immense development in
technology. As economics changed, Risk management is used to increase
software development has also the chance of success of any future
changed and the idea of development. project by exploring its uncertainties
As we are not follow SDLC model in a as well as risk management is the
good way to develop software then planned and systemic approach to
we faced some risk due to various the identification, evaluation and
factors. Software Engineering control of risk. If we find out the
Institute (SEI) defines risk as “the uncertainties of the software then we
possibility of suffering loss” and it
can make uncertainties free software
defines loss in a development project,
by applying different risk
as “the impact to the project which
management strategies. Risk
could be in the form of diminished
management is becoming an
quality of the end product, increased
costs, delayed completion, loss of important issue from these three
market share, or failure.” [1]. If we perspectives such as risk assessment,
make successful software then we risk management and risk control [1].
make sure that the risk is controlled Advantage of using software risk
properly. Risk is a loss and damage of management is that identifies risks
any software. Mostly major loss in early and systematically in a project
software’s are considered as a lack of and action can be taken before they
budget (Finance ) but there is also can do some harm to the project [2].
many losses which are incredibly The potential problem in the projects
disturbs the development phases of may or may not occur in the future.
software’s such as future business We use risk management strategies
and loss of property or life So, the to reduce the probability of a risk
long term rate of is occurs. occurrence. It includes the analysis of
possible risk in the software course
Traditional risk management and the alleviation of their negative
potential. Risk management is also we shaped the risk that were
used to understand the risk in the identified into decision-making
better way and resolved it on the information [13]. The objective of risk
spot. We used different models, tools analysis is to obtain the risk profile of
and techniques to reduce risk in the the project leading to the process of
beginning. Nowadays, risk creating a response to that risk [12].
management in software engineering Then we are planning to reduce the
is an evolution of the risk concepts, risk in the software that we
and should pervade all the processes developed. And the last step is to risk
in the software lifecycle [5]. Risk implement, we are implement the
management helps practitioners plan to remove the risk. In this paper
assess problematic aspects of a we will find out different strategies
project, emphasizes potential causes for different software. In one paper
of failure, helps link potential threats we read out the different risk sources
to possible actions, and facilitates a in different SDLC models like water
shared perception of a project among fall models, spiral models, v models,
its participants [9]. We use risk and agile model. If we will remove all
management strategies to minimize these risk in different models so we
the impact of the risk. Also a risk will create best software. In another
management has a proactive focus paper, we read strategies to control
on the preventing problems, is the risk in distributed software
continuous (in the whole software development. We are use different
lifecycle), and concurrent (many risks tools like Email, TAMRI, CAMEL,
are managed at the same time) [5]. NETMOVE and Team space for the
We follow different steps in risk best communication. We also use
management assessment like different project management
communication, indentify, assets, models in DSD like centralized project
plan and implement. In risk management, Distributed with Local
identification step, the team Coordinators and Distributed with
systematically enumerates as many Functional Coordinators.
project risks as possible to make
them explicit before they become
Objective:-
problems [13].through, risk analysis,
 Make sure of that risk risks…) to avoid vertical
management is clearly and segmentation effects and all
regularly potential impacts from such
 Manage risk (going along risks (financial and non-
with/obeying) best practice. financial impacts such as
 Expect ahead to and respond reputation, know-how…). The
to changing social, (related to scope of analysis covers the
surrounding conditions or the FRR and its stakeholders: its
health of the Earth) and law- custodian/account-holder
based requirements. (Caisse des Dépôts), external
 Think about obedience of asset managers, index
health and safety, insurance providers and other suppliers.
and legal needed things as a One of the sources of added
minimum standard. value of this approach lies in
 Prevent death, injury, damage aggregating all of the major
and losses, and reduce the cost risks and ensuring the global
of risk. consistency of the risk analysis
 Inform policy and operational and organizational action
decisions by identifying risks plans.
and their likely effect. These objectives will be
 Raise knowledge of the need achieved by:
for risk management by all
those connected with the  Clearly define all the roles and
organization’s delivery of responsibilities within the
organization for risk
service.
management.
 Propose and coordinate the  Including risk management
roll-out of action plans issues when writing reports
designed to reduce or change and making decisions..
the profile of these risks.  Reinforcing the importance of
  Analyzing and managing all effective risk management as
risks (financial, human, part of the everyday work of
employees and members in an
information system, strategic
organization to control risk.
  Maintaining a register of risks And in some other papers defined the
linked to the organization’s critical risk factors in distributed
business, corporate and software development. So in some
operational objectives, also
papers defined the tools and models
those risks linked to working in
and tell us how we can avoid or
partnership.
Related work:- reduce risk in distributed software
development.
Some authors explained the different
steps how we can reduce the risk in Boehm and turner [13] in 2003
software. These steps are explained the five steps risk driven
communication, identify, assets, plan method for balancing and agile
and implement. Haneen hijazi, Thair and plan-driven methods.
khdour and abdulsalam Alarabeyyat Software risk management
in 2012 reviewed the SDLC models process:-
(e.g. waterfall, v-model, incremental,
spiral and agile) that are used to There are many software models
develop software and control risk to available for risk management.
management in each of these The model recommended in this
models. He analysis all the models in section was developed by the
different ways and then find out the software engineering institute
risk sources in each of these models. (SEI) [15] and is shown in figure.
If we are design good software and
chose model of which we can
develop then we avoid these risk
sources. In this way we can develop
successful software and manage risk.
In distributed software we also
managed risk in different ways. We
analyzed different tools and models
that are used to control risk in
distributed software. In some papers
explained the challenges in
distributed software development.
 types of risks. Teams can then
assess the extent to which these
risks are a factor for their project
based upon the sets of
programmers, managers,
customers and policies [13].

Product specifics risks can only be

identified by those with a clear
understanding of the technology,
the people and the environmental
of the specific product [13].

Generic and product specific risks

Software risk management paradigm can be further divided into
project, product and business risks
[13]. The project risks are those
Identify:-
that affect the project schedule
Before risks can be managed its and resources. The product risks
must be identified before are those that affect the quality
adversely affecting the project and performance of the software.
[15]. There are several software The business risks are those that
process risks. These risks are threaten viability of the software.
generic risk ,product risk and
There are some specific factors to
project risk.
consider when examining project,
Generis risks are potential threats product and business risks [13].
in every software project [13]. These factors are [13]:-
Some examples of generic risks
 People risks:-
are changing requirements, losing
 Size risks:-
key personnel, or bankruptcy of
 Process risks:-
Software Company or of the
 Tools risks:-
customer [13]. The organizations
 Technology risks:-
are keeping checklist about these
  Organizational and
managerial risks:-
 Customers risks:-
 Estimation risks:- Track:-
 Sales and supports risks:-
Track consists of monitoring the
 Meeting
status of the risks and the actions
 Checklists
taken against risks to mitigate them
 Comparison with past [15]. Risk mitigate actions are come
projects:- into the associated cost [13].
 Decomposition:-
Control:-
Analyze:-
Risk control relies on the project
Analysis is the conversion of risk data management processes to control
into risk decision-making information risk action plan, corrects for variation
[15, 13]. It includes reviewing, for plan, response to triggering the
prioritizing, and selecting the most events, and improve risk
critical risks to address [15]. Software management processes [15].
risk evaluation team analyzes the risk
in terms of cost, schedule, quality and Communication:-
performance of the software [15]. On-going and effective
Plan:- communication between
management, the developer team,
Planning turns risk information into marketing, and customers
decisions and actions for both the representatives about project risks is
present and future [15]. Planning essential for effective risk
involves the developing actions to management [13]. This
address individual risks, prioritizing communication enables the sharing
risk actions and creating a risk of all information and is the
management plan [15]. The key to cornerstone of effective risk
risk action planning is to consider the management [13]. Without effective
future consequence of a decision communication, no risk management
made today [15]. approach can be viable [15].it is an
integral part of all the other risk main aim of this is cost and resource
management activities [15]. optimization [2].

Risk management in DSD:- More than a decade ago, seeking

lower costs and access to skilled
The globalization of the world during
resources, many organizations
the last two decades has created
began to experiment with
changes in the software industry as
remotely located software
the development and maintenance
development facilities (DSD).
of software shifts from being single
Several factors have contributed
site to different geographically
to build this scenario. [5]
locations across the globe [2]. This
type of development is called  The business market
“global”, “distributed” or “multi-site” proximity advantages,
software development. Why the including knowledge of
distributed become more and more customers and local
popular. conditions;
 Pressure to improve time-to-
There are several compelling business market by using time zone
reasons supporting the adoption of differences in “round-the-
distributed software development: 1) clock” development;
ability to extend work beyond the  The need to have a global
regular office hours at a single site, 2) resource pool too
software development costs at successfully and cost
offshore centers, like in India, are as competitively have resources,
much as four times less expensive, 3) wherever located.
the capabilities of workforce in This way of development helps us in
remote centers located in emerging low cost and effective development.
economies have improved As the project advances, risks can
significantly in the recent years , 4) be identified either during
advances in information and scheduled project activities or
communication technology have informally, e.g. when people talk to
facilitated easier collaboration each other at lunchtime, travel or
between remote workforce [20]. The during their leisure time [7].
The importance of risk  Differences in Technologies
management has been well Used[3]
recognized by the project  Creating team spirit[3],[5]
management community. In risk  Quality [3],[5]
management is listed among nine  Different Stakeholders [8],[3],
key knowledge areas related to [9]
project management. In relation to  Difference Government, Laws,
software project risks, much work Rules and Regulations [3]
has been done at Software  Risk Management [5],[3],[8]
 Application of an Iterative Agile
Engineering Institute (SEI) .[7]
Process
Software projects are exposed to
 Security issues[1]
various risks and risk management
in such projects is still inadequate as
is shown by the percentage of Critical risk factors in DSD:-
failed, delayed or too expensive We synthesize the risks and we
projects [7]. identified eight risk areas [8]:
There are many challenges in
 Task distribution [8],[3],[5],[9]
distributed software development.  knowledge management [8],
 Lack of trust [1],[3],[6],[7] [3],[5],[9]
 Coordination [3],[9],[8]  Geographical distribution [5],
 Asymmetry in Processes, [8],[6],[3],[9]
Policies, and Standards [3]  Collaboration structure [1],[3],
 Physical Distance [3],[8],[5] [6] [8],[7],[9]
 Difference knowledge levels or  Cultural distribution [3],[6],[7],
knowledge transfer[3] [10],[21]
 Languages Barriers [8],[3],[6]  Stakeholder relations [3],[6],
 Task Allocation [8],[3],[5] [7], [5],[9], [21]
 Scope and Change  Communication infrastructure,
Management[3] and Technology setup [3],[6],
[7], [5],[9], [21]
Task distributed:- The task distributed is a possible risk
in distributed software development,
but for slightly different reasons. participants and progress, increases
When the overall project task is travel budgets, limits face-to-face
divided and distributed across several interaction, and weakens social
sites, task uncertainty emerges, relations [9].Temporal distribution
because participants may lack increases the complexity of planning
information about the t ask, its and coordination activities, makes
purpose , and their own contribution multisite virtual meetings hard to
to the overall task [9,2]. plan, causes unproductive waits,
delays feedback, and complicates
Knowledge Management:-
simple things like time referencing
Knowledge management refers to and time settings [9,2].
how projects create, capture, and
Collaboration Structure:-
integrate knowledge about the
project task, including goals, Collaboration is a relatively broad
problems, possible solutions, and area that covers risks arising when
approaches [9]. When GDSP collaboration structures do not fit the
participants lack face-to-face distributed context. Collaboration
interaction knowledge creation is capability describes the project
limited within the organization participants’ understanding and
[9].Developers need to have as much appreciation of differences in
information as possible at their competencies and their ability to
disposal, and to know the full status effectively use technology to gather
of the project and its past history, and share information across
which will in turn allow them to geographical and functional distances
create realistic assumptions about [9].
the project [2].
Cultural distance:-
Geographical distribution:-
Distance in Distributed Software
Distribution of activities in a GDSP Development affects a number of
occurs along three dimensions: things like culture and time zone etc.
space, time, and goals [9]. Spatial A number of cultural risks may arise
distribution complicates the project since participants do not necessarily
manager’s ability to monitor share the same language, traditions,
or organizational culture [2]. To [9]. Software Development relies
manage risks related to culture and heavily on quick information flows
distance, Use workflow management and going global, adds new factors to
and online tools by establishing open development, such as distance in
communication across multiple culture, time and space. Due to these
channels and having periodic factors, Distributed Software
workshops with teams and applying Development is facing a variety of
online team-building if visits are not challenges such as communication
feasible [2]. [2].

Stakeholder Relations:- Technology Setup:-

When projects are distributed, it Networks that connect globally

naturally becomes difficult to obtain distributed sites are often slow and
the same level of stakeholder unstable and even minor delays can
integration as you would expect in a ruin the low of communication [9].
collocated organization [9]. Lack of Network capability is therefore an
frequent face- to-face interaction important challenge in GDSPs, and
may impair relationship building, selection of appropriate information
since relations are built through and communication technology is
communication between project crucial for project success [9].
stakeholders [9].
There is a wide range of kinds of
Communication:- technology that can assist in
geographically distributed work, and
Almost every problem arising in
if the team members have very
GDSPs is related to the fact that
limited experience it can constrain
communication is no longer a simple
the tools that might be used. Does
task when participants are
the organization have a good system
distributed and appropriate
of technical support that can be
supporting infrastructures are
called upon as needed? Technical
therefore needed. Personal
resources such as hardware are only
communication is often impeded by
available certain location [13].
absence of informal communication
and lack of face-to-face interaction