i just need the research report with citation
Microsoft Word - Contents-SG-1.doc Abstract—Despite various methods that exist in software risk management, software projects have a high rate of failure. When complexity and size of the projects are increased, managing software development becomes more difficult. In these projects the need for more analysis and risk assessment is vital. In this paper, a classification for software risks is specified. Then relations between these risks using risk tree structure are presented. Analysis and assessment of these risks are done using probabilistic calculations. This analysis helps qualitative and quantitative assessment of risk of failure. Moreover it can help software risk management process. This classification and risk tree structure can apply to some software tools. Keywords—Risk analysis, Risk assessment, Risk classification, Risk tree. I. INTRODUCTION OFTWARE Project Management (SPM) has become a critical task. It involves the management of all issues involved in the development of software project namely scope and objective identification, evaluation, planning, project development methods, software effort and cost estimation, activity planning, monitoring and control, risk management and resource allocation [1, 2, 3]. Software projects face many risks in their lifecycle. Risk is any potential situation or event that could negatively affect a project's ability. A risk is an exposure to loss or injury or a factor, thing, element, or course that involves uncertain danger [4, 19, 20]. Project Risk Management Institute has developed guidelines for risk management. These guidelines include risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, risk response planning and risk monitoring and tracking. For each step, it defines inputs, tools, techniques and outputs [21]. Software risk management is a part of SPM. It is very important for software projects. Software risk management steps were presented by Barry Boehm [5] and possess two primary steps. The first one is risk assessment and the second is risk control. Risk assessment involves risk identification, risk analysis and risk prioritization. Risk identification produces a list of the project risk items using several H. Hoodat is Master of Science student in department of computer engineering, Qazvin Azad University, Iran (e-mail: h_hoodat@ qazviniau.ac.ir). H. Rashidi is assistant professor in department of computer engineering, Qazvin Azad University, Iran (e-mail:
[email protected]). techniques [6, 7, 8]. Risk analysis assesses the loss probability and loss magnitude for each identified risk and risk prioritization produces a ranked ordering of the risk items identified and analyzed. Various methods exist for risk analysis [3]. The risk management cycle represents basic activities, processes and main flows of information between them [9]. But in this paper, we concentrate on risk analysis and assessment. This paper is organized as follows: in section II software risk management is discussed. In section III classifications of software risks are presented. In section IV, the structure of risk tree and its probabilistic calculations is introduced. In section V risk tree structures for software engineering risks are presented. The conclusions are given in section VI. II. SOFTWARE RISK MANAGEMENT There are many concepts about software risk management [6, 7, 8, 9]. But in this section some cases and processes that serve in software risk management which is required for our structure have been discussed. A. Risk Index As risks are identified, they can be categorized by impact (I) and likelihood of occurrence (LO). When these two factors are multiplied, risks can be characterized as high, medium, or low. Risk prioritized within a risk index (RI) by a single measure that determines its importance to the project and the relative visibility, response and reporting required. This index is necessary for prioritization of risk [6, 19]. B. Risk Analysis There are a few well-known types of risk analysis that can be used [21]. In software engineering, risk analysis is used to identify the high-risk elements of a project. It provides ways of documenting the impact of risk mitigation strategies. Risk analysis has also been shown to be important in the software design phase to evaluate criticality of the system, where risks are analyzed and necessary countermeasures are introduced [13]. The purpose of risk analysis is to understand risk better and to verify and correct attributes. A successful analysis includes essential elements like problem definition, problem formulation, data collection [14]. C. Risk Assessment Risk assessment incorporates risk management and risk analysis. Many risk assessment methodologies exist [15] that Classification and Analysis of Risks in Software Engineering Hooman Hoodat, and Hassan Rashidi S World Academy of Science, Engineering and Technology International Journal of Computer, Electrical, Automation, Control and Information Engineering Vol:3, No:8, 2009 2044International Scholarly and Scientific Research & Innovation 3(8) 2009 scholar.waset.org/1999.4/9245 In te rn at io na l S ci en ce I nd ex , C om pu te r an d In fo rm at io n E ng in ee ri ng V ol :3 , N o: 8, 2 00 9 w as et .o rg /P ub lic at io n/ 92 45 http://waset.org/publication/Classification-and-Analysis-of-Risks-in-Software-Engineering/9245 http://scholar.waset.org/1999.4/9245 focus on different types of risks. Risk assessment requires correct descriptions of the target system and all security features. For assessment to be useful, a risk referent level must be defined. For most software projects; performance, cost, support and schedule also represent risk referent levels [6, 8]. III. RISK CLASSIFICATION The primary purpose of classifying risk is to get a collective viewpoint on a group of factors, which will help the managers to identify the group that contributes the maximum risk. A scientific way of approaching risks is to classify them based on risk attributes. Risk classification is an economical way of analyzing risks and their causes by grouping similar risks together into classes [21]. Software risks can be internal or external. The internal risks come from risk factors within the organization. The external risks come from out of the organization and are difficult to control. Software risks can be grouped into project risks, process risks, and product risks. This classification system can be easily applied to internal risks [16, 17, 18]. Risks can be divided into three general types [22]: project, business, and technical risks. Also, software development risk can be classified into three classes: product engineering, development environment and program constraint. Another type of software risk can be grouped into scheduling risks and quality risks. In addition, risks can be categorized into performance risks, cost risks support risks and schedule risks [6]. In general, there are many risks in the software engineering. It is very difficult or impossible to identify all of them. A. Classifying Software Risks In this section software engineering project risks are categorized. Software project risks can affect requirements, scheduling, cost, quality and business. Therefore, classification on the basis of these groups can be done. Tables I to V represent these classifications. These risks are gotten through studies and experiences in projects. TABLE I SOFTWARE REQUIREMENT RISKS Lack of analysis for change of requirements Change extension of requirements Lack of report for requirements Poor definition of requirements Ambiguity of requirements Change of requirements Inadequate of requirements Impossible requirements Invalid requirements TABLE II SOFTWARE COST RISKS Lack of good estimation in projects Unrealistic schedule The hardware does not work well Human errors Lack of testing Lack of monitoring Complexity of architecture Large size of architecture Extension of requirements change The tools does not work well Personnel change Management change Technology change Environment change Lack of reassessment of management cycle TABLE III SOFTWARE SCHEDULING RISKS Inadequate budget Change of requirements Extension of requirements change Human errors Inadequate knowledge about tools Inadequate knowledge about techniques Long-term training for personnel Lack of employment of manager experience Lack of enough skill Lack of good estimation in projects Lack of accurate system domain definition Lack of goals specification Difficulty of implementation Disagreement between members Lack of tools Shortage of personnel Tools failure Technology change Lack of agreement between customer and developer Slow management cycle Supply budget in inappropriate time Environment change Lack of a good guideline TABLE IV SOFTWARE QUALITY RISKS Inadequate documentation Lack of project standard Lack of design documentation Inadequate budget Human errors Unrealistic schedule Extension of requirements change Poor definition of requirements Lack of enough skill Lack of testing Lack of good estimation in projects Inadequate knowledge about techniques Lack of employment of manager experience Lack of accurate system domain definition The simulator is to be destroyed Lack of reassessment Inadequate knowledge about programming language Inadequate knowledge about tools The hardware does not work well Lack of analysis for change of requirements The tools do not work well Loss technical equipment Lack of stability between personnel Personnel change Weakness of management Lack of commitment Disagreement between members Ambiguity of requirements Complexity of architecture Incomplete requirements Lack of roles and responsibilities definition Inadequate training of personnel Management change Technology change Lack of collaboration between developer Environment change Lack of a good guideline TABLE V SOFTWARE BUSINESS RISKS The products that no one want them The products that are not suitable with total strategy The products that sellers do not know how to sell them Failure in total budget Failure in commitment Failure in management because of change in different people IV. RISK TREE Risk tree analysis and assessment can simply be described as an analytical technique. It is a graphical model of various combinations of risks that result in the occurrence of the predefined undesired event. To analyze using risk tree, it is