The last few decades—especially the end of 20th century and the beginning of 21st century—have shown an increase in the interest in automation of different activities. Automation is dependent in its core on sound functional software. The complexity of software development has increased significantly over the years. Articles showing the failure of projects in the software industry are not surprising. Standish Group (1994) reports show that about 53% of projects get completed, but they do not meet the cost and schedule requirements, and about 31% are canceled before the completion of the projects. These failure reports are significantly alarming. With the tremendous growth in the complexity of software development in the last 10 to 15 years, the management of risks in software engineering activities is becoming an important and nontrivial issue from three perspectives: project, process, and product. Therefore, researchers and practitioners are continually trying to find effective risk management approaches. This article should help the academicians, researchers, and practitioners interested in the area of risk management in software engineering to gain an overall understanding of the area.
Meaning of Risk Management
Simply put, risk management is a way to manage risks. In other words, it concerns all activities that are performed to reduce the uncertainties associated with certain tasks or events. Risk management reduces the impacts of undesirable events on a project or the final product. Risk management in any project requires undertaking decision-making activities.
Origin of Risk Management
Risk management has its roots in probability theory and decision making under uncertainty. Three well-known theories in these areas—expected utility theory (Bernoulli, 1954; Hogarth, 1987), theory of bounded rationality (Simon, 1979), and prospect theory (Kahneman & Tversky, 1973; Kahneman, Slovic, & Tversky, 1982)—were of the greatest influence. These theories may be considered as disciplines by themselves. Therefore, to put our discussions on risk management in context, we briefly state hereafter only what each of these theories propose.
In brief, the expected utility theory discusses how people make choices from different alternatives, based on their expected utility. The theory of bounded rationality states that for real life events the outcomes and their associated probabilities are very limitedly understood by people to make the required decisions to maximize their expected utility. Therefore, people have a tendency to set up targets of aspiration in life by eliminating alternatives from the different options they have. This theory is useful for modeling the behavior of project management personnel in charge of risk management. Prospect theory, which has its origin in psychology, helps to model how the perceptions of human beings influence their choices from the given options. Thus, it helps for understanding and estimating the utility losses of different alternatives while analyzing risks in risk management.
Key Terms in this Chapter
Project Risks: Risks related to projects. These risks have the potential to affect the successful completion of the projects. They are associated with project parameters such as the project time lines and budgets.
P2I2: Elaine Hall’s approach for risk management in projects. It is based on four critical success factors of risk management, namely, people, process, infrastructure, and implementation.
Risk Management: The disciple of managing risks using strategies such as planning, assessment, analysis, and control of risks.
Software Reliability: A branch of software engineering dealing with the evaluation of how reliably a software system will perform when functional.
Software Risk Management: The disciple of managing risks in software projects, processes, and products.
Risk: “Risk refers to a possibility of loss, the loss itself, or any characteristic, object, or action that is associated with that possibility” ( Kontio, 2001 ).
Product Risks: Risks related to products developed. These risks have the potential to affect the successful operation of the products. They are often associated with the reliability of operation of the products.