Article Preview
TopThere are many understandings of the term ‘process’. This section focuses on understanding what risk experts and standards mean when they discuss the 'risk management process'. The focus will be on contributions which have defined a process and standards presenting a baseline approach to risk management.
In his tutorial on software risk management Boehm (1989) defines a number of steps aimed at identifying, addressing and eliminating software risks before they cause re-work or failure, and a life cycle model, called ‘Boehm’s spiral model’, in which these steps can be applied. This work was carried out when software risk management was considered to be an emerging discipline, however many of the concepts are still applied. The spiral model provides an incremental approach to defining requirements, architecture and design through the re-use of the four main elements: 'determine objectives, alternatives, constraints', 'evaluate alternatives; identify, resolve risks', 'develop, verify next level product' and 'plan next phases'.
Boehm (1989) states that the objectives of software risk management are to identify, address, and eliminate software risk items before they become either threats to successful software operation or major sources of software rework. He defines two primary steps within risk management: risk control and risk assessment. Three sub-steps exist within each; risk control covering management, monitoring and resolution, and risk assessment involving identification, analysis and prioritisation. The disadvantage of the spiral model is that it specifies the work to be completed in each step: this constrains the flexibility of the model and therefore its application to other areas. Boehm’s contribution is the differentiation between risk assessment, which he called ‘control’, and risk management, which provides in many cases a useful delineation between the work of identifying and fully defining risks, and the plans and controls which need to be in place to ensure that risks are dealt with effectively.