Software engineering risk management : a method, improvement framework, and empirical evaluation

No Thumbnail Available

URL

Journal Title

Journal ISSN

Volume Title

Doctoral thesis (monograph)
Checking the digitized thesis and permission for publishing
Instructions for the author

Date

2001-09-28

Major/Subject

Mcode

Degree programme

Language

en

Pages

247

Series

Abstract

This dissertation presents a method for software risk management, its improvement framework, and results from its empirical evaluations. More specifically, our objectives were: Develop a comprehensive, theoretically sound, and practical method for software engineering risk management. Develop a framework and supporting software tools for the continuous improvement of software engineering risk management and for improving knowledge about risks. Evaluate the method in practice to provide information on its feasibility, effectiveness, advantages and disadvantages, and to improve it. Although risk management has been considered an important issue in software development and significant contributions to risk management have been made over the past decade, risk management is rarely actively and explicitly applied in practice. Furthermore, most risk management approaches in software engineering use simplistic approaches and fail to account for the biases common in risk perception. We have developed a method, called Riskit, that complements existing risk management approaches by supporting qualitative and structured analysis of risks through a graphical modeling formalism. The method supports multiple stakeholder views to risks by considering their potential utility losses. The Riskit method is comprehensive, i.e., it supports all aspects of risk analysis and risk management planning in a software development project. We propose that our method has a sound theoretical foundation, avoids common biases in risk evaluations, and results in a more thorough understanding of the risks than traditional approaches. Associated with the method, we have also developed a risk management improvement framework that supports continuous, systematic improvement of the risk management process. The improvement framework is based on the Quality Improvement Paradigm, and is supported by the eRiskit application. The eRiskit application supports the management of risks while simultaneously acting as a risk management repository that captures risk management data for improvement purposes. The eRiskit application also acted as a proof of concept for the correctness of the underlying concepts in the Riskit method. We have validated the feasibility and effectiveness of the Riskit method in a series of empirical studies. The empirical studies were designed to provide characterization information and feedback on the method, as well as to act as initial validation of the method. The empirical evaluations showed that the method is feasible in industrial context and it seemed to improve participants' confidence in risk management results. In addition, our research indicates that industry needs sound, systematic, yet cost effective methods for risk management, a common and customized approach to improve communications within an organization, and support and enforcement of the common approach.

Description

Keywords

risk management, project management, process improvement, software management, experience factory, quality improvement

Other note

Parts

  • Additional errata file available.

Citation

Permanent link to this item

https://urn.fi/urn:nbn:fi:tkk-002958