J. Ropponen et K. Lyytinen, Components of software development risk: How to address them? A project manager survey, IEEE SOFT E, 26(2), 2000, pp. 98-112
Software risk management can be defined as an attempt to formalize risk ori
ented correlates of development success into a readily applicable set of pr
inciples and practices. By using a survey instrument we investigate this cl
aim further. The investigation addresses the following questions: 1) What a
re the components of software development risk? 2) how does risk management
mitigate risk components, and 3) what environmental factors ii any influen
ce them? Using principal component analysis we identify six software risk c
omponents: 1) scheduling and timing risks, 2) functionality risks, 3) subco
ntracting risks. 4) requirements management, 5) resource usage and performa
nce risks, and 6) personnel management risks. By using one-way ANOVA with m
ultiple comparisons we examine how risk management (or the lack of it) and
environmental factors (such as development methods, manager's experience) i
nfluence each risk component. The analysis shows that awareness of the impo
rtance of risk management and systematic practices to manage risks have an
effect on scheduling risks, requirements management risks, and personnel ma
nagement risks. Environmental contingencies were observed to affect all ris
k components. This suggests that software risks can be best managed by comb
ining specific risk management considerations with a detailed understanding
of the environmental context and with sound managerial practices, such as
relying on experienced and well-educated project managers and launching cor
rectly sized projects.