Identifying software project risks: An international Delphi study

Advocates of software risk management claim that by identifying and analyzi ng threats to success (i.e., risks) action can be taken to reduce the chanc e of failure of a project. The first step in the risk management process is to identify the risk itself, so that appropriate countermeasures can be ta ken. One problem in this task, however, is that no validated lists are avai lable to help the project manager understand the nature and types of risks typically faced in a software project. This paper represents a first step t oward alleviating this problem by developing an authoritative list of commo n risk factors. We deploy a rigorous data collection method called a "ranki ng-type" Delphi survey to produce a rank-order list of risk factors. This d ata collection method is designed to elicit and organize opinions of a pane l of experts through iterative, controlled feedback. Three simultaneous sur veys were conducted in three different settings: Hong Kong, Finland, and th e United States. This was done to broaden our view of the types of risks, r ather than relying on the view of a single culture-an aspect that has been ignored in past risk management research. In forming the three panels, we r ecruited experienced project managers in each country. The paper presents t he obtained risk factor list, compares it with other published risk factor lists for completeness and variation, and analyzes common features and diff erences in risk factor rankings in the three countries. We conclude by disc ussing implications of our findings for both research and improving risk ma nagement practice.