risk assessment

A Study on Risk Assessment for Small and Medium Software Development Projects

By Spoorthi Sham

1PI14SSE12

04/15/2023 M.Tech SSE, PESIT 2

• Risk“ Smoking is dangerous to health. It causes cancer”

Introduction

Risk Scenario


Introduction

• "If you don’t actively attack the risks, the risks will actively attack you.“ – Tom Gilb

• Barry Boehm’s risk management process


Introduction

• Software development projects

• Categories

• Examples


• Risk IdentificationCreative methodAnalytical method

• Risk Analysis

• Risk Prioritization

Risk Assessment

Risk assessment tool


SMSDP Risk Assessment Timeline

Two categories :• Model category (6)• Method category (6)


Models Category

Focus Proposes Description Inputs Risk ranking Decision taking types Prototypes

1Assessment,

treatment and monitoring

RAT model

Early phases of the project

Project plan and resources

Risk rank matrix – category, occurrence probability, impact

Hybrid assessment

Web application prototype

2 Risk assessment and estimation SRAEM

Estimates efforts, cost and risk

exposureMeasurement, model and assumption errors

Probability and software metrics of risk management

Quantitative assessment --

3 Risk assessment SRAM

Based on Grey Theory using Analytic

Hierarchy Process

Demand analysis, project quality,

schedule,circumstance,technology

Subjective and objective method


4Risk

assessmentRA model for prototyping

projects

Structures and automates the

assessment of risk

Requirements, personal and

complexity metrics-- Quantitative

assessment --

5Risk

assessment SRAMUses

comprehensive questionnaire

Complexity,reliability,requirements, development

process, tools used

Impact of risk elements on

quality,schedule and cost


6Risk

assessment SPRAMAssessment of

loss and risk impact

Risk factor nodesConditional probability

distribution table

Hybrid assessment

--


Methods Category

Focus Proposes Description Inputs Risk ranking

Decision taking types Prototypes

1 Cost and quality

Expectation – Maximization

algorithm

Enhances ability in producing

hidden nodes

Probability vector of top-

level nodes-- Quantitative

assessmentAssessment

tool

2 Risk assessment

Source based SRAM

Accounts primary and

secondary facts

Primary and secondary

facts-- Quantitative

assessment --

3 Risk identification

Risk identification based on Kepner-Tregoe Program

4 analysis methods : PA, DA, PPA, SA

Checking vulnerable

areas-- Quantitative

assessment --

4 Risk assessment

Fuzzy expert system

Evaluates risk in all respects

Management, funding, planning,

technology

Matrix based on probability and severity

measurements

Quantitative assessment

Assessment fuzzy expert

system

5 Risk assessment

Fuzzy linguistic multiple attribute decision making

method

Estimates risk criteria values

Information from

experts

Probability, loss,uncontrolla

bility, occurence time

Quantitative assessment

Case study application for historic data

6 Risk assessment

Risk assessment method

Uses probabilistic interference

model

Interview based risk

assessment3 choices Quantitative

assessmentRisk assessment visualization tool

(RAVT) 4


Level of Risk Assessment Awareness


Trend (2008)

• Software development• Risk assessment


Author’s Conclusion

• 12 articles based on two categories according to 7 parameters

• The parameters and inputs that each model or method takes are not all of them available in SMSDPs

• SMSDPs are rapid development projects and they run from cost, they have no time to fill all the conditions defined by methods or models


A five – step process to assess risks :• Establish strategic guidelines• Determine model direction• Choose the model• Perform gap analysis• Design a strategic road map

Conclusion


Thank You

risk assessment

Software

risk assessment sram

risk assessment ra model

risk smoking

smsdp risk assessment

impact of risk elements

description inputs risk

introduction risk scenario

risk exposure measurement