Software Risk Management

What Is Software Risk Management And How Do You Implement It?

Software risk management takes a proactive approach Software risk by providing an approach and methodology to look for areas where a software defect impacts the usability of the software for end users and the business. For example, a catastrophic failure as the result of a software bug that does not allow the software to run correctly or at all is a type of software risk that must be managed.

Software risk as an impact on project management, program management, or delivery is one in which software defects and complexity impact the ability to release software on-time or within budget. The impact here is in delays and costs to the business that must be absorbed. For example, a defect found late in the development process could result in re-work that takes days or weeks to correct thereby delaying a project.

Both of these issues require strong risk management practices to mitigate against the risk. But do you actually manage this risk? First, you should identify and understand the root cause.

Software Risk Management: Principles and Best Practices

What are the ways that you can address software risk management? A set of software risk management principles and best practices can serve as a guide to help ensure that the risk of critical issues is mitigated. Currently, most software risk management relies on testing. But testing is not necessarily enough to truly manage risk. And it’s important to note that the old adage, “You can’t manage what you don’t measure” very much applies to managing software risk.

• Identify the riskiest areas and components within your applications and systems
• Identify the root-cause for the majority of defects that result in system failures (i.e., the “killer defects”)
• Understand the importance of quantifying transaction and object risk in addition to risk-based testing
• Learn how to optimize your test efficiency while expanding your coverage
• Leverage structural quality analysis to supplement your risk-based testing
• Understand the complexity of the underlying system components
• Quantify the degree to which complex system components have changed
• Make sure you have a scorecard or dashboard for measuring and tracking the levels of software risk in each release of your most mission critical applications

Software Risk Management Plan

Creating a software risk management plan helps to both jump start managing software risk as well as making it on ongoing part of your software development process. A software risk management plan should typically include:

• Jump Start Your Risk Management
• Look at Integration Level Risk
• Look at System Level Risk
• Measure your level of software risk in your critical applications

In a study in Empirical Software Engineering, researchers found that while only 8% of defects are system level flaws, they account for 90% of system downtime. Thus, in addressing software risk, it's critical to focus on system level issues where the impact can be greatest.