Software Risk Management

What Is Software Risk Management And How Do You Implement It?

 

Software risk as an impact on project management, program management, or delivery is one in which software defects and complexity impact the ability to release software on-time or within budget. The impact here is in delays and costs to the business that must be absorbed. For example, a defect found late in the development process could result in re-work that takes days or weeks to correct thereby delaying a project.

Both of these issues require strong risk management practices to mitigate against the risk. But do you actually manage this risk? First, you should identify and understand the root cause.

Software Risk Management: Principles and Best Practices

What are the ways that you can address software risk management? A set of software risk management principles and best practices can serve as a guide to help ensure that the risk of critical issues is mitigated. Currently, most software risk management relies on testing. But testing is not necessarily enough to truly manage risk. And it’s important to note that the old adage, “You can’t manage what you don’t measure” very much applies to managing software risk.

• Identify the riskiest areas and components within your applications and systems
• Identify the root-cause for the majority of defects that result in system failures (i.e., the “killer defects”)
• Understand the importance of quantifying transaction and object risk in addition to risk-based testing
• Learn how to optimize your test efficiency while expanding your coverage
• Leverage structural quality analysis to supplement your risk-based testing
• Understand the complexity of the underlying system components
• Quantify the degree to which complex system components have changed
• Make sure you have a scorecard or dashboard for measuring and tracking the levels of software risk in each release of your most mission critical applications

Software Risk Management Plan

Creating a software risk management plan helps to both jump start managing software risk as well as making it on ongoing part of your software development process. A software risk management plan should typically include:

• Jump Start Your Risk Management
• Look at Integration Level Risk
• Look at System Level Risk
• Measure your level of software risk in your critical applications

These steps comprise the basis of comprehensive risk management. Of course, as you develop your software risk management plan, incorporate procedures and processes that make the most sense to your business. But recall that system-level risks are the greatest threats and it is these threats that require the most mitigation.

Risk Analysis in Software Testing

One key issue around software risk is that the issues that are the most damaging are not always the first ones that appear. Risk analysis in software testing helps determine where the most critical defects are that must be addressed.

In a study in Empirical Software Engineering, researchers found that while only 8% of defects are system level flaws, they account for 90% of system downtime. Thus, in addressing software risk, it's critical to focus on system level issues where the impact can be greatest.