A Review of Software Risk Management Strategies
1. Introduction:-
World has changed dramatically
during few years ago. This change is
due to immense development in
technology. As economics changed,
software development has also
changed and the idea of development.
As we are not follow SDLC model in a
good way to develop software then
we faced some risk due to various
factors. Software Engineering
Institute (SEI) defines risk as “the
possibility of suffering loss” and it
defines loss in a development project,
as “the impact to the project which
could be in the form of diminished
quality of the end product, increased
costs, delayed completion, loss of
market share, or failure.” [1]. If we
make successful software then we
make sure that the risk is controlled
properly. Risk is a loss and damage of
any software. Mostly major loss in
software’s are considered as a lack of
budget (Finance ) but there is also
many losses which are incredibly
disturbs the development phases of
software’s such as future business
and loss of property or life So, the
long term rate of is occurs.
Traditional risk management
has been effective in addressing the
needs of a signal organization and its
relationship with its clients and
subcontractors [4].
Risk management is used to increase
the chance of success of any future
project by exploring its uncertainties
as well as risk management is the
planned and systemic approach to
the identification, evaluation and
control of risk. If we find out the
uncertainties of the software then we
can make uncertainties free software
by applying different risk
management strategies. Risk
management is becoming an
important issue from these three
perspectives such as risk assessment,
risk management and risk control [1].
Advantage of using software risk
management is that identifies risks
early and systematically in a project
and action can be taken before they
can do some harm to the project [2].
The potential problem in the projects
may or may not occur in the future.
We use risk management strategies
to reduce the probability of a risk
occurrence. It includes the analysis of
possible risk in the software course
and the alleviation of their negative
potential. Risk management is also
used to understand the risk in the
better way and resolved it on the
spot. We used different models, tools
and techniques to reduce risk in the
beginning. Nowadays, risk
management in software engineering
is an evolution of the risk concepts,
and should pervade all the processes
in the software lifecycle [5]. Risk
management helps practitioners
assess problematic aspects of a
project, emphasizes potential causes
of failure, helps link potential threats
to possible actions, and facilitates a
shared perception of a project among
its participants [9]. We use risk
management strategies to minimize
the impact of the risk. Also a risk
management has a proactive focus
on the preventing problems, is
continuous (in the whole software
lifecycle), and concurrent (many risks
are managed at the same time) [5].
We follow different steps in risk
management assessment like
communication, indentify, assets,
plan and implement. In risk
identification step, the team
systematically enumerates as many
project risks as possible to make
them explicit before they become
problems [13].through, risk analysis,
we shaped the risk that were
identified into decision-making
information [13]. The objective of risk
analysis is to obtain the risk profile of
the project leading to the process of
creating a response to that risk [12].
Then we are planning to reduce the
risk in the software that we
developed. And the last step is to risk
implement, we are implement the
plan to remove the risk. In this paper
we will find out different strategies
for different software. In one paper
we read out the different risk sources
in different SDLC models like water
fall models, spiral models, v models,
and agile model. If we will remove all
these risk in different models so we
will create best software. In another
paper, we read strategies to control
the risk in distributed software
development. We are use different
tools like Email, TAMRI, CAMEL,
NETMOVE and Team space for the
best communication. We also use
different project management
models in DSD like centralized project
management, Distributed with Local
Coordinators and Distributed with
Functional Coordinators.
Objective:-
 Make sure of that risk
management is clearly and
regularly
 Manage risk (going along
with/obeying) best practice.
 Expect ahead to and respond
to changing social, (related to
surrounding conditions or the
health of the Earth) and law-
based requirements.
 Think about obedience of
health and safety, insurance
and legal needed things as a
minimum standard.
 Prevent death, injury, damage
and losses, and reduce the cost
of risk.
 Inform policy and operational
decisions by identifying risks
and their likely effect.
 Raise knowledge of the need
for risk management by all
those connected with the
organization’s delivery of
service.
 Propose and coordinate the
roll-out of action plans
designed to reduce or change
the profile of these risks.
  Analyzing and managing all
risks (financial, human,
information system, strategic
risks…) to avoid vertical
segmentation effects and all
potential impacts from such
risks (financial and non-
financial impacts such as
reputation, know-how…). The
scope of analysis covers the
FRR and its stakeholders: its
custodian/account-holder
(Caisse des Dépôts), external
asset managers, index
providers and other suppliers.
One of the sources of added
value of this approach lies in
aggregating all of the major
risks and ensuring the global
consistency of the risk analysis
and organizational action
plans.
These objectives will be
achieved by:
 Clearly define all the roles and
responsibilities within the
organization for risk
management.
 Including risk management
issues when writing reports
and making decisions..
 Reinforcing the importance of
effective risk management as
part of the everyday work of
employees and members in an
organization to control risk.
  Maintaining a register of risks And in some other papers defined the
linked to the organization’s critical risk factors in distributed
business, corporate and software development. So in some
operational objectives, also
papers defined the tools and models
those risks linked to working in
and tell us how we can avoid or
partnership.
Related work:- reduce risk in distributed software
development.
Some authors explained the different
steps how we can reduce the risk in Boehm and turner [13] in 2003
software. These steps are explained the five steps risk driven
communication, identify, assets, plan method for balancing and agile
and implement. Haneen hijazi, Thair and plan-driven methods.
khdour and abdulsalam Alarabeyyat Software risk management
in 2012 reviewed the SDLC models process:-
(e.g. waterfall, v-model, incremental,
spiral and agile) that are used to There are many software models
develop software and control risk to available for risk management.
management in each of these The model recommended in this
models. He analysis all the models in section was developed by the
different ways and then find out the software engineering institute
risk sources in each of these models. (SEI) [15] and is shown in figure.
If we are design good software and
chose model of which we can
develop then we avoid these risk
sources. In this way we can develop
successful software and manage risk.
In distributed software we also
managed risk in different ways. We
analyzed different tools and models
that are used to control risk in
distributed software. In some papers
explained the challenges in
distributed software development.

Software risk management paradigm
Identify:-
Before risks can be managed its
must be identified before
adversely affecting the project
[15]. There are several software
process risks. These risks are
generic risk ,product risk and
project risk.
Generis risks are potential threats
in every software project [13].
Some examples of generic risks
are changing requirements, losing
key personnel, or bankruptcy of
Software Company or of the
customer [13]. The organizations
are keeping checklist about these
types of risks. Teams can then
assess the extent to which these
risks are a factor for their project
based upon the sets of
programmers, managers,
customers and policies [13].
Product specifics risks can only be
identified by those with a clear
understanding of the technology,
the people and the environmental
of the specific product [13].
Generic and product specific risks
can be further divided into
project, product and business risks
[13]. The project risks are those
that affect the project schedule
and resources. The product risks
are those that affect the quality
and performance of the software.
The business risks are those that
threaten viability of the software.
There are some specific factors to
consider when examining project,
product and business risks [13].
These factors are [13]:-
 People risks:-
 Size risks:-
 Process risks:-
 Tools risks:-
 Technology risks:-
  Organizational and
managerial risks:-
 Customers risks:-
 Estimation risks:- Track:-
 Sales and supports risks:-
Track consists of monitoring the
 Meeting
status of the risks and the actions
 Checklists
taken against risks to mitigate them
 Comparison with past [15]. Risk mitigate actions are come
projects:- into the associated cost [13].
 Decomposition:-
Control:-
Analyze:-
Risk control relies on the project
Analysis is the conversion of risk data management processes to control
into risk decision-making information risk action plan, corrects for variation
[15, 13]. It includes reviewing, for plan, response to triggering the
prioritizing, and selecting the most events, and improve risk
critical risks to address [15]. Software management processes [15].
risk evaluation team analyzes the risk
in terms of cost, schedule, quality and Communication:-
performance of the software [15]. On-going and effective
Plan:- communication between
management, the developer team,
Planning turns risk information into marketing, and customers
decisions and actions for both the representatives about project risks is
present and future [15]. Planning essential for effective risk
involves the developing actions to management [13]. This
address individual risks, prioritizing communication enables the sharing
risk actions and creating a risk of all information and is the
management plan [15]. The key to cornerstone of effective risk
risk action planning is to consider the management [13]. Without effective
future consequence of a decision communication, no risk management
made today [15]. approach can be viable [15].it is an
integral part of all the other risk main aim of this is cost and resource
management activities [15]. optimization [2].

Risk management in DSD:- More than a decade ago, seeking

lower costs and access to skilled
The globalization of the world during
resources, many organizations
the last two decades has created
began to experiment with
changes in the software industry as
remotely located software
the development and maintenance
development facilities (DSD).
of software shifts from being single
Several factors have contributed
site to different geographically
to build this scenario. [5]
locations across the globe [2]. This
type of development is called  The business market
“global”, “distributed” or “multi-site” proximity advantages,
software development. Why the including knowledge of
distributed become more and more customers and local
popular. conditions;
 Pressure to improve time-to-
There are several compelling business market by using time zone
reasons supporting the adoption of differences in “round-the-
distributed software development: 1) clock” development;
ability to extend work beyond the  The need to have a global
regular office hours at a single site, 2) resource pool too
software development costs at successfully and cost
offshore centers, like in India, are as competitively have resources,
much as four times less expensive, 3) wherever located.
the capabilities of workforce in This way of development helps us in
remote centers located in emerging low cost and effective development.
economies have improved As the project advances, risks can
significantly in the recent years , 4) be identified either during
advances in information and scheduled project activities or
communication technology have informally, e.g. when people talk to
facilitated easier collaboration each other at lunchtime, travel or
between remote workforce [20]. The during their leisure time [7].
The importance of risk
management has been well
recognized by the project
management community. In risk
management is listed among nine
key knowledge areas related to
project management. In relation to
software project risks, much work
has been done at Software
Engineering Institute (SEI) .[7]
Software projects are exposed to
various risks and risk management
in such projects is still inadequate as
is shown by the percentage of
failed, delayed or too expensive
projects [7].
There are many challenges in
distributed software development.
 Lack of trust [1],[3],[6],[7]
 Coordination [3],[9],[8]
 Asymmetry in Processes,
Policies, and Standards [3]
 Physical Distance [3],[8],[5]
 Difference knowledge levels or
knowledge transfer[3]
 Languages Barriers [8],[3],[6]
 Task Allocation [8],[3],[5]
 Scope and Change
Management[3]
Task distributed:-
 Differences in Technologies
Used[3]
 Creating team spirit[3],[5]
 Quality [3],[5]
 Different Stakeholders [8],[3],
[9]
 Difference Government, Laws,
Rules and Regulations [3]
 Risk Management [5],[3],[8]
 Application of an Iterative Agile
Process
 Security issues[1]
Critical risk factors in DSD:-
We synthesize the risks and we
identified eight risk areas [8]:
 Task distribution [8],[3],[5],[9]
 knowledge management [8],
[3],[5],[9]
 Geographical distribution [5],
[8],[6],[3],[9]
 Collaboration structure [1],[3],
[6] [8],[7],[9]
 Cultural distribution [3],[6],[7],
[10],[21]
 Stakeholder relations [3],[6],
[7], [5],[9], [21]
 Communication infrastructure,
and Technology setup [3],[6],
[7], [5],[9], [21]
The task distributed is a possible risk
in distributed software development,
but for slightly different reasons.
When the overall project task is
divided and distributed across several
sites, task uncertainty emerges,
because participants may lack
information about the t ask, its
purpose , and their own contribution
to the overall task [9,2].
Knowledge Management:-
Knowledge management refers to
how projects create, capture, and
integrate knowledge about the
project task, including goals,
problems, possible solutions, and
approaches [9]. When GDSP
participants lack face-to-face
interaction knowledge creation is
limited within the organization
[9].Developers need to have as much
information as possible at their
disposal, and to know the full status
of the project and its past history,
which will in turn allow them to
create realistic assumptions about
the project [2].
Geographical distribution:-
Distribution of activities in a GDSP
occurs along three dimensions:
space, time, and goals [9]. Spatial
distribution complicates the project
manager’s ability to monitor
participants and progress, increases
travel budgets, limits face-to-face
interaction, and weakens social
relations [9].Temporal distribution
increases the complexity of planning
and coordination activities, makes
multisite virtual meetings hard to
plan, causes unproductive waits,
delays feedback, and complicates
simple things like time referencing
and time settings [9,2].
Collaboration Structure:-
Collaboration is a relatively broad
area that covers risks arising when
collaboration structures do not fit the
distributed context. Collaboration
capability describes the project
participants’ understanding and
appreciation of differences in
competencies and their ability to
effectively use technology to gather
and share information across
geographical and functional distances
[9].
Cultural distance:-
Distance in Distributed Software
Development affects a number of
things like culture and time zone etc.
A number of cultural risks may arise
since participants do not necessarily
share the same language, traditions,
or organizational culture [2]. To
manage risks related to culture and
distance, Use workflow management
and online tools by establishing open
communication across multiple
channels and having periodic
workshops with teams and applying
online team-building if visits are not
feasible [2].
Stakeholder Relations:-
When projects are distributed, it
naturally becomes difficult to obtain
the same level of stakeholder
integration as you would expect in a
collocated organization [9]. Lack of
frequent face- to-face interaction
may impair relationship building,
since relations are built through
communication between project
stakeholders [9].
Communication:-
Almost every problem arising in
GDSPs is related to the fact that
communication is no longer a simple
task when participants are
distributed and appropriate
supporting infrastructures are
therefore needed. Personal
communication is often impeded by
absence of informal communication
and lack of face-to-face interaction
[9]. Software Development relies
heavily on quick information flows
and going global, adds new factors to
development, such as distance in
culture, time and space. Due to these
factors, Distributed Software
Development is facing a variety of
challenges such as communication
[2].
Technology Setup:-
Networks that connect globally
distributed sites are often slow and
unstable and even minor delays can
ruin the low of communication [9].
Network capability is therefore an
important challenge in GDSPs, and
selection of appropriate information
and communication technology is
crucial for project success [9].
There is a wide range of kinds of
technology that can assist in
geographically distributed work, and
if the team members have very
limited experience it can constrain
the tools that might be used. Does
the organization have a good system
of technical support that can be
called upon as needed? Technical
resources such as hardware are only
available certain location [13].