JSEA  Vol.4 No.5 , May 2011
Software Development Project Risk Management: A New Conceptual Framework
The frequently observed positive impact of adopting risk management strategies on projects’ overall outcome has led many software development organizations to appreciate its significant role in the pursuit of cost reduction, schedule overruns decrease and, generally, improved performance. In line with this issue, this study investigates a wide range of relevant literature, proposes a new conceptual framework for managing risk in software development projects, introduces new conceptual factors, brings out their interrelation, and suggests new prospects and managerial implications for both practitioners and academics. The conceptual framework has two basic axes. Firstly, the determination of the impact of constructs such as Project Characteristics, Project Risk Management Team, Risk Identification Approaches, and Project Quality on the level of Project Risk. The majority of the items used to measure these constructs are proposed for the first time in the literature. Additionally, the assessment of the impact of Project Risk (and all of the dimensions that compose it), simultaneously with the estimation of the impact of the Residual Performance Risk on the final subjective and objective Project Performance could provide project managers with a better picture of the effectiveness and adequacy of their risk management practices.

Cite this paper
nullL. Sarigiannidis and P. Chatzoglou, "Software Development Project Risk Management: A New Conceptual Framework," Journal of Software Engineering and Applications, Vol. 4 No. 5, 2011, pp. 293-305. doi: 10.4236/jsea.2011.45032.
[1]   J. H. Iversen, L. Mathiassen and P. A. Nielsen, “Managing Risk in Software Process Improvement: An Action Research Approach,” MIS Quarterly, Vol. 28, No. 3, 2004, pp. 395-433.

[2]   W. W. Gibbs, “Softwares Chronic Crisis,” Scientific American, Vol. 271, No. 3, 1994, pp. 86-95. doi:10.1038/scientificamerican0994-86

[3]   R. Glass, “Software Runaways—Some Surprising Findings,” The DATABASE for Advances in Information Systems, Vol. 28, No. 3, 1997, pp. 16-19.

[4]   J. Johnson, “My Life is Failure: 100 Things You Should Know to Be a Successful Project Leader,” Standish Group International, West Yarmouth, 2006.

[5]   C. Jones, “Assessment and Control of Software Risks,” Yourdon Press, Englewood Cliffs, 1994.

[6]   C. Jones, “Risks of Software System Failure or Disaster,” American Programmer, Vol. 8, No. 3, 1995, pp. 2-9.

[7]   G. Klein and J. J. Jiang, “Seeking Consonance in Information Systems,” Journal of Systems and Software, Vol. 56, No. 2, 2001, pp. 195-202. doi:10.1016/S0164-1212(00)00097-2

[8]   K. Lyytinen and R. Hirschheim, “Information Systems Failures—A Survey and Classification of the Empirical Literature,” Oxford Surveys in Information Technology, Vol. 4, No. 1, 1987, pp. 257-309.

[9]   J. McManus, “Risk Management in Software Development Projects,” Elsevier Butterworth-Heinemann, Am- sterdam, 2004.

[10]   J. Ropponen and K. Lyytinen, “Can Software Risk Management Improve System Development: An Exploratory Study,” European Journal of Information Systems, Vol. 6, No. 1, 1997, pp. 41-50. doi:10.1057/palgrave.ejis.3000253

[11]   D. Shafer, “Software Risk: Why Must We Keep Learning from Experience?” Dynamic Positioning Conference, Houston, 28- 30 September 2004, pp. 1-19.

[12]   Y. H. Kwak and C. W. Ibbs, “Calculating Project Managements Return on Investment,” Project Management Journal, Vol. 31, No. 2, 2000, pp. 38-47.

[13]   K. M. Adams and C. A. Pinto, “Software Development Project Risk Management: A Literature Review,” Pro- ceedings of the 26th National Conference, Organizational Transformation: Opportunities and Challenges, American Society for Engineering Management, Rolla, October 2005, pp. 635-641.

[14]   F. M. Dedolph, “The Neglected Management Activity: Software Risk Management,” Bell Labs Technical Jour- nal, Vol. 8, No. 3, 2003, pp. 91-95. doi:10.1002/bltj.10077

[15]   J. Kontio, G. Getto and D. Landes, “Experiences in Im- proving Risk Management Processes Using the Concepts of the Riskit Method,” Proceedings of the ACM SIGSOFT 6th International Symposium on Foundations of Software Engineering, ACM Press, New York, November 1998, pp. 163-174.

[16]   B. W. Boehm, “Software Risk Management,” IEEE Press, Piscataway, 1989.

[17]   B. W. Boehm, “Software Risk Management: Principles and Practices,” IEEE Software, Vol. 8, No. 1, 1991, pp. 32-41. doi:10.1109/52.62930

[18]   R. N. Charette, “Software Engineering Risk Analysis and Management,” Intertext Publications, New York, 1989.

[19]   R. N. Charette, “Applications Strategies for Risk Analysis,” McGraw-Hill, New York, 1990.

[20]   M. J. Carr, S. L. Konda, I. Monarch, F. C. Ulrich and C. F. Walker, “Taxonomy-Based Risk Identification,” SEI Re- port CMU/SEI-93-TR-6, Carnegie Mellon University, Pittsburgh PA, 1993.

[21]   A. J. Dorofee, J. A. Walker, C. J. Alberts, R. P. Higuera, R. L. Murphy and R. C. Williams, “Continuous Risk Management Guidebook,” Carnegie Mellon University, Pittsburgh, 1996.

[22]   R. P. Higuera, D. P. Gluch, A. J. Dorofee, R. L. Murphy, J. A. Walker and R. C. Williams, “An Introduction to Team Risk Management,” SEI Report CMU/SEI-94-SR-01, Carnegie Mellon University, Pittsburgh, 1994.

[23]   R. P. Higuera and Y. Y. Haimes, “Software Risk Mana- gement,” SEI Report CMU/SEI-96-TR-012, Carnegie Mellon University, Pittsburgh PA, 1996.

[24]   F. J. Sisti and S. Joseph, “Software Risk Evaluation Method,” SEI Report CMU/SEI-94-TR-19, Carnegie Mellon University, Pittsburgh PA, 1994.

[25]   R. L. van Scoy, “Software Development Risk: Opportunity, Not Problem,” SEI Report CMU/SEI-92-TR-30, Carnegie Mellon University, Pittsburgh PA, 1992.

[26]   F. Schoenthaler, “Risk Management in Challenging Business Software Projects,” Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering, Essen, Germany, 9-13 September 2002, pp. 1-3.

[27]   P. Kulik and K. Weber, “Software Risk Management Practices—2001,” KLCI Research Group, Dayton, 2001.

[28]   S. Ward, “Assessing and Managing Important Risks,” International Journal of Project Management, Vol. 17, No. 6, 1999, pp. 331-336. doi:10.1016/S0263-7863(98)00051-9

[29]   K. Wiegers, “Know Your Enemy: Software Risk Management,” Software Development, Vol. 6, No. 10, 1998, pp. 38-42.

[30]   J. Ropponen, “Software Risk Management—Foundations, Principles and Empirical Findings,” Jyvaskyla University Printing House, Jyvaskyla, 1999.

[31]   S. Murthi, “Preventive Risk Management for Software Projects,” IT Professional, Vol. 4, No. 5, 2002, pp. 9-15. doi:10.1109/MITP.2002.1041172

[32]   L. Wallace, M. Keil and A. Rai, “Understanding Software Project Risk: A Cluster Analysis,” Journal of Information and Management, Vol. 42, No. 1, 2004, pp. 115-125.

[33]   R. Hirschheim and M. Lacity, “The Myths and Realities of Information Technology Insourcing,” Communications of the ACM, Vol. 43, No. 2, 2000, pp. 99-107. doi:10.1145/328236.328112

[34]   P. D. Chatzoglou and L. Sarigiannidis, “Business Outsourcing and Organisational Performance: The Case of the Greek Hotel Industry,” International Journal of Services Technology and Management, Vol. 11, No. 2, 2009, pp. 105-127. doi:10.1504/IJSTM.2009.022520

[35]   R. T. Nakatsu and C. L. Iacovou, “A Comparative Study of Important Risk Factors Involved in Offshore and Domestic Outsourcing of Software Development Projects: A Two-Panel Delphi Study,” Information and Management, Vol. 46, No. 12, 2009, pp. 57-68. doi:10.1016/j.im.2008.11.005

[36]   K. S. Na, J. T. Simpson, X. Li, T. Singh and K. Y. Kim, “Software Development Risk and Project Performance Measurement: Evidence in Korea,” The Journal of Systems and Software, Vol. 80, No. 1, 2007, pp. 596-605. doi:10.1016/j.jss.2006.06.018

[37]   E. Clemons, “Evaluation of Strategic Investments in Information Technology,” Communications of the ACM, Vol. 34, No. 1, 1991, pp. 22-36. doi:10.1145/99977.99985

[38]   A. M. Aladwani, “IT Project Uncertainty, Planning and Success: An Empirical Investigation from Kuwait,” In- formation Technology and People, Vol. 15, No. 3, 2002, pp. 210-226.

[39]   M. A. Campion, G. J. Medsker and A. C. Higgs, “Relations between Work Group Characteristics and Effectiveness: Implications for Designing Effective Work Groups,” Personnel Psychology, Vol. 46, No. 4, 1993, pp. 823-850. doi:10.1111/j.1744-6570.1993.tb01571.x

[40]   D. Houston, G. Mackulak and J. Collofello, “Stochastic Simulation of Risk Factor Potential Effects for Software Development Risk Management,” Journal of Systems and Software, Vol. 59, No. 3, 2001, pp. 247-257. doi:10.1016/S0164-1212(01)00066-8

[41]   C. Jones, “Software Assessments, Benchmarks, and Best Practices,” Addison-Wesley, Boston MA, 2000.

[42]   D. Gotterbarn and S. Rogerson, “Responsible Risk Analysis for Software Development: Creating the Soft- ware Development Impact Statement,” Communications of the Association for Information Systems, Vol. 15, 2005, pp. 730-750.

[43]   H. Barki, S. Rivard and J. Talbot, “Toward an Assessment of Software Development Risk,” Journal of Man- agement Information Systems, Vol. 10, No. 2, 1993, pp. 203-225.

[44]   M. Boban, Z. Pozgaj and H. Seric, “Strategies for Successful Software Development Risk Management,” Management, Vol. 8, 2003, pp. 77-91.

[45]   F. W. McFarlan, “Portfolio Approach to Information Systems,” Harvard Business Review, Vol. 59, No. 5, 1981, pp. 142-150.

[46]   S. J. Huang and W. M. Han, “Exploring the Relationship between Software Project Duration and Risk Exposure: A Cluster Analysis,” Journal of Information and Management, Vol. 45, No. 3, 2008, pp. 175-182.

[47]   B. Hughes and M. Cotterell, “Software Project Management,” 4th Edition, McGraw-Hill, New York, 2006.

[48]   L. Wallace, M. Keil and A. Rai, “How Software Project Risk Affects Project Performance: An Investigation of the Dimensions of Risk and an Exploratory Model,” Decision Sciences, Vol. 35, No. 2, 2004, pp. 289-321. doi:10.1111/j.00117315.2004.02059.x

[49]   F. J. Heemstra and R. J. Kusters, “Dealing with Risk: A Practical Approach,” Journal of Information Technology, Vol. 11, No. 4, 1996, pp. 333-346. doi:10.1057/jit.1996.7

[50]   T. Moynihan, “How Experienced Project Managers Assess Risk,” IEEE Software, Vol. 14, No. 3, 1997, pp. 35-41. doi:10.1109/52.589229

[51]   J. Ropponen and K. Lyytinen, “Components of Software Development Risk: How to Address Them? A Project Manager Survey,” IEEE Transactions on Software Engineering, Vol. 26, No. 2, 2000, pp. 98-112. doi:10.1109/32.841112

[52]   T. A. Longstaff, C. Chittister, R. Pethia and Y. Y. Haimes, “Are We Forgetting the Risks of Information Technology?” IEEE Computer, Vol. 33, No. 12, 2000, pp. 43-51.

[53]   D. Houston, “A Software Project Simulation Model for Risk Management,” Ph.D. Thesis, Arizona State Uni- versity, Tempe AZ, 2000.

[54]   P. Cule, R. Schmidt, K. Lyytinen and M. Keil, “Strategies for Heading off Project Failure,” Information Systems Management, Vol. 17, No. 2, 2000, pp. 65-73. doi:10.1201/1078/43191.17.2.20000301/31229.8

[55]   M. Sumner, “Risk Factors in Enterprise Wide/ERP Projects,” Journal of Information Technology, Vol. 15, No. 4, 2000, pp. 317-327. doi:10.1080/02683960010009079

[56]   R. Kliem, “Risk Management for Business Process Reen Gineering Projects,” Information Systems Management, Vol. 17, No. 4, 2001, pp. 71-73.

[57]   R. Schmidt, K. Lyytinen, M. Keil and P. Cule, “Identifying Software Project Risks: An International Delphi Study,” Journal of Management Information Systems, Vol. 17, No. 4, 2001, pp. 5-36.

[58]   T. Addison, “E-Commerce Project Development Risks: Evidence from a Delphi Survey,” International Journal of Information Management, Vol. 23, No. 1, 2003, pp. 25-40. doi:10.1016/S0268-4012(02)00066-X

[59]   W. M. Han and S. J. Huang, “An Empirical Analysis of Risk Components and Performance on Software Projects,” The Journal of Systems and Software, Vol. 80, No. 1, 2007, pp. 42-50. doi:10.1016/j.jss.2006.04.030

[60]   J. Jiang and G. Klein, “Risks to Different Aspects of Sys- Tem Success,” Information and Management, Vol. 36, No. 5, 1999, pp. 264-272. doi:10.1016/S0378-7206(99)00024-5

[61]   S. Sakhtevil, “Managing Risks in Offshore Systems Development,” Communications, Vol. 50, No. 4, 2007, pp. 69-75.

[62]   B. Curtis, S. Ward and C. Chapman, “Roles, Responsibilities and Risks in Management Contracting,” Construction Industry Research and Information Association (CIRIA) Special Publication 81, 1991.

[63]   O. Mizuno, T. Kikuno, Y. Takagi and K. Sakamoto, “Characterization of Risky Projects Based on Project Managers Evaluation,” Proceedings of the 22nd Inter- National Conference on Software Engineering, Limerick, 4-11 June 2000, pp. 387-395.

[64]   C. F. Kemerer and G. L. Sosa, “Systems Development Risks in Strategic Information Systems,” Information and Software Technology, Vol. 33, No. 3, 1991, pp. 212-223. doi:10.1016/0950-5849(91)90136-Y

[65]   S. R. Nidumolu, “The Effect of Coordination and Uncertainty on Software Project Performance: Residual Performance Risk as an Intervening Variable,” Information Systems Research, Vol. 6, No. 3, 1995, pp. 191-219. doi:10.1287/isre.6.3.191

[66]   S. P. Keider, “Why Systems Development Projects Fail,” Journal of Information Systems Management, Vol. 1, No. 3, 1984, pp. 33-38. doi:10.1080/07399019408963043

[67]   T. K. Abdel-Hamid, “A Study of Staff Turnover, Acquisition, and Assimilation and Their Impact on Software Development Cost and Schedule,” Journal of Management Information Systems, Vol. 6, No. 1, 1989, pp. 21-39.

[68]   F. P. Brooks, “No Silver Bullet: Essence and Accidents of Software Engineering,” Computer, Vol. 22, No. 4, 1987, pp. 10-19. doi:10.1109/MC.1987.1663532

[69]   J. J. Jiang, G. Klein and T. Means, “Project Risk Impact on Software Development Team Performance,” Project Management Journal, Vol. 31, No. 4, 2000, pp. 19-26.

[70]   S. L. Jarvenpaa and B. Ives, “Executive Involvement and Participation in the Management of Information Technology,” MIS Quarterly, Vol. 15, No. 2, 1991, pp. 205-277. doi:10.2307/249382

[71]   D. F. Cooper, S. Grey, G. Raymond and P. Walker, “Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements,” John Wiley and Sons Ltd., Chichester, 2005.

[72]   H. Barki, S. Rivard and J. Talbot, “An Integrative Contingency Model of Software Project Risk Management,” Journal of Management Information Systems, Vol. 17, No. 4, 2001, pp. 37-69.

[73]   K. Padayachee, “An Interpretive Study of Software Risk Management Perspectives,” Proceedings of the 2002 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology, Bela Bela, 2002, pp. 118-127.

[74]   S. L. Pfleeger, “Risky Business: What We Have Yet to Learn about Software Risk Management,” Journal of Systems and Software, Vol. 53, No. 3, 2000, pp. 265-273. doi:10.1016/S0164-1212(00)00017-0

[75]   B. Rockenbach, A. Sadrieh and B. Mathauschek, “Teams Take the Better Risks,” Journal of Economic Behavior and Organization, Vol. 63, No. 3, 2007, pp. 412-422. doi:10.1016/j.jebo.2005.04.023

[76]   L. Labuschagne, “Project Risk Management Roles and Responsibilities,” 2010. http://www.zulanas.lt/images/adm_source/docs/2_full%20paperENG.pdf

[77]   T. R. Peltier, “Risk Analysis and Risk Management,” Information Systems Security, Vol. 13, No. 4, 2004, pp. 44-56. doi:10.1201/1086/44640.13.4.20040901/83732.7

[78]   S. Ward, “Requirements for an Effective Project Risk Management Process,” Project Management Journal, Vol. 30, No. 3, 1999, pp. 37-43.

[79]   B. W. Boehm and R. Ross, “Theory-W Software Project Management: Principles and Examples,” IEEE Transactions on Software Engineering, Vol. 15, No. 7, 1989, pp. 902-916. doi:10.1109/32.29489

[80]   T. R. Hinkin, “A Review of Scale Development Practices in the Study of Organization”, Journal of Management, Vol. 21, No. 5, 1995, pp. 967-988. doi:10.1177/014920639502100509

[81]   S. R. Nidumolu, “Standardization, Requirements Uncertainty and Software Project Performance,” Information and Management, Vol. 31, No. 3, 1996, pp. 135-150. doi:10.1016/S0378-7206(96)01073-7

[82]   A. Meyer, C. Loch and M. Pich, “Managing Project Uncertainty: From Variation to Chaos,” Sloan Management Review, Vol. 43, No. 2, 2002, pp. 60-67.

[83]   K. S. Na, X. Li, J. T. Simpson and K. Y. Kim, “Uncertainty Profile and Software Project Performance: A Cross-National Comparison,” The Journal of Systems and Software, Vol. 70, No. 1-2, 2004, pp. 155-163. doi:10.1016/S0164-1212(03)00014-1

[84]   T. Singh, “Software Development Risk Management in Information Technology Developing Countries: An Assessment on Subjective and Objective Performance,” Thesis, University of Alabama in Huntsville, Huntsville, 2005.

[85]   C. Wohlin, A. V. Mayrhauser, M. Host and B. Regnell, “Subjective Evaluation as a Tool for Learning from Software Project Success,” Information and Software Technology, Vol. 42, No. 1, 2000, pp. 983-992. doi:10.1016/S0950-5849(00)00150-6

[86]   A. Rai and H. Al-Hindi, “The Effects of Development Process Modelling and Task Uncertainty on Development Quality Performance,” Information and Management, Vol. 37, No. 6, 2000, pp. 335-346. doi:10.1016/S0378-7206(00)00047-1

[87]   J. Miller and B. A. Doyle, “Measuring the Effectiveness of Computer-Based Information Systems in the Financial Services Sector,” MIS Quarterly, Vol. 11, No. 1, 1987, pp. 107-124. doi:10.2307/248832

[88]   L. C. Briand, K. E. Emam and F. Bomarius, “COBRA: A Hybrid Method for Software Cost Estimation, Bench- Marking, and Risk Assessment,” Proceedings IEEE International Conference on Software Engineering, Kyoto, 19-25 April, 1998, pp. 390-399.

[89]   A. R. Gray, S. G. MacDonell and M. J. Shepperd, “Factors Systematically Associated with Errors in Subjective Estimates of Software Development Effort: The Stability of Expert Judgement,” 6th IEEE International Symposium on Software Metrics, Boca Raton, 4-6 November, 1999, pp. 216-227.

[90]   J. Herbsleb, D. Zubrow, D. Goldenson, W. Hayes and M. Paulk, “Software Quality and the Capability Maturity Model,” Communications of the ACM, Vol. 40, No. 6, 1997, pp. 30-40. doi:10.1145/255656.255692

[91]   M. Ould, “Managing Software Quality and Business Risk,” Wiley, Chichester, 1999.

[92]   N. Fenton, W. Marsh, M. Neil, P. Cates, S. Forey and M. Tailor, “Making Resource Decisions for Software Projects,” Proceedings of the 26th International Conference on Software Engineering, Edinburgh, 23-28 May 2004, pp. 397-406. doi:10.1109/ICSE.2004.1317462

[93]   N. Fenton, M. Neil, W. Marsh, P. Hearty, L. Radliński and P. Krause, “On the Effectiveness of Early Life Cycle Defect Prediction with Bayesian Nets,” Empirical Software Engineering, Vol. 13, No. 5, 2008, pp. 499-537. doi:10.1007/s10664-008-9072-x

[94]   G. Hoffman, “Integrating PSP and CMMI Level 5,” STC Proceedings, 2003. http://www.stc-online.org/stc2003proceedings/PDFFiles/ pres1001.pdf

[95]   AgenaRisk, “Software Project Risk Model Manual. Bayesian Network and Simulation Software for Risk Analysis and Decision Support-AgenaRisk (Version 2.00),” 2005. http://www.agenarisk.com/

[96]   G. H. Subramanian, J. J. Jiang and G. Klein, “Software Quality and IS Project Performance Improvements from Software Development Process Maturity and IS Implementation Strategies,” Journal of Systems and Software, Vol. 80, No. 4, 2007, pp. 616-627. doi:10.1016/j.jss.2006.06.014

[97]   M. Keil, L. Wallace, D. Turk, G. Dixon-Randall and U. Nulden, “An Investigation of Risk Perception and Risk Propensity on the Decision to Continue a Software Development Project,” The Journal of Systems and Software, Vol. 53, No. 2, 2000, pp. 145-157. doi:10.1016/S0164-1212(00)00010-8

[98]   P. J. Guinan, J. G. Cooprider and S. Faraj, “Enabling Software Development Team Performance during Requirements Definition: A Behavioral Versus Technical Approach,” Information Systems Research, Vol. 9, No. 2, 1998, pp. 101-125. doi:10.1287/isre.9.2.101

[99]   J. J. Jiang, G. Klein, S. P. J. Wu and T. P. Liang, “The Relation of Requirements Uncertainty and Stakeholder Perception Gaps to Project Management Performance,” The Journal of Systems and Software, Vol. 82, No. 5, 2009, pp. 801-808. doi:10.1016/j.jss.2008.11.833

[100]   J. J. Jiang and G. Klein, “Software Development Risks to Project Effectiveness,” The Journal of Systems and Software, Vol. 52, No. 1, 2000, pp. 3-10. doi:10.1016/S0164-1212(99)00128-4

[101]   R. W. Zmud, “Management of Large Software Development Efforts,” MIS Quarterly, Vol. 4, No. 2, 1980, pp. 45-55. doi:10.2307/249336