Risk Management Software

The hierarchy of Software Risk Management (SRM) methodologies discussed in this paper addresses two classes of functions: software acquisition and software development. The basic methodological framework with which functions are managed is composed of the Software Acquisition-Capability Maturity Model (SA-CMMSM) and the Software Capability Maturity Model (SW-CMMSM) and their supporting practices and constructs. This framework for software risk management is supported by three groups of practices:
1. Software Risk Evaluation (SRE)
2. Continuous Risk Management (CRM)
3. Team Risk Management (TRM)
These practices are based on three basic constructs for software risk management developed at the Software Engineering Institute (SEI): Risk Management Paradigm, Risk Taxonomy, Risk Clinic, and Risk Management Guidebooks. The three constructs and three practices will be discussed in subsequent sections. 
The complexity of software risk management cannot be understood nor appropriately addressed from the above methodological context alone. To capture the multifarious aspects of this complexity, we make use of hierarchical holographic modeling, where we consider two additional
visions or dimensions: the temporal and human dimensions. Thus the three dimensions adopted in this paper to represent the holistic vision of software risk management are the temporal dimension, the methodological dimension and the human dimension.
The temporal dimension is decomposed into two sub-visions:
1. Macro vision represents the global perspective of the acquisition life cycle.
2. Micro vision represents the view of the project manager.
The methodological dimension has already been introduced. The human dimension addresses the intellectual dimension of software acquisition—the most critical dimension, since software development is such an intellectual activity. Four aspects are identified here:
1. individual
2. team
3. management
4. stakeholder (including customer and client)
The last section shares the experience gained through the deployment of the above methodologies by SEI teams. Ample literature exists on the process of risk assessment and management. The majority of this literature, however, is devoted to theories and methodologies that have not been subjected to the ultimate test of practice. This paper presents comprehensive theories and processes developed at the SEI at Carnegie Mellon University that have been successfully deployed and tested in the field by numerous clients. (Adhering to confidentiality agreements, the identity of clients will not be revealed.) Authentic statistical information on the use of SEI risk methodologies will be presented and analyzed in the section on the deployment of SEI risk management program.
The goal of SEI Risk Program is to enable engineers, managers, and other decision makers to identify, sufficiently early, the risks associated with software acquisition, development, integration, and deployment so that appropriate management and mitigation strategies can be developed on a timely basis. Time is critical and the goal is to act early before a source of risk evolves into a major crisis. In other words, being mainly reactive in risk mitigation and control rather than proactive in risk prevention and control is at the heart of good risk management.  Furthermore, should the system fail regardless of all risk management efforts, then ensuring the safe failure (e.g., safe shutdown) of the system must be the mandate of the software risk manager. Clearly, the secret to effective risk management is the trade-off of mitigation cost against the potential adverse effects of avoided risk. In this context, the value of the methodologies and tools for software risk management is to buy smarter, manage more effectively and identify opportunities for continuous improvement, use available information and databases more efficiently, improve industry and raise the community’s playing field, and review and evaluate the progress made on risk management.
It is important to note that the developed software risk methodologies have three fundamentally different, albeit complementary, objectives:
1. risk prevention
2. risk mitigation and correction
3. ensuring safe system failure
The following seven risk management principles are instrumental in the quest to achieve these
three objectives [Higuera 94]:

Shared product vision
  • sharing product vision based upon common purpose, shared ownership, and collective commitment
  • focusing on results Teamwork
  • working cooperatively to achieve a common goal
  • pooling talent, skills, and knowledge 
Global perspective
  •  viewing software development within the context of the larger system-level definition, design, and development
  • recognizing both the potential value of opportunity and the potential impact of adverse effects, such as cost overrun, time delay, or failure to meet product specifications
Forward-looking view
  • thinking toward tomorrow, identifying uncertainties, anticipating potential outcomes
  • managing project resources and activities while anticipating uncertainties
Open communication
  • encouraging the free flow of information between all project levels
  • enabling formal, informal, and impromptu communication
  • using consensus-based process that values the individual voice (bringing unique knowledge and insight to identifying and managing risk)
Integrated management
  • making risk management an integral and vital part of project management
  • adapting risk management methods and tools to a project’s infrastructure and culture
Continuous process
  • maintaining constant vigilance
  • identifying and managing risks routinely throughout all phases of the project’s life cycle
References
  1. [AFSC 88] AFSC/AFLC Acquisition Management Software Risk Abatement, Air Force Systems Command and Air Force Logistics Command, Pamphlet 800-45, September 30, 1988.
  2. [Brooks 87] Brooks, Frederick P. “No Silver Bullet,” Computer 20, 4 (April 1987): 10-19.
  3. [Carr 93] Carr, Marvin J.; Konda, Suresh; Monarch, Ira; Ulrich, Carol; & Walker, Clay. Taxonomy-Based Risk Identification (CMU/SEI-93-TR-6, ADA266992). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1993.
  4. [Chittister 93] Chittister, Clyde & Haimes, Yacov Y. “Risk Associated with Software Development: A Holistic Framework for Assessment and Management,” IEEE Transactions on Systems, Man, and Cybernetics 23, 3 (May-June1993): 710-723.
  5. [Chittister 94] Chittister, Clyde & Haimes, Yacov. “Assessment and Management of Software Technical Risk,” IEEE Transactions on Systems, Man, and Cybernetics 24, 2 (February 1994): 187-202.
  6. [Crosby 79]  Crosby, P.B. Quality Is Free. New York: McGraw-Hill, 1979.
  7. [Gluch 94] Gluch, David. A Construct for Describing Software Development Risks (CMU/SEI-94-TR-14). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1994.
  8. [Higuera 94] Higuera, Ronald P.; Dorofee, Audrey J.; Walker, Julie A.; & Williams, Ray C. Team Risk Management: A New Model for Customer-Supplier Relationships (CMU/SEI-94-SR-005, ADA283987). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1994.
  9. [Haimes 81] Haimes, Yacov Y. “Hierarchical Holographic Modeling,” IEEE Transactions on Systems, Man, and Cybernetics 11, 9 (September 1981): 606-617.  1981.
  10. [Haimes 91]  Haimes, Yacov Y. “Total Risk Management,” Risk Analysis 11, 2 (June 1991): 169-171.
  11. [Humphrey 90] Humphrey, Watts S. Managing the Software Process. New York: Addison- Wesely Publishing Company, Inc., 1990.
  12. [Kaplan 81] Kaplan, S. & Garrick, B. J. “On the Quantitative Definition of Risk,” Risk Analysis 1, 1 (March 1981): 11-27.
  13. [Katzenbach 93] Katzenbach, Jon R. & Smith, Douglas K. The Wisdom of Teams. New York: Harper Business, 1993.
  14. [Kirkpatrick 92] Kirkpatrick, Robert J.; Walker, Julie; & Firth, Robert. “Software Development Risk Management: An SEI Appraisal,” Software Engineering Institute Technical Review ‘92 (CMU/SEI-92-REV). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1992.
  15. [Lowrance 76] Lowrance, William W. Of Acceptable Risk: Science and the Determination of Safety. Los Altos, Ca: William Kaufmann, 1976.
  16. [Sisti 94] Sisti, Francis J. & Joseph, Sujoe. Software Risk Evaluation Method CMU/SEI-94-TR-19). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1994.
  17. [Van Scoy 92] Van Scoy, Roger L. Software Development Risk: Opportunity, Not Problem (CMU/SEI-92-TR-30, ADA 258743). Pittsburgh, Pa.: Software Engineering Institute, Carnegie Mellon University, 1992.
  18. [House 89] United States House of Representatives Committee on Science, Space, and Technology, Subcommittee on Investigations and Oversight. Bugs in the Program: Problems in the Federal Government Computer Software Development and Regulation. Washington, D.C.: United States Government Printing Office, 1989.


Author:
Ronald P. Higuera
Software Risk Management Program
Software Engineering Institute

Yacov Y. Haimes
Center for Risk Management of Engineering
University of Virgia
at
Labels: , ,
Subscribe to: Posts (Atom)

6 Rekomendasi Penginapan dengan Kolam Renang untuk Staycation Seru!

Cuaca lagi panas-panasnya, atau sekadar ingin kabur sejenak dari rutinitas kantor? Satu hal yang paling dicari saat *booking* penginapan pas...