The doctoral dissertations of the former Helsinki University of Technology (TKK) and Aalto University Schools of Technology (CHEM, ELEC, ENG, SCI) published in electronic format are available in the electronic publications archive of Aalto University - Aaltodoc.
|
|
|
Software Engineering Risk Management: A Method, Improvement Framework, and Empirical Evaluation
Jyrki Kontio
Dissertation for the degree of Doctor of Science in Technology to be presented with due permission for public examination and criticism in the Auditorium T2, Computer Science Building, Konemiehentie 2 at the Helsinki University of Technology on the 28th of September, 2001, at 12 o'clock noon.
Dissertation in PDF format (ISBN 951-22-5655-X) [3929 KB]
Errata (in PDF)
Dissertation is also available in print (ISBN 952-5136-22-1)
Abstract
This dissertation presents a method for software risk management, its improvement framework, and results from its empirical evaluations. More specifically, our objectives were:
- Develop a comprehensive, theoretically sound, and practical method for software engineering risk management.
- Develop a framework and supporting software tools for the continuous improvement of software engineering risk management and for improving knowledge about risks.
- Evaluate the method in practice to provide information on its feasibility, effectiveness, advantages and disadvantages, and to improve it.
Although risk management has been considered an important issue in software development and significant contributions to risk management have been made over the past decade, risk management is rarely actively and explicitly applied in practice. Furthermore, most risk management approaches in software engineering use simplistic approaches and fail to account for the biases common in risk perception.
We have developed a method, called Riskit, that complements existing risk management approaches by supporting qualitative and structured analysis of risks through a graphical modeling formalism. The method supports multiple stakeholder views to risks by considering their potential utility losses. The Riskit method is comprehensive, i.e., it supports all aspects of risk analysis and risk management planning in a software development project. We propose that our method has a sound theoretical foundation, avoids common biases in risk evaluations, and results in a more thorough understanding of the risks than traditional approaches.
Associated with the method, we have also developed a risk management improvement framework that supports continuous, systematic improvement of the risk management process. The improvement framework is based on the Quality Improvement Paradigm, and is supported by the eRiskit application. The eRiskit application supports the management of risks while simultaneously acting as a risk management repository that captures risk management data for improvement purposes. The eRiskit application also acted as a proof of concept for the correctness of the underlying concepts in the Riskit method.
We have validated the feasibility and effectiveness of the Riskit method in a series of empirical studies. The empirical studies were designed to provide characterization information and feedback on the method, as well as to act as initial validation of the method. The empirical evaluations showed that the method is feasible in industrial context and it seemed to improve participants' confidence in risk management results. In addition, our research indicates that industry needs sound, systematic, yet cost effective methods for risk management, a common and customized approach to improve communications within an organization, and support and enforcement of the common approach.
Keywords: risk management, project management, process improvement, software management, experience factory, quality improvement
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
© 2001 Helsinki University of Technology
Last update 2011-05-26