This Article 
 Bibliographic References 
 Add to: 
Components of Software Development Risk: How to Address Them? A Project Manager Survey
February 2000 (vol. 26 no. 2)
pp. 98-112

Abstract—Software risk management can be defined as an attempt to formalize risk oriented correlates of development success into a readily applicable set of principles and practices. By using a survey instrument we investigate this claim further. The investigation addresses the following questions: 1) What are the components of software development risk? 2) how does risk management mitigate risk components, and 3) what environmental factors if any influence them? Using principal component analysis we identify six software risk components: 1) scheduling and timing risks, 2) functionality risks, 3) subcontracting risks, 4) requirements management, 5) resource usage and performance risks, and 6) personnel management risks. By using one-way ANOVA with multiple comparisons we examine how risk management (or the lack of it) and environmental factors (such as development methods, manager's experience) influence each risk component. The analysis shows that awareness of the importance of risk management and systematic practices to manage risks have an effect on scheduling risks, requirements management risks, and personnel management risks. Environmental contingencies were observed to affect all risk components. This suggests that software risks can be best managed by combining specific risk management considerations with a detailed understanding of the environmental context and with sound managerial practices, such as relying on experienced and well-educated project managers and launching correctly sized projects.

[1] S. Alter and M. Ginzberg, “Managing Uncertainty in MIS Implementation,” Sloan Management Review, pp. 23-31, Fall 1978.
[2] H. Barki, S. Rivard, and J. Talbot, “Toward an Assessment of Software Development Risk,” J. Management Information Systems, vol. 10, no. 2, pp. 203-225, Fall 1993.
[3] V.R. Basili and J.D. Musa, "The Future Engineering of Software: A Management Perspective," Computer, Vol. 24, No. 9, Sept. 1991, pp. 90-96.
[4] C.M. Beath, “Strategies for Managing MIS Projects: A Transaction Cost Approach,” Proc. Fourth Int'l Conf. Information Systems, pp. 133-147, Dec. 1983.
[5] C.M. Beath, “Managing the User Relationship in Information Systems Development Projects: A Transaction Governance Approach,” Proc. Eighth Int'l Conf. Information Systems, pp. 415-427, Dec. 1987.
[6] P. Beynon-Davis, “Information Systems `Failure' and Risk Assesment: The Case of London Ambulance Service Computer Aided Despatch System” Proc. Third European Conf. Information Systems, pp. 1,153-1,170, June 1995.
[7] B.W. Boehm, Software Risk Management, IEEE Comp. Soc. Press, Los Alamitos, Calif., 1989.
[8] B.W. Boehm, "Software Risk Management: Principles and Practices," IEEE Software, vol. 8, no. 1, 1991, pp. 32-41.
[9] B.W. Boehm personal communication, Univ. of Technology, Helsinki, Finland, June 1995.
[10] B. Boehm. and R. Ross, "Theory W Software Project Management: Principles and Examples," IEEE Trans. Software Eng., July 1989, pp. 902-916.
[11] P. Bromiley and S. Curley, “Individual Differences in Risk Taking,” Risk Taking Behavior, J.F. Yates, ed., pp. 87-132, Chichester: Wiley, 1992.
[12] F.P. Brooks, Jr., The Mythical Man-Month: Essays on Software Engineering, Addison Wesley Longman, Reading, Mass., 1975.
[13] R.N. Charette, Software Engineering Risk Analysis and Management, McGraw-Hill, New York, 1989.
[14] L.J. Cronbach, “Coefficient Alpha and the Internal Structure of Tests,” Psychometrika, vol. 16, no. 3, pp. 297-334, 1951.
[15] B. Curtis, H. Krasner, and N. Iscoe, "A Field Study of the Software Design Process for Large Systems," Comm. ACM, vol. 31, no. 11, pp. 1,268-1,287, 1988.
[16] R.P. Cody and J.K. Smith, Applied Statistics and the SAS Programming Language, second ed. Elsevier Science, 1987.
[17] G.B. Davis, “Strategies for Information Requirements Determination,” IBM Systems J., vol. 21, no. 1, pp. 4-30, 1982.
[18] Finnish Information Processing Assoc. “Directory of Individual Business Members of the Organization,” Osto-opas Tietotekniikka 91: ATK-vuosikirja, KustannusosakeyhtiöOtava, Keuruu, Finland, 1991.
[19] M. Van Genuchten, "Why is Software Late? An Empirical Study of Reasons for Delay in Software Development," IEEE Trans. Software Eng., vol. 17, no. 6, pp. 582-590, 1991.
[20] M. Griffith and M. Newman, “Software Development Risk Management, a Special Issue,” J. Information Technology, vol. 12, no. 4, 1996.
[21] W. Haga and M. Zviran, “Information Systems Effectiveness: Research Design for Causal Inference,” Information System J., vol. 4, no. 2, pp. 141-166, 1994.
[22] J. Hair, R. Anderson, R. Tatham, and B. Grablowsky, Multivariate Data Analysis. Tulsa, Okla.: PPC Books, 1979.
[23] W.S. Humphrey, Managing the Software Process, Addison-Wesley, Reading, Mass., 1989.
[24] M. Igbaria, J.H. Greenhaus, and S. Parasuraman, “Career Orientations of MIS Employees: An Empirical Analysis,” MIS Quarterly, vol. 15, no. 2, pp. 151-169, June 1991.
[25] D.W. Karolak, Software Engineering Risk Management. Los Alamitos, Calif.: IEEE CS Press, 1996.
[26] M. Keil, “Pulling the Plug: Software Project Management and the Problem of Project Escalation,” MIS Quarterly, vol. 19, no. 4, pp. 421-447, Dec. 1995.
[27] M. Keil and R. Mixon, “Understanding Runaway IT Projects: Preliminary Results from a Program of Research Based on Escalation Theory,” GSU CIS Working Paper, CIS-93-16, Dept. of Computer Information Systems, College of Business Administration, Georgia State Univ., 1993.
[28] M. Keil, P. Cule, K. Lyytinen, and R. Schmidt, “Against All Odds: A New Framework for Identifying and Managing Software Project Risks,” Comm. ACM, vol. 41, no. 11, pp. 77-83, 1998.
[29] H. Kerzner, “In Search of Excellence in Project Management,” J. Systems Management, vol. 38, no. 2, pp. 30-39, Feb. 1987.
[30] K. Lyytinen, “Different Perspectives on Information Systems: Problems and Their Solutions,” ACM Computing Surveys, vol. 19, no. 1, pp. 5-44, 1987.
[31] K. Lyytinen, “Expectation Failure Concept and Systems Analyst's View of Information System Failures: Results of an Exploratory Study,” Information&Management, vol. 14, no. 1, pp. 45-56, Jan. 1988.
[32] K. Lyytinen and R. Hirschheim, “Information Systems Failures—A Survey and Classification of the Emperical Literature,” Oxford Surveys in Information Technology, vol. 4, pp. 257-309, Oxford Univ. Press, 1987.
[33] K. Lyytinen, L. Mathiassen, and J. Ropponen, “A Framework for Software Risk Management,” J. Information Technology, vol. 11, no. 4, pp. 275-285, 1996.
[34] K. Lyytinen, L. Mathiassen, and J. Ropponen, “Attention Shaping and Software Risk—A Categorical Analysis of Four Classical Approaches,” Information Systems Research, vol. 9, no. 3, pp. 233-255, Sept. 1998.
[35] J. March and Z. Shapira, “Managerial Perspectives on Risk and Risk-Taking,” Management Science, vol. 33, pp. 1,404-1,418, 1987.
[36] L. Markus and M. Keil, “If We Build It, They will Come: Designing Information Systems that Users Want to Use,” Sloan Management Review, pp. 11-25, Summer 1994.
[37] L. Mathiassen, T. Seewaldt, and J. Stage, “Prototyping and Specifying: Principles and Practices of a Mixed Approach,” Scandinavian J. Information Systems, vol. 7, no. 1, pp. 55-72, Apr. 1995.
[38] W. McFarlan, “Portfolio Approach to Information Systems,” J. Systems Management, pp. 12-19, Jan. 1982.
[39] B.S. Neo and S.L. Kwong, “Managing Risks in Information Technology Projects: A Case Study of TradeNet,” J. Information Technology Management, May 1994.
[40] J.C. Nunnally, Psychometric Theory. New York: McGraw-Hill, 1978.
[41] Project Management Inst., “A Guide to the Project Management Body of Knowledge,” PMI Standards Committee, Project Management Institute, Upper Darby, Pa., 1996.
[42] J. Ropponen, “Risk Management in Information System Development,” Technical Report TR-3, Dept. of Computer Science and Information Systems, Univ. of Jyväskylä, Finland., Lic thesis, 1993.
[43] J. Ropponen, “Software Development Risks and Management Practices: A Project Manager Survey,” Beyond The IT Productivity Paradox—Assessment Issues, L. Willcocks, ed., to be published by John Wiley.
[44] J. Ropponen and K. Lyytinen, “Can Software Risk Management Improve System Development: An Exploratory Study,” European J. Information Systems, vol. 6, pp. 41-50, 1997.
[45] R. Schmidt, K. Lyytinen, M. Keil, and P. Cule, “Identifying Software Project Risks—An International Delphi Study,” Hong Kong Univ. of Science and Technology, unpublished working paper, 1998.
[46] D.W. Straub, “Validating Instruments in MIS Research,” MIS Quarterly, pp. 147-165, June 1989.
[47] V. van Swede and J. van Vliet, “Consistent Development: Results of a First Empirical Study on the Relation between Project Scenario and Success,” Proc. Sixth CAiSE Conf., G. Wijers and S. Brinkkemper, eds., 1994.
[48] L. Willcocks and H. Margetts, “Risk Assessment and Information Systems,” European J. Information Systems, vol. 3, no. 2, pp. 127-138, 1994.

Index Terms:
Software risk, risk management, software development, project management, system failures, process improvement.
Janne Ropponen, Kalle Lyytinen, "Components of Software Development Risk: How to Address Them? A Project Manager Survey," IEEE Transactions on Software Engineering, vol. 26, no. 2, pp. 98-112, Feb. 2000, doi:10.1109/32.841112
Usage of this product signifies your acceptance of the Terms of Use.