Essay Instructions: I am doing research in masters degree as a dissertation I have selected topic whish is related to my course , I am studying Information Systems Management, my topic is Risk management in software development projects, I have done most my research, unfortunately I have got an critical situation especially in mine chapter which is findings and discussions, in this chapter I have to discuss tow case studies and interviews, I have done recently the tow case studies which are 1 London Ambulance Service ( LAS) 2 Flight Control System ( FCS), my problem is I couldn’t work with the interviews I have made interviews with ten people who have enough experience in this field and I have collected their answers some of them were by face to face and others was by phone or email
( Skype), I will give a general idea about my research:
Software development projects face various risks throughout the life cycle of the projects. Therefore, it is important for the management to be efficient and effective in identifying and mitigating these risks at various stages if they want to achieve higher success rates. The most important strategy in software development risk management is to reduce and minimize incidences. Thus, the strategy should be comprehensive in mapping all possible problems, measuring the risk magnitudes, prioritizing the identified risks and mitigating them at minimum costs. Over the decades, there have been many cases of expensive software projects flopping due to inappropriate risk management process.
My order is :
I have read some resources in interviews but really I am very confused because I couldn’t understand them very well or let me say I couldn’t know How can I employee them in my research, I will put the below and read them, try to make sentence with them such as analysing, discussions, definitions, benefits, ext.
You can use any Statistical Analysis you see it appropriate.
List of interviewed people
NO Name Position Manner of interview
1 Ahmed Alsaleh Business Manager Face to face
2 Amr Jad Researcher in Risk Management Face to face
3 Fahad Altfery Senior IS Department Phone
4 Ibrahim Alquhtani Project Team Leader Phone
5 Haitham Almayyan Senior and work over engineer Skype
6 Hussein Zedan Technical Director of STRL Face to face
7 Khalid Alali Solutions Architect Phone
8 Mansour Alammari Project Risk Specialist Skype
9 Nasser Almalki Business Analyst Phone
10 Sultan Hamad Senior IT project Manager Phone
Q1: Have you worked with any software project? and if so, which stage did you work with it?
A.A: Yes, I have developed system for renting cars in Saudi Arabia.
A.J: Yes, I have worked in software project, I worked in planning stage for user interface.
F.A: Yes, if you work with any software especially developing websites you will face many problems, but you should be patient to solve them.
I.A: Definitely, my career has always centered on developing various applications and programs to our clients. As a Project Team Leader, I am always involved from start to finish with the software projects I am assigned to lead.
H.A: Yes I have, I worked with drilling operational risk assignment, and It was generic software program.
H.Z: Yes, I have from beginning to the end.
K.A: Majority of my work involves ensuring that designs and plans are properly executed during all phases of software projects; thus, I am always involved in all stages of the SDLC.
M.A: I have always been involved with software projects from beginning all the way to the end-of-life of the applications my company developed. However, my part in all aspects of software projects is concentrated on the risk side.
N.A: Being involved in software projects is my "bread and butter," and I always am at the forefront throughout all stages of the project since I have to always ensure that documented business process are properly developed into the correct applications.
S.H: Yes, I have worked with various software projects for over a decade now. I have worked on all stages of software projects as a developer, analyst and now I mostly handle the management side thereof.
Q2: Have you faced any problems or risks during this project? And if so, which kinds of those risks and how could you solve them?
A.A: Yes, we faced some problems in that project which was the previous system for the company manual system, and the had a huge number of data to transfer them into the new system, we solved this problem by hiring new staff to help us for transferring the old data into the new system.
A.J: Well , the main problem was faced me regarding or about the time, when I had a task to achieve it within tow weeks for example, sometimes we can do it at specific time, so we have to make a shift whether before or after tow weeks to make extension to solve this kind of problem.
F.A: Yes, if you work with any software especially developing websites you will face many problems, but you should be patient to solve them.
I.A: Human resources especially project team members have always been both a challenge and a risk for me. They either go absent during critical stages of the project or simply quit because they got better offers from other software development companies.
H.A: Some of them and it had been resolved by scarifying some targets, and the risk assessment was for justifying the extra cost and involving the high management with the decisions prior starting the work
H.Z: Yes, a lot of problems, such as changing mind of the customers, another problem was end-user, so we have to bring people to stay with us to tell us the requirements so we need to understand the stakeholders very well.K.A: Scope creeps have always been the challenge and risk to the software projects I have handled. This is in due largely to the major stakeholders wanting changes usually halfway through the development stage.
M.A: Challenges and risk to software projects abound. As the in charge of the overall risk aspects of projects, I have learnt that technological and human-caused risks are always manageable but naturally occurring risks are quite difficult because you cannot really fight Mother Nature.
N.A: The biggest challenge and risk I have encountered so far is when the identified business processes did not coincide with the applications being developed. The reason being was that the business process owners did not provide in detail their needs and requirements.
S.H: Projects always come with their inherent and unexpected problems and risks. The challenges and risks that pose the greatest threat to projects have always been human caused either through ignorance, apathy or malicious intent.
Q3: Are there challenges in software development process, and if so where can we identify those challenges ?
A.A: Any software project must have challenges but the question how can we reduce those challenges to be easy at running time, for example, we can face challenge when we work with critical systems or let me say when we work with e-bank system, because these systems usually need high degree of security, and another point we face challenge when we want to collect data from stakeholders, they sometimes don’t help us to obtain full picture for developing new system.
A.J: I think the main challenges can be faced any analysts or any team work who are working within the life cycle will be about the time , that is included because you cannot estimate or forecast any expected risk, that is main challenge to still find out something to solve it.
F.A: I think the challenge will focus on how can you provide the success in your project without losing time and effort and money,
I.A: My worst nightmare had come through when several of my projects saw majority of my developers absent or quitting on me. I was challenge with the task to find replacements pronto otherwise; we would have been penalized for the delay.
H.A: Yes, any software has some challenges, but those challenges are different from system to another one, and the degree of challenge will increase if we worked with critical system.
H.Z: The big challenge to be honest the gap between the concept and the requirement, such as what the users want and the articulation of what users, because the users are not engineer or have enough knowledge in computer scents. So the main challenge in software project how can we understand the users to provide for them good services.
K.A: Despite the best laid and developed project plan, during the development stage, there will be items that are out of scope and yet are critical to the overall completion of the software project. The challenge then is going back to the plan and try to incorporate the scope creeps based on the approved Change Control Procedures
M.A: When Mother Nature sends in the snowstorms, floods, hurricanes, tornados and other natural calamities, there isn't much one can do. Thus, then Mother Nature sends in the snowstorms, floods, hurricanes, tornados and other natural calamities, there isn't much one can do. Thus, the challenge is in catching up with the work after fortuitous events.
N.A: Ensuring proper alignment of business processes and developing applications have always been the greatest challenge I face with every software project.
S.U: All types of people or major and minor stakeholder bring about the greatest challenges especially when unforeseen changes are introduced by major stakeholders during development stage.
Q4: From your point of view, what is a “risk” in software development projects ?
A.A: Actually the risk might be come with everything in our life, but for software projects, if the software didn’t work very well, or if it didn’t achieve all or some functions, then the software at the moment has a degree of risk.
A.J: I have got your question, it is depended on the system and the team of work as well as, because everyone in the team work has different personality and different skills, also it depends on the empowerment for software projects.
F.A: You know, every software must be passed through using life cycle for development, and if the software didn’t pass any stage, so that lead us the software has risk
I.A: Not having the total buy-in and support of management is my view of risk in software projects.
H.A: In my opinion as operational the challenge in proper accumulation all the data from the database, but the software will only show the results based on our inputs.
H.Z: When we want to develop any system we should consider on the system, but if we wanted to develop risk management for any system we should consider on the environment.
K.A: Not being able to come up with the correct and complete system for the client is the biggest risk I consider in software development projects.
M.A: Too many to mention and the categories abound too. But they generally fall under the category of human, technological and natural risks.
N.A: Software development project risk is something that a project team of its members could mitigate to a certain degree while some will still have residual risks.
S.U: Risk in software development is not being able to foresee or forecast what could be the possible and probable problems the project may encounter.
Q5: Are there any specific factors or threats that are known to put software projects at risk, and if there are, what are those factors ?
A.A: I think the most important factor, if the staff didn’t understand the new system or if they were unhappy with receiving the new system.
A.J: Well, I think I will come back to you or return back to you and I will remind you about the time, it is main factor , and sometimes if you have a big project the money as well and the budget.
F.A: Yes, there are some factors such as good knowledge and experience for team work, strong management, try to put complex systems in high propriety to a achieve them.
I.A: I have always found that when people especially the programmers do not show up; then the project went into a Domino Effect and work that was supposed to be done affected other parts of the project.
H.A: Actually, risk can be come with everything, it doesn’t have alarm to tell us, so that means we should ready to receive the risk and solve it as soon as.
H.Z: The main factor is known to put software projects at risk, if the stakeholder came to you during developing the system and asked you to add something extra, because in this case might the system will take long time or need new planning.
K.A: Poor development work or sub-standard coding is the biggest factor that I have seen put software projects at risk.
M.A: I had several projects that went into a standstill for up to a week because of severe snowstorms. We could not do anything about it but simply wait out the event.
N.A: Misunderstanding between the business process owners and the coders especially during actual coding became a showstopper in a few of my projects.
S.H: Human factors have always posed the greatest threats to software projects especially when those directly involved in the project do malicious acts.
Q6: What are risks in software projects have proved to be so difficult to improve it at development stage ?
A.A: Well, when we want to develop a new software there are some elements that might be affected this developing such as budget and enough number of teamwork and business strategy and time.
A.J: Well, it also needs to discover the risk before it happens, you can reduce risk, sometime you can discover and some time you cannot discover the risk and reduce it as well, because sometime the risk may be happened in uncertainty opportunities.
F.A: In my opinion, I think reengineering process very difficult stage, because it takes long time, we need to understand the existing system very well.
I.A: Programmers are not perfect since they are only human; thus, they can make mistakes and if left uncheck, one mistake may lead to several problems.
H.A: Noting but if there is any modification it should be done by the operator to show all the risks and options clearly to the customer.
H.Z: Interaction and communication, the large systems harder becomes why because risk management module is not composition so for example, if I have developed multinational software project for example you must be carful with this project or you will loss it, because the people involved and the culture involved and the religion as well as involved.
K.A: "Garbage in and garbage out" has always been a truism during the development stage. When the developers do not pay attention to detail and inputs wrong codes, then one thing will lead to another. Eventually, we had to go back and check each and every entry.
M.A: Sub-standard programming is a risk that is difficult to improve during the project development stage. that is why it is always important to get top-notch developers especially for high-level projects.
N.A: Developers not able to understand how to interpret business processes into development work proved to be the risk that was hard to improve during the development stage.
S.H: I would say when there is a lot of wrong coding and this is caught only during the testing and debugging stage. When the mistakes are numerous, redoing the whole application sometimes is the best course of action.
Q7: Are there categories of risks in software projects, and if there are, what are those categories ?
A.A: I think there are three levels of risks in software projects, low level which can be solved such as miss small requirements, and medium level which needs time to solve all the risks in this level such as no enough number of staff to achieve all functions at specific time, last level which is high and high and critical level, and it might be led the software project to the failure. Moreover, it will be so difficult to solve the problems in this level such as poor planning and poor structure or poor management as well as.
A.J: It also depends on the type of risk may be some risks are related to the software and some risks are related to hardware and some risks are related to business some of them are related to management and administration, it is depended on the type of risk. Then you will do categories when the risk comes down from top to down.
F.A: Yes, all categories of risk management in software project deal with different types of implementation new software and upgrades and management.
I.A: Schedule and budget risks mean not meeting project deadlines or overextending timelines for the former while latter is not only being over the budget but also expending budgets ahead of schedule or when it is not due. Operations risks cover the day-to-day events of projects. These may be lack of equipment, unscheduled absence of personnel, delayed arrival of materials delivery and even stoppage of work for various reasons. Technical risks have something to do with how the actual software is being developed, the outputs including the supporting resources required for testing and integration such as the network, hardware and data. Environmental risk covers the social, political, economic and business climate affecting the project.
H.A: The categories are the risk for doing the job, percentage of happening, existing of on hand available sources and resources.
H.Z: There are many categories, one is anticipated and another one is unanticipated so you need to put the system in safe stage.
K.A: We follow the seven-staged SDLC and as such we categorized risks based on each staged of the SDLC. The risk categories are (1) planning risks, (2) requirements definition risks, (3) systems design risks, (4) implementation risks, (5) integration and testing risks, (6) acceptance, installation and deployments risks, and (7) maintenance risks.
M.A: For not only software projects but also all our projects have three categories of risks: human-caused natural-caused and technology-based risks; these are all quite self-explanatory.
N.A: The company I work for has three categories of risks for software projects. Business risks are those would cause termination, financial loss and legal problems with the projects. Operational risks are daily but manageable project risks. Technical risks are those involving technology, systems and processes embedded in software projects.
S.H: Our company categorizes not just software project but all project risks under strategic, operational, and tactical risks. Strategic are the high-levels risks that will completely shut down a project. Tactical risks are mid-level ones that are still salvageable when they hit projects. Operational risks are the day-to-day problems and challenges faced with projects.
Q8: How are risks analysed in software projects?
A.A: Firstly, we should establish or let me say collect the right data, and then we should identify all risks, after that we are ready to analysis these risks and evaluate them, lastly we should treat all risk.
A.J: Before you are going to analyse the risk, you have to identify the risk, so the analysis is process of identification and evaluation, so that means you have to identify the risk itself, then you can evaluate this risk in which level for this risk, may be high level or low level.
F.A: Yes it is good question, analysis any software to identify the risks depends on difficult type of the system, so you have to select all risks in the system then you have to understand them very well after that you need to find out appropriate way or method to reduce those risks.
I.A: Whenever we start planning any project, we complete the Risk Register by placing regular project risks in various parts of the project phases. Once the regular risks are allocated, the project team along with the project manager convenes a three-day risk scenario building wherein we brainstorm what other possible or different risk that we might face in the project.
H.A: By numbers, percentages and colours to measure the degree of existing risk.
H.Z: Yah, there are some techniques for analysing risk management such as forces analysing might be good one and the evaluation of the forces.
K.A: My company goes by the SEI-SMU CMMI way of analyzing software projects risks. We first prepare ourselves for risk management; thereafter we identify and analyzed possible and probable project risks. From there, we develop the risk treatment plan and apply mitigation solutions to the identified risks.
M.A: Fortunately, our company has developed a comprehensive database of project risks. Once we take on a particular project, we simply allocate the likely risks for every stage of the software projects and after doing this, mitigation measures are incorporated. For whatever residual risks there are, these are closely monitored throughout the project so they will not become major risks.
N.A: The way we analyzed risks is first by determining what risks would affect various stages of the software project. For each risk, there is a corresponding mitigation measure and these measures are approved by top management prior to implementation.
S.H: By following the risk management methodology in the Project Management Institute's (PMI) Project Management Book of Knowledge (PMBOK) is how we analyze not only software project risks but all our other IT projects as well.
Q9: Are there standard software projects risk management approaches that are may be acceptable may be at global level? And if so, what are those approaches?
A.A: Risk management should reduce all risks which might be faced during project life cycle within creating good solutions.
A.J: The structure for standard software projects risk management approaches is started from identification the risk until risk control or monitor.
F.A: Well, we cannot prevent any risk in the world, but our responsibility how can we reduce the risk and how can we know the risk before it happens.
I.A: There is no one risk approach that we use but instead for every given project we determine the best fit. For instance there are American risk management approaches and these are suitable for American clients. But since we also have European clients, we try to use risk management approaches from that continent since more often it is a client requirement.
H.A: It is internally approved for our company and the approach as mentioned above to make the decision clear for the operator with customer among with high management acceptance.
H.Z: Risk management should lead and mange software project to be successful, you can also read textbooks to get more information.
K.A: The Software Engineering Institute - Carnegie Mellon University has several risk management approaches and we have adapted these and found them quite suitable to almost all of our software projects.
M.A: There are several software project risk management approaches available out there but since the company I work for is an information technology and project management firm, we did not adopt a specific risk management approach to our software development projects. Instead, we utilize the International Organization for Standardization (ISO) 27000 series and specifically ISO/IEC 27005 Information Security Risk Management. Since it is an ISO document, it is a global standard and contains best practices not only in information technology and project management risk but in other endeavors as well such as in business and strategic planning. Complementing ISO/IEC 27005 are ISO/IEC 27001 Information security Management System Requirements and ISO/IEC 27002 Code of Practice for Information Security Management. Most people when they first hear the term information security, the first thing that would come to mind are computers and related information technology. This is not true because information security covers both digital and physical security and the corresponding risk identification procedures thereof. Thus, using the ISO 27000 series provides any of our projects with detailed insights on how to properly manage any project risks including software development projects.
N.A: Several methodologies or approaches of international fame and standard are available and we always try to use one that best meets the needs and requirements of each project.
S.H: The Project Management Institute's (PMI) Project Management Book of Knowledge (PMBOK) Risk Management Process Group basically covers the approaches we use for risk management. It is a global standard and has been adapted by major industries worldwide.
Q10: What are real roles for risk management to reduce the failure in software development projects ?
A.A: The important role for risk management is to highlight on all barriers that might delay the project to achieve it at specific time. It should provide good communication between all channels in the project.
A.J: Well, it depends on the team, and the skills for the team as well as, how their capacity to manage those project to be successful without high risk.
F.A: Through using good plans, and in addition it needs someone who has experience with dealing especially large system, because it has more risks.
I.A: To make the software development projects proceed without delay or failure.
H.A: The roles should be clear and give enough evaluation for developing projects.
H.Z: It is far better to develop the right system than developing system right, that what I would say.
K.A: To keep the project going without the threats and vulnerabilities affecting any part thereof and causing uncontrollable problems.
M.A: Risk management is not just a part of the software developments projects but covers all aspects of projects from beginning to end, there are risks in various aspects of the projects and without applying risk management methodologies in each of these, then the project is doomed to fail. An example would be in the Change Management aspects of software projects, risk management is applied by ensuring that any changes are approve and duly validated otherwise it will have a Domino Effect on the succeeding stages of the project. In Configuration Management, the role of risk management is to validate that how things are to be done is done and it has the desired results forecasted.
N.A: Risk management is an integral part of every project in order to meet the demands of the clients and gain their satisfaction upon completion.
S.H: The real role for risk management in software development projects is to ensure all possible and probable risks are managed in order for these not to unduly affect the overall outcome of the project.
Q11: From your point of view, what are real reasons for the failure in software development projects?
A.A: Yes, yes there are some reasons which might lead any software project to be unsuccessful, such as miss deadline or poor design in user interface or no fit between the new system and training course , all these reasons will lead any project to the failure.
A.J: Well we can say, usually the projects fail when there is no enough time to cover all important issues in the project to identify the risk or to develop system at same time or run time and as well the money some time it will be not enough to provide all requirements.
F.A: There are some reasons for the failure, for example poor communication skills in leadership, and some companies receive many projects at same time so those projects may will delay the companies to deliver the projects at specific time.
I.A: : Lack of enough human resources to have project continuity and complete the project on time.
H.A: In my opinion, the real reason for the failure in software development is poor communication between project team and system owners.
H.Z: The main reason for the failure in software development project misses understand the requirements fro developing as I said last time we should develop the right system and get the right requirements.
K.A: When developers make a lot of mistakes in the coding and these mistakes have to be corrected thereby causing delays and in some projects total failure.
M.A: Poor planning and poor change management have been some of the real reasons I have seen failed projects.
N.A: Software developments projects do not mean simply developing business applications to automate business processes or streamline business operations. One of the end stages of software projects is the utilization of the applications by end-users and business process owners. Unfortunately though, one of the real reasons for failure in software projects is people's resistance to change. This particular evident during the requirements and needs analysis stage where we do a gap analysis of what-is and what-the-end-stage will be. We often encounter end-users who are uncomfortable providing data on the business processes they handle because the very thing on their minds is that when these business processes are automated, they can be retrenched. Others will simply be absent or call in sick during the data gathering stage and this entails delay on the project timeline. During the testing stage, some of the end-users and business process owners would negatively critique the application even though the input, process and output of which are exactly what the business process called for. It sometimes gets frustrating because I feel that just because the client company is being enabled by technology, these people look at technology as the villain out to get them out of their jobs.
S.H: Failure of key stakeholders to abide what was agreed upon in the Project Management Plan.
Q12: Lastly, how dose the future of software projects and software project risk management look like ?
A.A: These days marketplace has a good software projects, and many companies around the world usually provide high quality of modern software. On the other hand, risk management is always tried to reduce the risk in new software projects, that means there is related relationship between risk management and software projects. In general, risk management will be popular topic in next years, because the industry of new software is increasing day by day.
A.J: I think it is very important because every thing in the life or in the world is related to the risk and the risk management is still growing up and it will be global subject in the future.
F.A: Of course, available software projects are completely different if we compared them in previous software, because the software has become to help organisations to achieve their goals, and if those organisations have changed their strategies for sure the software will change to be adapted with new strategies. Also risk management has come to aid the teamwork of software projects for solving all problems which might software has.
I.A: I see risk management taking more active parts not only in stages of the software project but also in subsets thereof because there will be more detailed risk management approaches in the future.
H.A: The reliable and professional software will make life much easier and more even if it is connected to the data base to extract the data (minimize the time and take same actions quicker)
H.Z: I think people are beginning now to learn risk management for software projects, and it is going to be important part in our education how do you mange risk. I would like to say tow things , first one we should develop right system rather than just develop the system right, and another one test early and teat off in, we should keep testing after delivering the system.
K.A: There will be more developed automated risk management systems based on artificial intelligence and these will make future software projects better managed in terms of the risk aspect.
M.A: Risk management will be part of the overall information security governance of every projects.
N.A: A software project without software project risk management is asking for major trouble to happen. The latter supports the optimum operation of the project and without it, threats and vulnerabilities will have a field day. in the future, there will be better automated risk management applications that can simply integrate with software project management systems thus making the risk management methodology more effective and efficient.
S.H: Risk management will further be improved and will eventually help improve future software development projects.
Excerpt From Essay:
I really do appreciate HelpMyEssay.com. I'm not a good writer and the service really gets me going in the right direction. The staff gets back to me quickly with any concerns that I might have and they are always on time.
I have had all positive experiences with HelpMyEssay.com. I will recommend your service to everyone I know. Thank you!
I am finished with school thanks to HelpMyEssay.com. They really did help me graduate college..