A Proposed Risk Assessment Model for Decision Making in Software Management

Bokolo Jnr. Anthony, Noraini Che Pa, Mustafa Salah Khalefa, Hamid Ali Abed Alasad, Hamzah F Zmezm

Abstract


Software organization faces operational, technical and strategic risk. Hence, risk assessment is an important part of the decision-making process of software activities. Software management process has gained relevant during the last years, however there is still growing need of developing an innovative models that can support software practitioners in making decision to assess operational, technical and strategic risk. Existing risk assessment models adequately provide valuable insights to software practitioners to identify and measure the magnitude of risks associated in software activities, but they do not provide decision making support to software practitioners in assessing operational, technical and strategic risk. Thus, the aim of this paper is to propose a risk assessment model to support decision making of software practitioners when they assess risk that occurs in software management process. The developed model also provides software practitioners with the required risk assessment process and components, when they assess risk in their organisation. Semi–structured interview was used to collect data using two case studies involving a panel of software experts and software practitioners. Data was collected based on risk assessment practices in their respective software organisations. The case study was analysed using descriptive and narrative analyses. Results from the case studies shows that the current practice of assessing risk in software organisations is not effective due to inadequate decision making support to software practitioners when they measure and quantify identified operational, technical and strategic risk.  


Keywords


Risk, Risk Assessment, Decision Making, Software Organisations, Software Management

Full Text:

Abstract PDF

References


Abbinaya, S. Senthil, K. M. (2015). Software Effort and Risk Assessment Using Decision Table Trained by Neural Networks. Paper Presented at the IEEE ICCSP 2015 conference.

Bajo, J., Borrajo, M. L., Paz, J. F. D., Corchado, J. M. & Pellicer, M. A. (2012). A multi-agent system for web-based risk management in small and medium business. Expert Systems with Applications, 39(4), 6921–6931.

Bokolo, A. J. & Noraini, N. C. (2015). A Review on Tools of Risk Mitigation for Information Technology Management. Journal of Theoretical and Applied Information Technology, 11(1), 92-101.

Bokolo, A. J., Noraini, C. P., Teh, M. A., Rozi, N.H. N. & Yusmadi, Y. J. (2015a). Autonomic Computing Systems Utilizing Agents for Risk Mitigation of IT Governance. Jurnal Teknologi, 77 (18), 49-60.

Bokolo, A. J., Noraini, C. P., Rozi, N.H. N., & Yusmadi, Y. J. (2015b). A Risk Assessment Model for Collaborative Support in Software Management. Paper Presented at the 9th Malaysian Software Engineering Conference.

Chandan, K. & Dilip, K. Y. (2015). A Probabilistic Software Risk Assessment and Estimation Model for Software Projects. Paper Presented at the Eleventh International Multi-Conference on Information Processing-2015 (IMCIP-2015), Procedia Computer Science 54, 353 – 361.

Chi-An, C. & Yu-Lun, H.(2015). An Adjustable Risk Assessment Method for a Cloud System. Paper Presented at the IEEE International Conference on Software Quality, Reliability and Security - Companion.

Choetkiertikul, M. & Sunetnanta, T. (2010). A Risk Assessment Model for Offshoring Using CMMI Quantitative Approach. Paper Presented at the 2010 Fifth International Conference on Software Engineering Advances.

Davide, A., Dulmin, R. & Mininno, V. (2012). Risk Assessment in ERP projects. Information Systems Journal, 37 (2), 183–199.

Fayssal, M. S., Richard G. S. & Zhaofeng, H. (2015). Reliability and Probabilistic Risk Assessment - How They Play Together. Paper Presented at the IEEE International conference.

Feng, J. (2016). Risk Assessment and Control for Accounting Information System based on Fuzzy Analytic Hierarchy Process. Paper Presented at the 2016 Eighth International Conference on Measuring Technology and Mechatronics Automation.

Ionita, M. & Patriciu, V. (2014). Achieving DDoS Resiliency in a Software Defined Network by Intelligent Risk Assessment Based on Neural Networks and Danger Theory. Paper Presented at the 15th IEEE International Symposium on Computational Intelligence and Informatics, 19–21 November, 2014, Budapest, Hungary.

Josua, J. P. S. & Jaka, S,. (2015). Risk Assessment Model of Application Development using Bayesian Network and Boehm’s Software Risk Principles. Paper Presented at the International Conference on Information Technology Systems and Innovation (ICITSI) Bandung – Bali, November 16 – 19, 2015,

KarimiAzari, A., Mousavi, N., Mousavi, S. F. & Hosseini, S. (2011). Risk assessment model selection in construction industry. Expert Systems with Applications, 38(2). 9105–9111.

Lainhart, J. W. (2010). Why IT governance is a top management issue. The Journal of Corporate Accounting and Finance, 11(1), 33-40.

Laudon, K. C. & Laudon, K. P. (2012). Management Information System, Prentice Hall.

Manalif, E., Capretz, L. F. & Ho, D. (2013). Software Project Risk Assessment and Effort Contingency Model based on COCOMO Cost Factors. Journal of Computations & Modelling, 3(1), 113-132.

Marko, E. & Florian, T. (2015). Software Risk Assessment for Measuring Instruments in Legal Metrology. Paper Presented at the Proceedings of the Federated Conference on Computer Science and Information Systems 1113–1123.

Moeinzadeh, P. & Hajfathaliha, A. (2009). A Combined Fuzzy Decision Making Approach to Supply Chain Risk Assessment. World Academy of Science, Engineering and Technology, 60(2), 519-528.

Moorthy, J.T. S., Ibrahimn, S. B.& Mahrin, M. N. (2013). The Need for Usability Risk Assessment Model, SDIWC, 215-220.

Morakot, C., Hoa, K. D. & Thanwadee, T. S. (2014). A CMMI-based automated risk assessment framework. Paper Presented at the 21st Asia-Pacific Software Engineering Conference.

Muhammad, R. N. & Adeel, A. M. (2014). Using V-Model Methodology, UML Process-Based Risk Assessment of Software and Visualization. Paper Presented at the International Conference on Cloud Computing and Internet of Things (CCTOT 2014).

Mukesh, V. G., Shashank, M. S. & Santanu, K. R. (2015). Software Project Risk Assessment based on Cost Drivers and Neuro-Fuzzy Technique. Paper Presented at the International Conference on Computing, Communication and Automation (ICCCA2015).

Nancy J. L. (2016). An Innovative Goddard Space Flight Centre Methodology for using FMECA as a Risk Assessment and Communication Tool. USA. 1-9.

Nasirzadeh, F., Khanzadi, M. & Mianabadi, H. (2013). A Fuzzy Group Decision Making Approach to Construction Project Risk Management. International Journal of Industrial Engineering & Production Research, 1(1), 71-80.

Nepomuceno, V. S. & Fontana, M. E. (2013). Decision support system to project software management. Paper Presented at the 2013 IEEE International Conference on Systems, Man, and Cybernetics.

Noraini, N. C. & Bokolo, A. J. (2015a). A Model of Mitigating Risk for IT Organisations. Paper Presented at the 4th International Conference on Software Engineering and Computer Systems (ICSECS’ 15).

Noraini, C. P. & Bokolo, A. J. (2015b). A Review on Decision Making of Risk Mitigation for Software Management. Journal of Theoretical and Applied Information Technology, 76(3). 333-341.

Noraini, C. P., Bokolo, A. J., Rozi, N. H. N. & Masrah, A. A. M. (2015a). A Review on Risk Mitigation of IT Governance. Information Technology Journal, 14 (1), 1-9.

Noraini, C. P., Bokolo, A. J., Rozi, N. H. N. & Masrah, A. A. M. (2015b). Risk Assessment of IT Governance: A Systematic Literature Review. Journal of Theoretical and Applied Information Technology, 71(2). 184-193.

Noraini, C. P., Bokolo, A. J., Rozi, N.H. N. & Yusmadi, Y. J. (2015c). Proposing a Model on Risk Mitigation In IT Governance. Paper Presented at the Proceedings of the 5th International Conference on Computing and Informatics, (ICOCI 2015).

Omar, A. (2014). Operational Profile Modeling as a Risk Assessment Tool for Software Quality Techniques. Paper Presented at the International Conference on Computational Science and Computational Intelligence.

Sadiq, M., Ahmad, M. W., Rahmani, K. I. & Jung, S. (2010). Software Risk Assessment and Evaluation Process (SRAEP) using Model Based Approach. Paper Presented at the 2010 International Conference on Networking and Information Technology.

Sendi, A. S., Shajari, M., Hassanabadi, M., Jabbarifar, M. & Dagenais, M. (2012). Fuzzy Multi-Criteria Decision-Making for Information Security Risk Assessment. The Open Cybernetics & Systemics Journal. 6(3) 26-37.

Shikha, P. & Selvarani, R. (2012). An Efficient Method of Risk Assessment using Intelligent Agents. Paper Presented at the Second International Conference on Advanced Computing & Communication Technologies.

Xiaofei, W., Xiaohong, L., Ruitao, F., Guangquan, X, Jing, H. & Zhiyong, F. (2014). OOPN-SRAM: A Novel Method for Software Risk Assessment. Paper Presented at the 19th International Conference on Engineering of Complex Computer Systems.

Wang, H. & You, L. (2015). Software Risk Assessment Method based on Fuzzy Neural Network. Paper Presented at the International Conference on Computer Science and Intelligent Communication (CSIC 2015).

Yao, Y., Cai, W. & Fang , N. (2016). Network & Information System Security Risk Assessment Technology. Paper Presented at the proceedings of 2016 13th International Bhurban Conference on Applied Sciences & Technology (IBCAST), Islamabad, Pakistan, 12th – 16th January, 2016.

Yin, K. R. (2004). Case Study Methods, Complementary Methods for Research in Education, Cosmos Corporation, American Education Research Association.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.