Which are the characteristics of software risk?

Posted by Rakesh 11th August 2021

The software development has inbuilt risk. Risk of software development involves – not developing software as per the specifications, not developing software within budget, or not delivering developed software on time. It is necessary to manage software risks.

Software development involves investment of money and time both. If softwares is not developed within a time frame then the cost of software development increases. To decrease the software development cost either the time frame of software development is compromised or software quality is compromised.

To develop software products it is required to find the requirements of the software product, to work on the design of the software product, to write efficient code of the software product and at last conduct software testing. In the process of software development it is necessary to assess risk in the development process.

To identify the risk it is necessary to find the critical elements to which risk is associated. Complexity involved in achieving the functionality of the software, throughput of the working staff, working schedule of the staff etc.

It is necessary to identify risks involved in software development. Quantitative assessment of risk reduces its impact on software development. Quantitative assessment of risk is done by identifying the following risk components – performance risk, cost risk, technical risk, support risk and schedule risk.

Following are the nine risk elements:

  • Software complexity
  • Project development staff
  • Software reliability
  • Requirement of software product
  • Methodical estimation of different factors involved in the development of software
  • Techniques used in software monitoring
  • Methods used in software development
  • Degree of usability of software
  • Technology and tools used in software development

Software Risk Assessment

Software risk can be estimated using Quality, Schedule and Cost of the software. Quality of the software is influenced by software complexity, software reliability, staff productivity, and software requirements. Quality of the software is less influenced by risk element software monitoring and technology and tools used. Risk elements methods used in the development process and software usability have average impact on the quality of the software.

Influence of nine risk elements on Quality, Schedule and Cost of the software is given in Table Below:

Influence of nine risk elements on Quality, Schedule and Cost

Risk Elements

Software Quality

Software Schedule

Software   Cost

Software complexity

3

3

3

Project Development Staff

3

3

3

Software Reliability

3

2

2

Requirement of Software Product

3

2

2

Methodical Estimation

2

3

3

Software Monitoring

1

2

1

Methods of Software Development 

2

2

2

Software Usability

2

1

1

Tools used in Software Development

1

1

1

1=Low, 2 = Medium & 3 = High

Nine risk elements of software can be judged using the following questions:

To assess risk associated with software complexity following question are used:

  1. Which one is the function of the developed software?
    1. Software for Data Processing
    2. Software for Communication Service 
    3. Software for System
  2. What amount of memory is required by the software?
    1. Memory limit not defined
    2. Extra memory can be added if required
    3. Only specified amount of memory can be used
  3. What type of I/O devices will be used?
    1. I/O devices that are standard
    2. I/O devices such as printer
    3. I/O devices such as headphone mic
  4. Does software have functionality that requires a time limit?
    1. No functionality of software requires time limit
    2. Few of the functionalities of the software require time limits
    3. Many functionalities of the software require time limits.
  5. Does the software have platform dependency?
    1. Software is platform independent
    2. Software is executable on few platform
    3. Software is platform dependent
  6. What control operations are used in software?
    1. Few operations in software require nested programming structures
    2. Few operations in the software required message passing techniques
    3. Few of the operations in the software requires resource scheduling
  7. Types of computation required in the developed software?
    1. Handling simple expressions
    2. Computation involves use of matrix and vectors
    3. Operation requires numerical analysis
  8. Does the software have device dependent operations?
    1. Software works with simple read/write statements
    2. Software works with operations such as device selection/status checking
    3. Software has operations that are time dependent or has micro programmed operations
  9. Does software have data management operations?
    1. Operation such as database queries related to insert, update and delete
    2. Operations that has multiple input or has single output or has simple structured operations
    3. Operations that involve dynamic relations and object structures
  10. Does software have a complex user interface?
    1. Software has simple input forms
    2. Software has report generation operations
    3. Software use complicated multimedia and virtual reality operations

Questions that assess the risk related to staff involved in the development process of the software:

  1. What is the experience level of the staff?
    1. 1 year experience
    2. 3 year experience
    3. 5 year experience
  2. What is the coding experience of the staff?
    1. Professional
    2. Intermediate
    3. Beginners
  3. What is the emotional status of the staff?
    1. Staff enjoy working
    2. Staff avoids complaining 
    3. Staff does complaints oftenly
  4. What is the knowledge level of the staff of the software domain?
    1. Staff has worked on the application similar to what is being developed
    2. Staff has world on portion of the software
    3. Staff is aware of the application being developed
  5. Number of lines of code done by each member of the staff?
    1. 40 lines
    2. 60 lines
    3. More than 70 lines of code
  6. Does staff possess the learning of different software disciplines?
    1. Staff has a good mix of different software disciplines
    2. Staff possess some software disciplines that are inappropriately represented.
    3. Staff does not posses some software disciplines
  7. What level of management skills does software managers possess?
    1. Staff consists of new managers and experienced managers
    2. Staff has managers that has same management skills
    3. Staff has managers having knowledge of software engineering
  8. Does the staff set goals or have a career path decided?
    1.  Staff members have objective and career plan
    2. Staff members have career plan but they does not follow it
    3. Staff member does not have career plan
  9. Does the staff coordinate with each other?
    1. Staff members are coordinating and cooperating
    2. Staff members indulge in unhealthy arguments
    3. Staff members does not compromise with each other
  10. Do staff members know their responsibilities?
    1. Staff members has clear knowledge of their roles and responsibilities
    2. Staff members does not have clear knowledge of their roles and responsibilities
    3. Staff members has confusion about their roles and responsibilities
  11. Does staff get rewarded on completing their task?
    1. Staff is being rewarded on putting good performance
    2. Staff gets rewarded on adhoc performance
    3. Staff does not get rewarded on performance

Questions that assess risk related to software reliability:

  1. Does software have error handling conditions?
    1. Software has error handling conditions for all expected instances
    2. Software does not has error handling conditions for all expected instances
    3. Software does not have error handling conditions
  2. Techniques of handling errors?
    1. Software execution does not stop for any error occurrence
    2. Software execution does not stops for some error occurrence
    3. Software execution stops on error occurrence
  3. Does software handle input/output errors?
    1. All input/output errors are handled
    2. Some input/output errors are handled
    3. No input/output errors are handled
  4. Does the software have a validity check on input?
    1. All validity checks are set on input
    2. Few validity checks are set on input
    3. No validity checks are set on inputs
  5. Does the software handle hardware faults?
    1. Yes software handles all hardware faults
    2. Software handles few hardware faults
    3. Software does not handle hardware faults
  6. Does the software use many global data types?
    1. Software use many global data types
    2. Software use few global data types
    3. Software use some global data types
  7. Does software handle defect data?
    1. Software handle all defect data
    2. Software handle some defect data
    3. Software handle few defect data
  8. Does software logged-in and closed-out defect data prior to delivery?
    1. Yes all defect data are logged in closed out
    2. Few defect data are logged in and closed out
    3. No defect data are logged in and closed out
  9. Does software test all the requirements before delivery?
    1. Software test all the requirements
    2. Software test few of the requirements
    3. Software does not test any of the requirement
  10. Does software undergo stress testing?
    1. Stress testing is done on all the modules of the software
    2. Stress testing is done on few the modules of the software
    3. Stress testing is not done
  11. System testing is conducted by:
    1. Test team
    2. Test team and developers
    3. Developers only
  12. Does a software company have experience working in the domain on which software has been developed?
    1. Company has experience of developing similar software
    2. Company does not has experience of developing similar software
    3. Company has no past experience of developing similar software

Questions to assess risk related to software product requirements

  1. Are the software requirements identified and documneted?
    1. All of the requirements are identified and documented
    2. Few of the requirements are identified and documented
    3. No requirements are identified and documented
  2. Customer view is also involved in identified software requirements.
    1. Customer view is fully involved
    2. Customer view is partially involved
    3. Customer view is not involved
  3. Is the identified requirement approved by the customer?
    1. All identified requirement are customer approved
    2. Few identified requirement are customer approved
    3. Not all requirement are customer approevd
  4. Identified requirements which are ambiguous are verified using a prototype?
    1. Yes, the identified ambiguous requirement is verified using the prototype.
    2. Few, the identified ambiguous requirement is verified using the prototype.
    3. The identified ambiguous requirement is not verified using the prototype.
  5. Is the identified requirement categorized?
    1. All the identified requirement are categorized
    2. Few of the identified requirement are categorized
    3. None of the identified requirement are categorized
  6. Does a gap exist in matching customer requirements and software requirements?
    1. There exists no difference
    2. Small difference exists
    3. Large difference exists
  7. There is no need to increase software requirements before the beginning of the next phase?
    1. No need to increase software requirements
    2. Few software requirements may be increased
    3. Many software requirement may be increased
  8. Do software requirements match code?
    1. Software requirement match code
    2. Few software requirement match code
    3. No software requirement match code
  9. Do software requirements match procedures?
    1. All software requirement match procedures
    2. Few software requirements match procedures
    3. No software requirements match procedures
  10. Are all functionalities completed before the delivery of the software?
    1. Yes all the functionalities completed and addressed
    2. Few of the functionalities completed and addressed
    3. No functionalities completed and addressed

Questions that can be used to assess risk related to methodical estimation.

  1. Choose the correct estimation opted to develop software?
    1. Top-Down approach
    2.  Bottom-up approach
    3. Some other techniques
  2. Which model is used to calculate the cost of the project?
    1. No model is used to calculate the cost of the of the project
    2. An appropriate cost model is used
    3. Partial cost estimation model is used
  3. Does estimation be predicted using previous software productivity metrics?
    1. Yes
    2. No 
    3. Partially used previous software productivity metrics
  4. Does schedule estimation of the current software is based on the schedule estimation of the previous software?
    1. Yes, schedule estimation is based on similar software developed in the past.
    2. Schedules estimation is partially based on similar software developed in the past.
    3. No, schedule estimation is not based on similar software developed in the past.
  5. Is estimation periodical?
    1. Estimates are done monthly.
    2. Estimates are not done monthly.
    3. Estimates are never done.
  6. Is the current schedule estimate as accurate as past schedule estimates?
    1. There exists variation of 5% of actual schedule
    2. There exists variation of 50% of actual schedule
    3. There exists variation of 100% of actual schedule
  7. Is there contribution of developers in the estimation process?
    1. Yes, developers contribute to the estimation process.
    2. Only a few developers contributes in the estimation process.
    3. Only managers contributes to the estimation process
  8. Does the estimation process require resources?
    1. Necessary resources are used in the estimation process.
    2. Few resources are used in the estimation process.
    3. No resources are used in the estimation process.

Questions which are used to assess the risk of software monitoring.

  1. Is there any marking set to find software effort?
    1. Yes typical marking is used for each development phase
    2. No marking is used for any development phase
    3. Not enough marking used for development phase
  2. Does each phase of software development has its own budget and cost estimation?
    1. Yes
    2. No 
    3. partial
  3. Does software development use a monitoring system?
    1. Yes
    2. No
    3. Partial
  4. Is progress report used to track software development?
    1. Weekly
    2. Monthly
    3. Progress report is not used to track software development
  5. Is the software development report updated?
    1. Yes, weekly
    2. Updates are not regular
    3. Never updated
  6. Is the software development log updated?
    1. Yes log is updated weekly
    2. Yes log is updated less frequently
    3. No Log maintained
  7. Are software development technical problems recorded?
    1. Yes, weekly
    2. Yes, monthly
    3. Technical problems are not recorded. 
  8. What is the method opted to develop a schedule plan?
    1.  Bottom-up method is opted to develop schedule plan
    2. Top-Down method is opted to develop schedule plan
    3. No method is opted to develop schedule plan
  9. What control mechanism is used in software development?
    1. One supervisor and three subordinates
    2. One supervisor and four or six subordinates
    3. One supervisor and six subordinates

Questions used to assess risk related to methods of software development.

  1. Is documentation done for software management ?
    1. Yes
    2. No
    3. Partially
  2. Are functions related to software management carried out?
    1. Yes functions related to software management carried out.
    2. Few functions related to software management are carried out.
    3. No functions related to software management is carried out.
  3. Is documentation exchange between the organizations developing the software?
    1. Yes, documentation is exchanged.
    2. No documentation is exchanged.
    3. Partial documentation is excahnged.
  4. Do software developers have experience in developing the software?
    1. All developers involved in development are trained.
    2. Few of the developers are trained.
    3. None of the developers are trained.
  5. Is the fix methodology used and followed for software development?
    1. Software development methodology used is closely followed
    2. Software development methodology used is not closely followed
    3. Software development methodology used is not at all followed
  6. Is software quality checks maintained?
    1. Yes, all software quality checks are performed.
    2. Few of the software quality checks are performed
    3. No software quality checks are performed
  7. Is the methodology opted for software development suitable?
    1. Methodology opted is suitable for current software development
    2. Methodology opted is not suitable for current software development
    3. Methodology opted is partially suitable for current software development
  8. Does the software development methodology considers walk-through and inspections?
    1. Yes software development methodology considers walk-through and inspections
    2. No software development methodology does not consider walk-through and inspections
    3. Yes software development methodology considers partial walk-through and inspections
  9. Does the software development process use well established test plans?
    1. All software functions use well established test plans.
    2. All software functions does not use well established test plans.
    3. All software functions partially use well established test plans.
  10. Does the software development process use documentation?
    1.  Yes, software development use documentation
    2. No, software development does not use documentation
    3. Software development use partial development
  11. Does software development use regression testing?
    1. Yes, software development process use regression testing.
    2. No, software development processes use regression testing.
    3. Software development processes use partial regression testing.
  12. Is there stability in organizational structure?
    1. Organizational structure is not stable.
    2. Organizational structure is stable.
    3. Organizational structure is partially stable.

Question to assess risk related to software stability.

  1. Is software delivered with a user manual?
    1. User manual will be delivered with the software
    2. User manual will not be delivered with the software
    3. User manual will be delivered with the software but not for all the functionality of the software
  2. Does software provide help to users to perform input/output functions?
    1. Yes software provide help to users to perform input/output functions
    2. No software does not provide help to users to perform input/output functions
    3. Yes software provide partial help to users to perform input/output functions
  3. Does the user of the software know how of the previous version of the software?
    1. Yes, the user has know how of the previous version of the software.
    2. No, the user does not have know how of the previous version of the software.
    3. The user has partial know-how of the previous version of the software.
  4. Does software have a user user interface friendly to user?
    1. User interface is friendly to the user.
    2. User interface is not friendly to the user.
    3. User interface is partially friendly to the user.
  5. Is there any functionality related to user response time?
    1. Yes, user response time is tracked and functionality is developed on this.
    2. No, user response time is tracked and functionality is developed on this.
    3. User response time is partially tracked and no functionality is developed on this.
  6. Is the total number of data entry and keystrokes counted?
    1. Software is designed in such a way that it minimizes number of data entry and keystrokes
    2. Few rules are used to minimize number of data entry and keystrokes
    3. No consideration is made to minimize number of data entry and keystrokes

Questions to assess risk related to tool used in software development.

  1. Is training given to software developers to use tools for development?
    1. Training is given to developers to use tools for software development.
    2. Few developers are given training to use tools for software development.
    3. No developers are given training for software development.
  2. Is testing done using software testing tools?
    1. Yes, software testing is done using testing tools.
    2. No software testing is not done using software testing tools.
    3. No testing tools are used.
  3. Is code generated using code generation tools?
    1. Yes code is generated using automated tools.
    2. Code generation tools are used but they are not adequtae.
    3. No code generation tools are used.
  4. Test procedures are developed using automated tools?
    1. Required automated tools are used to develop test procedures
    2. Few automated tools are used to develop test procedures
    3. No automated tools are used to develop test procedures
  5. Is software management done using tools?
    1. Yes software management tools are used
    2. Few software management tools are used
    3. No software management tools are used
  6. Is regression testing done using tools?
    1. Yes tools are used for regression testing
    2. Few tools are used for regression testing
    3. No tools are used for regression testing
  7. Is re-engineering done using tools?
    1. Yes tools are used for re-engineering
    2. Few tools are used for re-engineering
    3. No tools are used for re-engineering
  8. Is platform independent compiler used?
    1. Yes platform independent compiler used
    2. Platform independent compiler used with some limitations.
    3. No platform independent compiler used
  9. Tools for software development available to developers?
    1. Yes tools are available to developers.
    2. Few tools are available to developers.
    3. No tools are available to developers.

Conclusion

Questionnaire above can be used to find the characteristics of software risk. Nine risk elements and questions related to these are useful sources to find the characteristics of software risk.