Article Preview
TopIntroduction
In the field of software engineering, requirements engineering (RE) is the most crucial phase of software development life cycle (Denger & Olsson, 2005). It is a systematic approach which deals with understanding, documenting, evaluating and implementing customer’s needs (Nuseibeh & Easterbrook, 2000). Any failures during RE phase have adverse impact on the overall development process (Hall, Beecham & Rainer, 2002) as it acts as a roadmap for calculating schedule and cost of the project. This implies that software project development is not only risky but challenging as well. The challenges are due to constant evolution of stakeholder need, time to deliver project on time and within budget, meeting constant challenging market demands etc. Studies have shown that if requirement errors are surfaced out in the later stages of the project lifecycle, fixes take more time and have a huge cost involved as much as 200 times as compared to analyzing and checking defects at the initiation stage (Niazi & Shastry, 2003). Therefore, managing risk at the early stages of project is essential otherwise it will result in an exponential increase in the cost of the project. Risk assessment and management is an organized way of identifying, analyzing and assessing the impacts of risks and mitigating them when they arise. According to (Hamill & Katerina, 2009) most common types of defects in software development are requirement defects which are among the major sources of failure constituting 32.65% and these defects have high severity problem which affect software maintainability (Chen & Huang, 2009). It is one of the overlooked aspects in requirements engineering (Stern & Arias, 2011) and is generally considered as a potential problem that can affect the projects in a negative way. According to (McConnell, 1997) risk management only requires 5% of the total project budget in order to obtain a 50–70% chance of avoiding time overrun.
Literature in the past concludes that researchers have proposed considerable amount of risk identification, analysis and management models for better supervision of threats. As per studies conducted in (Ansar, 2006; Kontio, 2001; Ropponen & Lyytinen, 2000) risk management needs to be included as early as possible particularly, during the requirements engineering phase as inappropriate and misleading requirement gathering are most expensive and one of the main causes of project failure (Glass, 1998). This aspect of applying risk assessment in RE has not been sufficiently addressed in the past (Ropponen & Lyytinen, 2000; Pfleeger, 2000). Most research on software project risk analysis focuses on the discovery of correlations between risk factors and project outcomes (Procaccino et al., 2002; Jiang & Klein, 2000; Wallace & Keil, 2004).