Accurate time and budget is an essential estimate for planning software projects correctly. Quite often, the software projects fall into unrealistic estimates and the core reason generally owes to problems with the requirement analysis. For investigating such problems, risk has to identified and assessed at the requirement engineering phase only so that defects do not seep down to other software development phases. This article proposes a multi-criteria risk assessment model to compute risk at a requirement level by computing cumulative risk score based on a weighted score assigned to each criterion. The result of comparison with other approaches and experimentation shows that using this model it is possible to predict the risk at the early phase of software development life cycle with high accuracy.
TopIntroduction
In the field of software engineering, requirements engineering (RE) is the most crucial phase of software development life cycle (Denger & Olsson, 2005). It is a systematic approach which deals with understanding, documenting, evaluating and implementing customer’s needs (Nuseibeh & Easterbrook, 2000). Any failures during RE phase have adverse impact on the overall development process (Hall, Beecham & Rainer, 2002) as it acts as a roadmap for calculating schedule and cost of the project. This implies that software project development is not only risky but challenging as well. The challenges are due to constant evolution of stakeholder need, time to deliver project on time and within budget, meeting constant challenging market demands etc. Studies have shown that if requirement errors are surfaced out in the later stages of the project lifecycle, fixes take more time and have a huge cost involved as much as 200 times as compared to analyzing and checking defects at the initiation stage (Niazi & Shastry, 2003). Therefore, managing risk at the early stages of project is essential otherwise it will result in an exponential increase in the cost of the project. Risk assessment and management is an organized way of identifying, analyzing and assessing the impacts of risks and mitigating them when they arise. According to (Hamill & Katerina, 2009) most common types of defects in software development are requirement defects which are among the major sources of failure constituting 32.65% and these defects have high severity problem which affect software maintainability (Chen & Huang, 2009). It is one of the overlooked aspects in requirements engineering (Stern & Arias, 2011) and is generally considered as a potential problem that can affect the projects in a negative way. According to (McConnell, 1997) risk management only requires 5% of the total project budget in order to obtain a 50–70% chance of avoiding time overrun.
Literature in the past concludes that researchers have proposed considerable amount of risk identification, analysis and management models for better supervision of threats. As per studies conducted in (Ansar, 2006; Kontio, 2001; Ropponen & Lyytinen, 2000) risk management needs to be included as early as possible particularly, during the requirements engineering phase as inappropriate and misleading requirement gathering are most expensive and one of the main causes of project failure (Glass, 1998). This aspect of applying risk assessment in RE has not been sufficiently addressed in the past (Ropponen & Lyytinen, 2000; Pfleeger, 2000). Most research on software project risk analysis focuses on the discovery of correlations between risk factors and project outcomes (Procaccino et al., 2002; Jiang & Klein, 2000; Wallace & Keil, 2004).
This paper proposes a multi criteria risk assessment model, which analyzes requirements and estimates cumulative risk score value of implementing a particular requirement. The primary objective is to identify prime criteria’s that will help in analyzing risk associated with requirement implementation in terms of project outcome, inter relationships, importance to stakeholder and market value. The foremost challenge here is to define the most appropriate target criterion for ranking individual requirements in terms of risk. If a single criterion is taken into consideration then it becomes easier to decide whether the requirement is risky or not but if there are more than one criteria’s, then the decision becomes far more difficult, because a wrong decision can result in extra cost to the organization and the impact of same can be manifolds. The chosen criteria’s will govern operation in risk assessment model holistically checking trends of impact and their usage in context flow for the user as well as in-depth while grading the benefit, penalty and relative defect ratio they provide. Hence to address this issue of multiple parameters – a multi criteria decision making risk assessment model is presented in this paper. The model is simple, practical, and easy to understand in order to make the risk assessment process effective and sustainable.