The success and survival of software startup companies depend on the decision-making of entrepreneurs. Risk perception and management is an important part of making both business and product-related decisions. In contrast to the popularity of research on risk management in the context of established organizations, there is relatively limited research on risk management in early-stage startup companies. In this work, the authors aim at understanding the perception and practices of managing risks in software startups. They interviewed CEOs and CTOs of nine early-stage software startups in Denmark and Norway. The results revealed an awareness of common types of risks among software startups. However, risks are not measured or managed by any established approaches. They found that startup founders do not believe in risk management methods and prioritize other tasks on their to-do list. The findings have direct implications for startup founders in their early stages in Nordic countries.
TopIntroduction
A process innovation can be seen as the implementation of a new improved way of working, including the management of product development projects. While improvement always involve a certain level of risk, for many decades, risk management has been an integral part of project management (Boehm, 1989, 1991). Risk is a future uncertain event or condition that, if it occurs, has a positive or negative effect on project performance (IEEE Guide, 2004). Managing risk is an important aspect of increasing the success of process innovation in software industry. According to the report of the Chaos Report 2014, 16% of software development projects are successful; the other projects are completed untimely, poorly, or require more financial costs than was planned earlier (The Standish Group, 2014). According to a Microsoft Corporation study, if effective risk management is taken into account, there is a 50-75% chance of completing the software development project successfully (McConnell, 1997).
Research and application of risk management techniques, methods and tools is widespread. Their application is evident in various contexts of software development, such as, ERP (Aloini, Dulmin, & Mininno, 2007), global software projects (Munch, 2011), and Agile projects (Nyfjord, Kajko-Mattsson, 2008). While risk management is often seen as parts of standards (ISO 27005, ISO31000) and frameworks (RMF), the implicit context of risk management is often in established organizations with the ability to implement strategies and processes.
Risk is an essential phenomenon in the startup context. Starting up a new venture is a high-risk activity with the majority of startups collapsing within the first two years of their creation (Much, 2011). As startup companies typically rely on a single product or service, unexpected incidents occurred during the development of the products or services might have a severe consequence on the whole business (Giardino, Unterkalmsteiner, Paternoster, Gorschek, & Abrahamsson, 2014). Startup founders are risk takers inherently, but they want to have a better ability to assess risk better than other people.
In the context of software startups, risk management looks unconventional, because startups might involve a much higher risk than traditional businesses. Moreover, startup context implies different types of risks relating to entrepreneurial activities that can have a direct impact on the engineering parts of the startup. Yet, perhaps even more so than in traditional contexts, evaluating and managing risk in the software startup context might be a key factor for success.
Similar to the understanding of Software Engineering Knowledge area in Software Startups (Berg, Birkeland, Nguyen-Duc, Pappas, & Jaccheri, 2018), we propose research about the application of Risk Management in software startup contexts. Being able to efficiently model and analyze risks in startups, we will be able to develop intelligent systems that support startups in making informed well-calculated decisions.
In the first step, risk and the context for risk management should be understood. In this paper, we aim to study the use of risk management, where software startups located in Denmark and Norway is our target. To accomplish the aim of the study, we performed a qualitative study of ten start-ups. To address the major question “How do software startup manage risk”, we propose the following Research questions (RQs):
The paper is structured as follows: Section 2 presents the fundamentals of software startups, risk and risk management, Section 3 presents the methods used in the study, as well as the threats to the validity of the study. Section 4 presents the research results. Section 5 contains a discussion of the ðndings and the impact they might have. Lastly, the conclusion of the paper is written in Section 6.
TopBackground
This section contains an overview of existing studies on software startups and startup’s risk and a brief description of risk and risk management.