We present a simple, but powerful framework for software risk management. The framework synthesizes, refines, and extends current approaches to managing software risks. We illustrate its usefulness through an empirical analysis of two software development episodes involving high risks. The framework can be used as an analytical device to evaluate and improve risk management approaches and as a practical tool to shape the attention and guide the actions of risk managers.
Get full access to this article
View all access options for this article.
References
1.
AlterA., and GinzbergM. (1978). Managing uncertainty in MIS implementation. Sloan Management Review, Fall 20(1), 23–31.
2.
AndersenN. E., KensingF., LundinJ., MathiassenL., Munk-MadsenA., RasbechM., and SørgaardP. (1990). Professional Systems Development: Experience, Ideas and Action, (Prentice Hall, Hemel Hempstead, Hertfordshire).
3.
BarkiH., RivardS., and TalbotJ. (1993). Toward an assessment of software development risk. Journal of Management Information Systems, 10(2), 203–25.
4.
BoehmB. W. (1989). Software Risk Management. Tutorial, IEEE Computer Society Press, Los Alamitos, California.
5.
BoehmB. W. (1991). Software risk management: principles and practices. IEEE Software, January 12, 32–41.
6.
BoehmB. W., GrayT., and SeewaldtT. (1984). Prototyping versus specifying: a multiproject experiment. IEEE Transactions on Software Engineering, 10(3).
7.
BoehmB. W., and RossR. (1989). Theory-W software project management: principles and examplesIEEE Transactions on software engineering, 15(7), 902–16.
8.
BurnsR., and DennisA. (1985). Selecting an appropriate application developmentDatabase, Fall, 17, 19–23.
9.
CharetteR. N. (1989). Software Engineering Risk Analysis and Management (Intertext Publications, McGraw-Hill, New York).
10.
ChecklandP. (1981). Systems Thinking, Systems Practice (John Wiley, Chichester).
11.
ConstantineL. (1993). Work organization: paradigms for project management and organizationCommunications of the ACM, 36(10), 32–43.
12.
CoopriderJ. G., and HendersonJ. C. (1991). Technology – process fit: perspectives on achieving prototyping effectiveness. Journal of Management Information Systems, 7(3), 67–87.
13.
CurtisB., KrasnerH., and IscoeN. (1988). A field study of the software design process for large systems. Communications of the ACM, 31(11), 1268–87.
14.
DavisG. B. (1982). Strategies for information requirements determination. IBM Systems Journal, 21(1), 4–30.
15.
DavisG. B., LeeA. S., NicklesK. R., ChatterjeeS., HartungR., and WuY. (1990). Diagnosis of an Information System Failure: A Framework and Interpretive Process, Management Information Systems Research Centre, WP-01–06, University of Minnesota.
16.
EarlM. (1989). Management Strategies for Information Technology (Prentice Hall, London).
GalliersR. D., and SutherlandA. R. (1991). Information systems management and strategy formulation: the ‘stages of growth’ model revisited. Journal of Information Systems1(2).
19.
GjesingM. V. (1993). Risk-based Project Management-An example.The Danish Bank Academy (in Danish).
20.
HeiskanenA. (1994). Issues and Factors Affecting the Success and Failure of a Student Record System Development Process – a Longitudinal Investigation Based on Reflection-in-Action. PhD Dissertation, Department of Computer Science, University of Tampere.
21.
HumphreyW. S. (1989). Managing the Software Process.Software Engineering Institute, The SEI Series in Software Engineering (Addison-Wesley, Reading, Mass., USA).
22.
KeilM. (1995). Pulling the plug: software project management and the problem of project escalation. MISQ19(4), 421–47.
23.
LeavittH. J. (1964). Applied organization change in industry: structural, technical and human approaches in, LeavittH. J. (ed), New Perspectives in Organizational Research (John Wiley, Chichester), 55–71.
24.
LyytinenK. (1991). Penetration of information technology in organizations: a comparative study using stage models and transaction costs. Scandinavian Journal of Information Systems, 3, 87–109.
25.
LyytinenK., and HirschheimR. (1987). Information systems failures – a survey and classification of the empirical literature. Oxford surveys in Information Technology Vol 4., (Oxford University Press, Oxford), 257–309.
26.
LyytinenK., MathiassenL., and RopponenJ. (1996). Attention shaping and software risk – A categorical analysis of four classical approaches, submitted for publication.
27.
MarchJ., SproullL., and TamuzM. (1991). Learning from samples of one or fewer. Organization Science, 2(1), 1–13.
28.
McFarlanW. (1982). Portfolio approach to information systems. Journal of Systems Management, January 33(1), 12–19.
29.
MarkusL., and KeilM. (1994). If we build it, they will come: designing information systems that users want to use. Sloan Management Review.
30.
MathiassenL., SeewaldtT., and StageJ. (1995). Prototyping and specifying: principles and practices of a mixed approach. Scandinavian Journal of Information Systems, 7(1), 55–72.
31.
MumfordE. (1983). Designing Human Systems (Manchester Business School, Manchester).
32.
MumfordE., and McDonaldB. W. (1989). XSEL's progress – the continuing journey of an expert system (John Wiley, Chichester).
33.
NeoB. S., and LeongK. S. (1994). Managing risks in information technology projects: a case study of Trade Net. Journal of Information Technology Management, May 5(3), 29–45.
34.
NolanR. L. (1973). Managing the computer resource: a stage hypothesis. Communications of the ACM, 16(7), 399–405.
35.
ParnasR., and ClemensP. (1986). A rational design process: how and why to fake it. IEEE transactions on Software Engineering, SE-12(2), 251–7.
36.
RobertsK. ed. (1993). New Challenges to Understanding Organizations, (Macmillan, New York).
37.
RochlinG. (1993). Defining ‘high reliability’ organizations in practice: a taxonomic prologue, in New Challenges to Understanding Organizations, RobertsK. (ed) (Macmillan), 11–32.
38.
RopponenJ. (1993). Risk Management in Information System Development, Licentiate thesis, Department of Computer Science and Information Systems, University of Jyväskylä, Finland.
39.
RopponenJ., and LyytinenK. (1996). How Software Risk Management Can Improve Systems Development: An exploratory Study, accepted for publication in European Journal of Information Systems.
40.
SimonH. (1979). Rational decision making in business organizations. American Economic Review, 69(4), 493–513.
41.
SimonH. (1983). Theories of Bounded Rationality, Behavioural Economics and Business Organization, Vol. 1–2 (MITT Press, Cambridge), 160–176.
42.
WillcocksL., and MargettsH. (1994). Risk assessment and information systems. European Journal of Information Systems, 3(2).
43.
WeickK. (1979). The Social Psychology of Organizing (Addison-Wesley, Reading, MASS).
44.
WeickK., and DaftR. (1983). The effectiveness of interpretation systems, in Organizational Effectiveness: A Comparison of Multiple Models, CameronK., and WhettenD. (eds) (Academic Press, New York).
45.
WeinbergG. M. (1986). Becoming A Technical Leader – An Organic Problem Solving Approach (Dorset House Publishing).
46.
Van de SwedeV., and van VlietJ. (1994). Consistent development: results of a first empirical study on the relation between the project scenario and success, in Proceedings of the 6th CAiSE conference, WïjersG., and BrinkkemperS. (eds), (Springer Verlag, Unrecht, The Netherlands), 80–93.
