Software is a Risky Business
There are many risks involved in creating high quality software on time and within budget. With ever increasing software complexity and increasing demand for bigger, better, and faster product, the software industry is a high-risk business. When teams don't manage risk, they leave projects vulnerable to factors that can cause major rework, major cost or schedule over-runs, or complete project failure. Adopting software risk management processes is a step the can help effectively manage software development and maintenance initiatives. However, in order for it to be worthwhile to take on these risks, the organization must be compensated with a perceived reward. The greater the risk, the greater the reward must be to make it worthwhile to take the chance. In software development, the possibility of reward is high, but so is the potential for disaster. Risk exists whether it is acknowledged or not. People can stick their heads in the sand and ignore the risks but this can lead to unpleasant surprises when some of those risks turn into actual problems. The need for software risk management is illustrated in Gilb’s risk principle. “If you don’t actively attack the risks, they will actively attack you" [Gilb-88]. In order to successfully manage a software project and reap the rewards, software practitioners must learn to identify, analyze, and control these risks. This paper focuses on the basic concepts, processes, and techniques of software risk management. This paper was presented at the ASQ World Conference for Quality and Improvement, May 2009.