Managing Risk in
Software Process Improvement:
An Action Research Approach
Jakob H. Ivesen, Lars Mathiassen, and Peter Axel Nielsen
Special Issue on Action Research
Volume 28, Number 3
Presented to: Dr. Dina Rateb
Prepared by: Eng. Mohamed Osman
( Apr 5th, 06)
Many software organizations engage in software process improvement (SPI)
initiatives to increase their capability to develop quality solutions at a
competitive level. Such efforts, however, are complex and very demanding. A
variety of risks makes it difficult to develop and implement new processes.
We studied SPI in its organizational context through collaborative practice
research (CPR), a particular form of action research. The CPR program
involved close collaboration between practitioners and researchers over a
three-year period to understand and improve SPI initiatives in four Danish
software organizations. The problem of understanding and managing risks in
SPI teams emerged in one of the participating organizations and led to this
Our research offers two contributions.
- First, we contribute to knowledge on SPI by proposing an approach to
understand and manage risks in SPI teams.
- Second, we contribute to knowledge on risk management within the
information systems and software engineering disciplines.
Software Process Improvement (SPI)
•Continuous and evolutionary approach to improve a software organization’s
capability to develop quality software in response to customer’s requirement.
•SPI covers a wide range of activities, from basic Project Management
disciplines such as project planning and tracking to sophisticated
continuous improvement of developed processes.
•Evidence suggests that SPI initiatives have led to dramatic improvements
of productivity, cycle time and quality.
•These initiatives faced a high number of failures. Out of 1,638 organizations
assessing, only 34% had proceeded to a 2nd assessment . Of those, 16.1%
•Time frame to move from a level to another varied from 16 to 32 months.
The IDEAL Model
Propose Future Analysis &
Stimulate for Set Build Solution
change Context Sponsorship Charter Acting
SPI Project Organization
Organizational Level ( SEPG)
(SPI Teams) Project Configuration Quality
Management Management Control
Software Risk Management
• Risk Management has been adopted and developed in a variety of areas,
including warfare, space exploration, nuclear reactors, security and financial
• Risk Management ideas have been applied successfully to software development
in response to various forms of system failure.
• Degree of risk is assessed either in Quantitative terms as the probability of
unsatisfactory events multiplied by the loss associated with their outcome or in
Qualitative by referring to the uncertainness surrounding the project and the
magnitude of potential loss associated with project failure
• Approaches to Software Risk Management:
1. Risk List ( A list of prioritized risk items )
2. Risk-action list (Same; with related resolution actions)
3. Risk Strategy Model (A contingency model relates aggregate risk and resolution)
4. Risk Strategy Analysis ( A stepwise process links risks to risk Mgmt strategy)
Developing Risk Approaches
Area of Problem Situation
7.Evaluate 4.Develop Risk
8.Exit 6.Apply 5.Design Risk
10.Elicit research results
Research Practice and Results
• A time line for the Action Research , together with an overview of activities and
roles played by researchers and practitioners
1. Initiating (10.97 – 12.97)
2. First Iteration (01.98 – 02.98 )
3. Second Iteration (03.98 – 08.98 )
4. Third Iteration ( 09.98 – 11.98)
5. Fourth Iteration ( 11.98 -02.99)
6. Closing (02.99 – 02.00)
Research had 2 approaches ( Manage Risks – Tailor Risk Mgmt to specific contexts
within Information Systems) each :
• Addresses Application Area ( A )
• Provides a Frame Work ( F ) for understanding
• Provides Methodology ( M ) for problem solving within (A) based on (F)
Risk Areas for SPI Teams
Improvement area: Those parts of Software Organization that are
affected by SPI initiative
Improvement Ideas: Set of processes, Tools &Techniques that SPI
seeks to Bring to Improvement areas
Improvement Process: SPI initiative itself and way it is organized,
conducted and managed
Improvement Actors: Those involved in carrying out SPI Initiative
• We used CBR- based action research to combine knowledge from SPI and
Software Risk Management to respond to practical needs of SPI teams.
• Findings have implications for both research and practice.
• Parts were published of the presented results to SPI practitioners.
• Practical approach was offered to address risk systematically.
• Approach was documented and illustrated for this purpose.