Abstract
Risks are an inherent part of any software project. The presence of risks in environments of software development projects requires the perception so that the associated factors do not lead projects to failure. The correct identification and monitoring of these factors can be decisive for the success of software development projects and software quality. However, in practice, risk management in software development projects is still often neglected and one of the reasons is due to the lack of knowledge of risk factors that promoted a low perception of them in the environment. This paper aims to identify and to map risk factors in environments of software development projects. We conducted a systematic literature review through a database search, as well as we performed an assessment of quality of the selected studies. All this process was conducted through a research protocol. We identified 41 studies. In these works, we extracted and classified risk factors according to the software development taxonomy developed by Software Engineering Institute (SEI). In total, 148 different risk factors were categorized. The found evidences suggest that risk factors relating to software requirements are the most recurrent and cited. In addition, we highlight that the most mentioned risk factors were the lack of technical skills by the staff. Therefore, the results converged to the need for more studies on these factors as fundamental items for reduction of failure level of a software development project.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alam, A. U., Khan, S. U., & Ali, I. (2012). Knowledge sharing management risks in outsourcing from various continents perspective: a systematic literature review. International Journal of Digital Content Technology and its Applications, 6(21), 27–33.
Bannerman, P. L. (2015). A reassessment of risk management in software projects. In: Handbook on Project Management and scheduling, vol. 2 (pp. 1119–1134). Springer International Publishing.
Biolchini, J., Mian, P. G., Natali, A. C. C., & Travassos, G. H. (2005). Systematic review in software engineering. In: System engineering and computer science department COPPE/UFRJ, Technical Report ES, vol 679(05) (p. 45).
Boehm, B. W. (1989). Software risk management. Piscataway: Software risk management.
Boehm, B. W. (1991). Software risk management: principles and practices. IEEE Software, 8(1), 32–41. https://doi.org/10.1109/52.62930.
Brasiliano, A. (2009). Método Brasiliano avançado – Gestão e análise de risco corporativo. Sicurezza.
Carr, M. J., Konda, S. L., Monarch, I., Ulrich, F. C., & Walker, C. F. (1993). Taxonomy-based risk identification (No. CMU/SEI-93-TR-06). Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst.
Charette, R. N. (1989). Software engineering risk analysis and management. New York: Intertext Publications.
Charette, R. N. (2005). Why software fails. IEEE Spectrum, 42(9), 42–49.
De Bakker, K., Boonstra, A., & Wortmann, H. (2010). Does risk management contribute to IT project success? A meta-analysis of empirical evidence. International Journal of Project Management, 28(5), 493–503.
De Marco, T. (1997). The deadline: a novel about project management. Dorset House.
DoD, U. S. (2006). Risk management guide for DoD acquisition. USA: Department of Defense.
Dorofee, A. J., Walker, J. A., Alberts, C. J., Higuera, R. P., & Murphy, R. L. (1996). Continuous risk management guidebook. Carnegie-Mellon Univ, Pittsburgh.
Fairley, R. (1994). Risk management for software projects. IEEE Software, 11(3), 57–67.
Fan, C. F., & Yu, Y. C. (2004). BBN-based software project risk management. Journal of Systems and Software, 73(2), 193–203.
Fu, Y., Li, M., & Chen, F. (2012). Impact propagation and risk assessment of requirement changes for software development projects based on design structure matrix. International Journal of Project Management, 30(3), 363–373.
Gerrard, P., & Thompson, N. (2002). Risk-based E-business testing. Artech House.
Goguen, A., Stoneburner, G., & Feringa, A. (2002). Risk management guide for information technology systems and underlying technical models for information technology security.
Google Scholar citations. (2017). https://scholar.google.com/intl/en/scholar/citations.html. Accessed May 2017.
Hall, E. M. (1998). Managing risk: methods for software systems development. Pearson Education.
Han, W. M., & Huang, S. J. (2007). An empirical analysis of risk components and performance on software projects. Journal of Systems and Software, 80(1), 42–50.
Heldman, K. (2010). Project manager’s spotlight on risk management. John Wiley & Sons.
Higgins, J. P., & Green, S. (Eds.). (2011). Cochrane handbook for systematic reviews of interventions. http://handbook.cochrane.org/chapter_6/6_4_4_sensitivity_versus_precision.htm. Accessed May 2017.
Hillson, D. (2002). The Risk Breakdown Structure (RBS) as an aid to effective risk management. In: 5th European Project Management conference. Cannes, France (pp. 1–11).
Ivarsson, M., & Gorschek, T. (2011). A method for evaluating rigor and industrial relevance of technology evaluations. Empirical Software Engineering, 16(3), 365–395.
Jiang, J., & Klein, G. (2000). Software development risks to project effectiveness. The Journal of Systems and Software, 52(1), 3–10.
Jiang, J., Klein, G., & Discenza, R. (2001). Information systems success as impacted by risks and development strategies. IEEE Transactions on Engineering Management, 48(1), 46–55.
Jorgensen, M. (1999). Software quality measurement. Advances in Engineering Software, 30(12), 907–912.
Kerzner, H. (2017). Project management: a systems approach to planning, scheduling, and controlling. Hoboken: John Wiley & Sons.
Khan, A. A., Basri, S., & Dominic, P. D. D. (2014). Communication risks in GSD during RCM: results from SLR. In: Computer and Information Sciences (ICCOINS), 2014 International Conference on (pp. 1–6). IEEE.
Kitchenham, B & Charters, S., 2007. Guidelines for performing systematic literature reviews in software engineering. Technical report. EBSE.
Kontio, J. (2001). Software engineering risk management: a method, improvement framework, and empirical evaluation. Helsinki University of Technology.
López, C., & Salmeron, J. L. (2012). Risks response strategies for supporting practitioners decision-making in software projects. Procedia Technology, 5, 437–444.
March, J. G., & Shapira, Z. (1987). Managerial perspectives on risk and risk taking. Management Science, 33(11), 1404–1418.
Munir, H., Wnuk, K., & Runeson, P. (2016). Open innovation in software engineering: a systematic mapping study. Empirical Software Engineering, 21(2), 684–723.
Neves, S. M., da Silva, C. E. S., Salomon, V. A. P., da Silva, A. F., & Sotomonte, B. E. P. (2014). Risk management in software projects through knowledge management techniques: cases in Brazilian incubated technology-based firms. International Journal of Project Management, 32(1), 125–138.
Nurdiani, I., Jabangwe, R., Šmite, D., & Damian, D. (2011). Risk identification and risk mitigation instruments for global software development: systematic review and survey results. In: Global Software Engineering Workshop (ICGSEW), 2011 Sixth IEEE International Conference on (pp. 36–41). IEEE.
Oliveira, K. A., Gusmão, C. M., & de Barros Carvalho Filho, E. C. (2012). Mapeamento de Riscos em Projetos de Desenvolvimento Distribuído de Software. In: CONTECSI-international conference on information systems and technology management (vol. 9, no. 1, pp. 3837–3866).
Pa, N. C., & Jnr, B. A. (2015). A review on decision making of risk mitigation for software management. Journal of Theoretical & Applied Information Technology, 76(3).
Pfleeger, S. L., Hatton, L., & Howell, C. C. (2001). Solid software. Prentice Hall PTR.
Pressman, R. S. (2005). Software engineering: a practitioner’s approach. Palgrave Macmillan.
Qinghua, P. (2009). A model of risk assessment of software project based on grey theory. In: Computer Science & Education, 2009. ICCSE'09. 4th International Conference on (pp. 538–541). IEEE.
Raz, T., Shenhar, A. J., & Dvir, D. (2002). Risk management, project success, and technological uncertainty. R&D Management, 32(2), 101–109.
Reeves, J. D., Eveleigh, T., Holzer, T. H., & Sarkani, S. (2013). Identification biases and their impact to space system development project performance. Engineering Management Journal, 25(2), 3–12.
Ren, F. (2016) Understanding Pareto’s principle - the 80-20 rule. https://www.thebalance.com/pareto-s-principle-the-80-20-rule-2275148. Accessed May 2017.
Salmeron, J. L., & Lopez, C. (2012). Forecasting risk impact on ERP maintenance with augmented fuzzy cognitive maps. IEEE Transactions on Software Engineering, 38(2), 439–452.
Sarigiannidis, L., & Chatzoglou, P. D. (2014). Quality vs risk: an investigation of their relationship in software development projects. International Journal of Project Management, 32(6), 1073–1082.
Savolainen, P., Ahonen, J. J., & Richardson, I. (2012). Software development project success and failure from the supplier’s perspective: a systematic literature review. International Journal of Project Management, 30(4), 458–469.
Silva, S. (2011). Proposta de tratamento de fatores de riscos em desenvolvimento de software para uma organização no setor público. Federal University of Permambuco.
SJR. (2017). Scimago Journal & Country Rank (SJR). http://www.scimagojr.com/aboutus.php. Accessed May 2017.
Subramanian, G. H., Jiang, J. J., & Klein, G. (2007). Software quality and IS project performance improvements from software development process maturity and IS implementation strategies. Journal of Systems and Software, 80(4), 616–627.
Tang, A. G., & Wang, R. L. (2010, June). Software project risk assessment model based on fuzzy theory. In: Computer and Communication Technologies in Agriculture Engineering (CCTAE), 2010 International Conference On (vol. 2, pp. 328–330). IEEE.
Trigo, T. R., Gusmão, C., & Lins, A. (2008). CBR risk – risk identification method using case based reasoning. In: International Conference on Information Systems and Technology Management (vol. 5, No. 2008).
Van Loon, H. (2007). A management methodology to reduce risk and improve quality. IT Professional, 9(6), 30–35.
Vasconcellos, F. J., Landre, G. B., Cunha, J. A. O., Oliveira, J. L., Ferreira, R. A., & Vincenzi, A. M. (2017). Approaches to strategic alignment of software process improvement: a systematic literature review. Journal of Systems and Software, 123, 45–63.
Wallace, L., & Keil, M. (2004). Software project risks and their effect on outcomes. Communications of the ACM, 47(4), 68–73.
Wallace, L., Keil, M., & Rai, A. (2004a). Understanding software project risk: a cluster analysis. Information Management, 42(1), 115–125.
Wallace, L., Keil, M., & Rai, A. (2004b). How software project risk affects project performance: an investigation of the dimensions of risk and an exploratory model. Decision Sciences, 35(2), 289–321.
Wysocki, R. K. (2011). Effective project management: traditional, agile, extreme. John Wiley & Sons.
Zhang, H., Babar, M. A., & Tell, P. (2011). Identifying relevant studies in software engineering. Information and Software Technology, 53(6), 625–637.
Acknowledgements
The authors would like to thank the Brazilian Ministry of Health for the support given to this work.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
Rights and permissions
About this article
Cite this article
Menezes, J., Gusmão, C. & Moura, H. Risk factors in software development projects: a systematic literature review. Software Qual J 27, 1149–1174 (2019). https://doi.org/10.1007/s11219-018-9427-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11219-018-9427-5