Ñîâðåìåííûå
èíôîðìàöèîííûå òåõíîëîãèè/ 3.Ïðîãðàììíîå îáåñïå÷åíèå
Pylypchuk
Kh., Bilas O.
Lviv Polytechnic National
University, Ukraine
Analysis and improvement of personal software process risks estimation
model
Abstract
- This research provides analysis and estimate of individual risks, which enable of
software quality increase by reducing the impact of risks on the project.
I.
Introduction
With
speed growth of IT industry and emergence of a large number of software
systems, the problem of quality is crucial. Products with high quality are more
likely to hold on the software market and bring much more profit. Effective
control of the software development process at the individual level, during the
whole lifecycle should provide quality improvement.
A
significant threat on the successful software projects implementation have
different types of risks. Risk analysis at the project level is commonly
implemented. The use of risk analysis in the individual development process
will help identify, assess and prevent the emergence of personal risks.
II.
Identification
and assessment of individual risks
There
are many definitions of risk as the existence of uncertainty associated with
the onset of adverse event, and damage arising from the onset of this event.
Risk, by definition, Software Engineering Institute (SEI) - an opportunity of
losses [1].
Risk
management in project involves forecasting and determining of the risks,
quantitative risk assessment, the development of methods and ways to respond to
the risks and their control throughout the project life cycle.
For the individual risk management process the following steps
could
be defined:
1. Identification of individual risks;
2. Risk Assessment;
3. Development of responses to risks;
4. Risks control.
1. Identification of risks is done by the decomposing of various phases the development process:
requirements, process, functional area, technical features or phases of implementation. For identification of risks and their root
causes, the project should be divided to the
level of detail when risks on the lowest level of structure could
be identified.
After
analyzing the existing project risks, the following individual risks could be determined:
-
Insufficient level of personal qualification;
-
Development of functionally incorrect program elements;
-
Inability to estimate the amount of individual work and time
performance;
-
Improper individual planning;
-
Lack of personal communication;
-
Inability to work under time pressure;
-
Human factors (illness, etc.).
2.
Risk Assessment - is a stage
of qualitative and quantitative
analysis. Its purpose is a
measurement of identified risks in the
first stage, namely:
-
Calculation of
risks and the consequences of them;
-
Risk assessment;
-
Permissible level defining;
-
Account of
risks.
Quantitative risk assessment is
essentially a supplement to the qualitative assessment. As a result,
quantitative risk analysis obtained numerical determination of the size of
individual risks and risk of the whole project. Risk can be defined both in
absolute and in relative terms. Measuring risk in absolute terms are useful for
specific types of losses, and relative - when comparing projected level losses
from the real level. At the stage of risk assessment will use two evaluations:
qualitative and quantitative.
Qualitative
assessment includes:
-
Determining the effect of individual risk (impact level) for the
project;
-
Determination of risk priority.
Define
the base levels of impact on the project:
TABLE 1
Levels of risk impact on the project budget
|
Levels of risk impact |
|||||||||
|
Insignificant |
Low |
Average |
High |
Significant |
|||||
|
0,05 |
0,1 |
0,2 |
0,4 |
0,8 |
|||||
|
0,1 |
0,3 |
0,5 |
0,7 |
0,9 |
|||||
|
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
Levels of impact measured from 1
to 10 are interpreted as follows:
10 - Project defeated;
9 - exceeding the budget by 40% or
no investment in terms of 40%;
8 - exceeding the budget by 30% or
no investment in terms of 30%;
7 - exceeding the budget by 20% or
no investment in terms of 20%;
6 - exceeding the budget by 10% or
no investment in terms of 10%;
5 - marginally exceeded the
project budget;
4 - significant using the time or funds limits of the project, but within the limits of budget;
3 - average using the time or funds limits
of the project;
2 - low number of time or funds limits of project;
1 - no real influence on the
project.
To determine the priority risks
will use the following equation:
(1)
where IRP - individual risk
priority
P - probability of risk
IL - risk impact level on the
project.
Under the probability of
occurrence a random variable as a measure of risk (R) means the probability of
loss or shortfall of income compared to the expected option:
(2)
where X is a random variable loss;
P (x) - probability of loss.
TABLE 2
Empirical scale
acceptable impact level of risk
|
¹ |
The probability of an undesirable outcome (value of risk) |
Graduation of risk |
|
1 |
0,0 –
0,1 |
Minimal
risk |
|
2 |
0,1 –
0,3 |
Low risk |
|
3 |
0,3 –
0,4 |
Average
risk |
|
4 |
0,4 –
0,6 |
High risk |
|
5 |
0,6 –
0,8 |
Maximum
risk |
|
6 |
0,8 –
1,0 |
Critical risk |
The risks can be sorted by using the risks priorities. Thus, the risks that have very low priority can be removed from further
analysis.
It is also necessary to determine
the overall risk of the project. It is defined as an average of all the risks
with high priority:
(3)
where SC
– common
risk,
IRP - individual risk priority,
N – amount of risks.
Quantitative risk assessment
involves determining the probability of the risks and impacts of their
consequences on the project and make the right decisions.
Quantitative risk assessment for
each define as follows:
(4)
where 
- value of risk,
probability of risk,
–
value losses of risk.
Also
determine the total value loss for the entire project:
(5)
where 
-
total value of risk loss.
3. Development
of risk prevention measures.
At this point, embodied in practice conducted in the previous steps results of research. They are:
-
design of
possible strategies;
-
choice of optimal
strategy;
-
implementation of the
chosen strategy.
TABLE 3
Measures for responding on risks
|
Risk |
Measures for preventing of the risks |
|
Insufficient level of personal training |
Improve
a level of skills by additional courses or performing self-development. |
|
Development
of functionally wrong program elements |
Increase
a level of qualification |
|
Inability
to estimate the amount of individual work and runtime |
Develop
the projects of different types and different complexity. |
|
Incorrect
individual planning |
Conduct
the composition of difficult task to subtasks and performing of subtasks
planning. |
|
Disadvantages of personal communications |
Improve
personal communication quality. |
|
Inability
to work under time pressure |
Improve
the skills of self-organization and planning of the work. |
|
Human factors
(illness, etc.). |
Prematurely take a
vacation. |
4.
Control of the risks. The purpose of this stage are:
-
permanent
tracking of individual risks in the process of implementation for the chosen strategy;
-
accumulation and
analysis of information in order to prevent the emergence of new risks;
-
revaluation and adjustment of the risks;
-
operational
decisions in case of any deviations from the chosen
strategy.
This stage provides a cyclicity of
the process of risk management. In each project must present unknown
(uncertain) risks whose share in total amount of risk depends on which field the
project
is implemented. In order to
reverse the results of such risks in the personal reserve, are laid some
financial and time resources. But responding to unknown risks only after their
appearing associated with a sufficiently large cost. More efficient is an ahead of events, reseiving the information about the potential emergence
of unknown risk in advance, when it is possible to adjust the process without
repeating a number of works.
Conclusion
Summarizing the above, it should
be emphasized that the main purpose of risk assessment - to give developers the
necessary information to make decisions about the feasibility of participation
in one or another project and provide measures to protect against possible
financial losses. Different methods for
individual assessment can be used for
quantitative risk analysis. Methods of quantitative assessment are more
sophisticated, and factor of
uncertainty decrease. Consequently, identification and assessment of individual
risks can greatly improve the quality of software by providing market
competitiveness.
References
[1] W. Hayes and J. W. Over. The Personal Software
Process (PSP): An empirical study of the impact of PSP on individual engineers.
Technical Report CMU/SEI-97-TR-001, Software Engineering Institute, Pittsburgh,
PA., 1997.
[2] Ray C. Williams, George J. Pandelios, Sandra G. Behrens. 1999.
Software Risk Evaluation (SRE) Method Description
[3] Pisarevskyy I.M. Risk Management / Kharkiv: KSAME, 2008.- 124 p.
[4] T. Demark Valsyruya with Bear: Management dashes in the projects of
software Development Provision / Demark T., T. Lister - M .: Office. M., 2005.
- 190 p.