1 Managing Risk in Software Process Improvement: Software Process Improvement: An Action Research Approach Jakob H. Ivesen, Lars Mathiassen, and Peter Axel Nielsen Special Issue on Action Research Volume 28, Number 3 Presented to: Dr. Dina Rateb Prepared by: Eng. Mohamed Osman ( Apr 5 th, 06)

2 Many software organizations engage in software process improvement (SPI) initiatives to increase their capability to develop quality solutions at a competitive level. Such efforts, however, are complex and very demanding. A variety of risks makes it difficult to develop and implement new processes. Many software organizations engage in software process improvement (SPI) initiatives to increase their capability to develop quality solutions at a competitive level. Such efforts, however, are complex and very demanding. A variety of risks makes it difficult to develop and implement new processes. We studied SPI in its organizational context through collaborative practice research (CPR), a particular form of action research. The CPR program involved close collaboration between practitioners and researchers over a three-year period to understand and improve SPI initiatives in four Danish software organizations. The problem of understanding and managing risks in SPI teams emerged in one of the participating organizations and led to this research.. We studied SPI in its organizational context through collaborative practice research (CPR), a particular form of action research. The CPR program involved close collaboration between practitioners and researchers over a three-year period to understand and improve SPI initiatives in four Danish software organizations. The problem of understanding and managing risks in SPI teams emerged in one of the participating organizations and led to this research.. Our research offers two contributions. Our research offers two contributions. - First, we contribute to knowledge on SPI by proposing an approach to understand and manage risks in SPI teams. - First, we contribute to knowledge on SPI by proposing an approach to understand and manage risks in SPI teams. - Second, we contribute to knowledge on risk management within the information systems and software engineering disciplines. - Second, we contribute to knowledge on risk management within the information systems and software engineering disciplines. Introduction

3 Software Process Improvement (SPI) Continuous and evolutionary approach to improve a software organization’sContinuous and evolutionary approach to improve a software organization’s capability to develop quality software in response to customer’s requirement. SPI covers a wide range of activities, from basic Project ManagementSPI covers a wide range of activities, from basic Project Management disciplines such as project planning and tracking to sophisticated continuous improvement of developed processes. Evidence suggests that SPI initiatives have led to dramatic improvementsEvidence suggests that SPI initiatives have led to dramatic improvements of productivity, cycle time and quality. These initiatives faced a high number of failures. Out of 1,638 organizationsThese initiatives faced a high number of failures. Out of 1,638 organizations assessing, only 34% had proceeded to a 2 nd assessment. Of those, 16.1% failed. Time frame to move from a level to another varied from 16 to 32 months.Time frame to move from a level to another varied from 16 to 32 months.

4 The IDEAL Model Initiating Diagnosing Establishing Acting Learning Set Context Build Sponsorship Charter Infra- Structure Propose Future Actions Analysis & Validate Implement Solution Refine Solution Pilot Solution Create Solution Build Sponsorship Set Priorities Character Current & Desired States Develop Recomms Stimulate for change

5 Metrics Project Management Configuration Management Quality Control SEPG Steering Group Organizational Level ( SEPG) Project Level (SPI Teams) SPI Project Organization

6 Software Risk Management Risk Management has been adopted and developed in a variety of areas, including warfare, space exploration, nuclear reactors, security and financial Investments. Risk Management ideas have been applied successfully to software development in response to various forms of system failure. Degree of risk is assessed either in Quantitative terms as the probability of unsatisfactory events multiplied by the loss associated with their outcome or in Qualitative by referring to the uncertainness surrounding the project and the magnitude of potential loss associated with project failure Approaches to Software Risk Management: 1.Risk List ( A list of prioritized risk items ) 2.Risk-action list (Same; with related resolution actions) 3.Risk Strategy Model (A contingency model relates aggregate risk and resolution) 4.Risk Strategy Analysis ( A stepwise process links risks to risk Mgmt strategy)

7 Developing Risk Approaches InitiatingIteratingClosing 1.Appreciate Problem Situation 2.Study Literature 5.Design Risk Process 4.Develop Risk Framework 6.Apply Approach 7.Evaluate experiences 8.Exit 9.Assess usefulness 10.Elicit research results Area of Concern Risk Management Risk Approach 3.Select Risk Approach

8 Research Practice and Results A time line for the Action Research, together with an overview of activities and roles played by researchers and practitioners 1.Initiating (10.97 – 12.97) 2.First Iteration (01.98 – ) 3.Second Iteration (03.98 – ) 4.Third Iteration ( – 11.98) 5.Fourth Iteration ( ) 6.Closing (02.99 – 02.00) Results: Research had 2 approaches ( Manage Risks – Tailor Risk Mgmt to specific contexts within Information Systems) each : Addresses Application Area ( A ) Provides a Frame Work ( F ) for understanding Provides Methodology ( M ) for problem solving within (A) based on (F)

9 Improvement Area Improvement Process Improvement Ideas Improvement Actors Risk Areas for SPI Teams Improvement area: Those parts of Software Organization that are affected by SPI initiative Improvement Ideas: Set of processes, Tools &Techniques that SPI seeks to Bring to Improvement areas Improvement Process: SPI initiative itself and way it is organized, conducted and managed Improvement Actors: Those involved in carrying out SPI Initiative

10 We used CBR- based action research to combine knowledge from SPI and Software Risk Management to respond to practical needs of SPI teams. Findings have implications for both research and practice. Parts were published of the presented results to SPI practitioners. Practical approach was offered to address risk systematically. Approach was documented and illustrated for this purpose. Conclusion

11 THANK YOU