Software engineering risk management : a method, improvement framework, and empirical evaluation

This dissertation presents a method for software risk management, its improvement framework, and results from its empirical evaluations. More specifically, our objectives were: Develop a comprehensive, theoretically sound, and practical method for software engineering risk management. Develop a framework and supporting software tools for the continuous improvement of software engineering risk management and for improving knowledge about risks. Evaluate the method in practice to provide information on its feasibility, effectiveness, advantages and disadvantages, and to improve it. Although risk management has been considered an important issue in software development and significant contributions to risk management have been made over the past decade, risk management is rarely actively and explicitly applied in practice. Furthermore, most risk management approaches in software engineering use simplistic approaches and fail to account for the biases common in risk perception. We have developed a method, called Riskit, that complements existing risk management approaches by supporting qualitative and structured analysis of risks through a graphical modeling formalism. The method supports multiple stakeholder views to risks by considering their potential utility losses. The Riskit method is comprehensive, i.e., it supports all aspects of risk analysis and risk management planning in a software development project. We propose that our method has a sound theoretical foundation, avoids common biases in risk evaluations, and results in a more thorough understanding of the risks than traditional approaches. Associated with the method, we have also developed a risk management improvement framework that supports continuous, systematic improvement of the risk management process. The improvement framework is based on the Quality Improvement Paradigm, and is supported by the eRiskit application. The eRiskit application supports the management of risks while simultaneously acting as a risk management repository that captures risk management data for improvement purposes. The eRiskit application also acted as a proof of concept for the correctness of the underlying concepts in the Riskit method. We have validated the feasibility and effectiveness of the Riskit method in a series of empirical studies. The empirical studies were designed to provide characterization information and feedback on the method, as well as to act as initial validation of the method. The empirical evaluations showed that the method is feasible in industrial context and it seemed to improve participants' confidence in risk management results. In addition, our research indicates that industry needs sound, systematic, yet cost effective methods for risk management, a common and customized approach to improve communications within an organization, and support and enforcement of the common approach.reviewe

Risk management in intelligent agents

University of Technology, Sydney. Faculty of Engineering and Information Technology.This thesis presents the development of a generalised risk analysis, modelling and management framework for intelligent agents based on the state-of-art techniques from knowledge representation and uncertainty management in the field of Artificial Intelligence (AI). Assessment and management of risk are well established common practices in human society. However, formal recognition and treatment of risk are not usually considered in the design and implementation of (most existing) intelligent agents and information systems. This thesis aims to fill this gap and improve the overall performance of an intelligent agent. By providing a formal framework that can be easily implemented in practice, my work enables an agent to assess and manage relevant domain risks in a consistent, systematic and intelligent manner. In this thesis, I canvas a wide range of theories and techniques in AI research that deal with uncertainty representation and management. I formulated a generalised concept of risk for intelligent agents and developed formal qualitative and quantitative representations of risk based on the Possible Worlds paradigm. By adapting a selection of mature knowledge modelling and reasoning techniques, I develop a qualitative and a quantitative approach of modelling domains for risk assessment and management. Both approaches are developed under the same theoretical assumptions and use the same domain analysis procedure; both share a similar iterative process to maintain and improve domain knowledge base continuously over time. Most importantly, the knowledge modelling and reasoning techniques used in both approaches share the same underlying paradigm of Possible Worlds. The close connection between the two risk modelling and reasoning approaches leads us to combine them into a hybrid, multi-level, iterative risk modelling and management framework for intelligent agents, or HiRMA, that is generalised for risk modelling and management in many disparate problem domains and environments. Finally, I provide a top-level guide on how HiRMA can be implemented in a practical domain and a software architecture for such an implementation. My work lays a solid foundation for building better decision support tools (with respect to risk management) that can be integrated into existing or future intelligent agents

Scope Management of Non-Functional Requirements

In order to meet commitments in software projects, a realistic assessment must be made of project scope. Such an assessment relies on the availability of knowledge on the user-defined project requirements and their effort estimates and priorities, as well as their risk. This knowledge enables analysts, managers and software engineers to identify the most significant requirements from the list of requirements initially defined by the user. In practice, this scope assessment is applied to the Functional Requirements (FRs) provided by users who are unaware of, or ignore, the Non-Functional Requirements (NFRs). This paper presents ongoing research which aims at managing NFRs during the software development process. Establishing the relative priority of each NFR, and obtaining a rough estimate of the effort and risk associated with it, is integral to the software development process and to resource management. Our work extends the taxonomy of the NFR framework by integrating the concept of the "hardgoal". A functional size measure of NFRs is applied to facilitate the effort estimation process. The functional size measurement method we have chosen is COSMICFFP, which is theoretically sound and the de facto standard in the software industry

Migrating agile methods to standardized development practice

Situated process and quality frame-works offer a way to resolve the tensions that arise when introducing agile methods into standardized software development engineering. For these to be successful, however, organizations must grasp the opportunity to reintegrate software development management, theory, and practice

Comparative study of design: application to Engineering Design

A recent exploratory study examines design processes across domains and compares them. This is achieved through a series of interdisciplinary, participative workshops. A systematic framework is used to collect data from expert witnesses who are practising designers across domains from engineering through architecture to product design and fashion, including film production, pharmaceutical drugs, food, packaging, graphics and multimedia and software. Similarities and differences across domains are described which indicate the types of comparative analysis we have been able to do from our data. The paper goes further and speculates on possible lessons for selected areas of engineering design which can be drawn from comparison with processes in other domains. As such this comparative design study offers the potential for improving engineering design processes. More generally it is a first step in creating a discipline of comparative design which aims to provide a new rich picture of design processes

A requirements engineering framework for integrated systems development for the construction industry

Computer Integrated Construction (CIC) systems are computer environments through which collaborative working can be undertaken. Although many CIC systems have been developed to demonstrate the communication and collaboration within the construction projects, the uptake of CICs by the industry is still inadequate. This is mainly due to the fact that research methodologies of the CIC development projects are incomplete to bridge the technology transfer gap. Therefore, defining comprehensive methodologies for the development of these systems and their effective implementation on real construction projects is vital. Requirements Engineering (RE) can contribute to the effective uptake of these systems because it drives the systems development for the targeted audience. This paper proposes a requirements engineering approach for industry driven CIC systems development. While some CIC systems are investigated to build a broad and deep contextual knowledge in the area, the EU funded research project, DIVERCITY (Distributed Virtual Workspace for Enhancing Communication within the Construction Industry), is analysed as the main case study project because its requirements engineering approach has the potential to determine a framework for the adaptation of requirements engineering in order to contribute towards the uptake of CIC systems

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Advanced Techniques for Assets Maintenance Management

16th IFAC Symposium on Information Control Problems in Manufacturing INCOM 2018 Bergamo, Italy, 11–13 June 2018. Edited by Marco Macchi, László Monostori, Roberto PintoThe aim of this paper is to remark the importance of new and advanced techniques supporting decision making in different business processes for maintenance and assets management, as well as the basic need of adopting a certain management framework with a clear processes map and the corresponding IT supporting systems. Framework processes and systems will be the key fundamental enablers for success and for continuous improvement. The suggested framework will help to define and improve business policies and work procedures for the assets operation and maintenance along their life cycle. The following sections present some achievements on this focus, proposing finally possible future lines for a research agenda within this field of assets management