Complementing approaches in ERP effort estimation practice: an industrial study

Projects implementing enterprise resource planning (ERP) solutions are characterized by specific context factors such as high level of reuse, scope of the ERP modules, interdependent functionality, and use of vendor-specific standard implementation method, all of which impose risks known to cause various degrees of project failure. We suggest a remedy to this issue by tackling it from a portfolio management perspective. Our solution rests on earlier work by other authors and is a combination of a classic cost estimation method (COCOMO II), a Monte Carlo simulation process, and a portfolio management model. We report on the results of a case study done in a company site in the telecommunication sector

Handling requirements dependencies in agile projects: A focus group with agile software development practitioners

Agile practices on requirements dependencies are a relatively unexplored topic in literature. Empirical studies on it are scarce. This research sets out to uncover concepts that practitioners in companies of various sizes across the globe and in various industries, use for dealing with requirements dependencies in their agile software projects. Concepts were revealed through online focus group research, using an adapted forum for discussion, and grounded theory to analyze the responses. Our study resulted in the following findings: (1) requirements dependencies occur in agile projects and are important to these projects' success just as this is known for `traditional' software projects'; (2) requirements dependencies (i) were considered and treated as part of risk management, (ii) were deemed a responsibility of the individual team members, and (iii) mostly did affect project planning; (3) continuous communication and collaboration - two essential features of any agile method, were found critical to mitigating the risks due to dependencies; (4) a hybrid approach to architecture between agile and plan-driven methods was perceived to yield maximum scalability and help coping with dependencies; (5) `cross-cutting concerns', a category of dependencies, were not uniformly understood in an agile context and require more research

Cloud computing security requirements: a systematic review

Many publications have dealt with various types of security requirements in cloud computing but not all types have been explored in sufficient depth. It is also hard to understand which types of requirements have been under-researched and which are most investigated. This paper's goal is to provide a comprehensive and structured overview of cloud computing security requirements and solutions. We carried out a systematic review and identified security requirements from previous publications that we classified in nine sub-areas: Access Control, Attack/Harm Detection, Non-repudiation, Integrity, Security Auditing, Physical Protection, Privacy, Recovery, and Prosecution. We found that (i) the least researched sub-areas are non-repudiation, physical protection, recovery and prosecution, and that (ii) access control, integrity and auditability are the most researched sub-areas

A coordination complexity model to support requirements engineering for cross-organizational ERP

Cross-organizational information systems projects, such as ERP, imply an expensive requirements engineering (RE) cycle. Little is known yet about how to carry it out with more predictable alignment results and chances for success. We propose an approach that allows incremental, systematic improvement of crossorganizational RE. It builds on organizational network research, coordination theory, ERP misalignments, and existing RE improvement standards

Relational-model based change management for non-functional requirements: approach and experiment

In software industry, many organizations either focus their traceability efforts on Functional Requirements (FRs) or else fail entirely to implement an effective traceability process. NonFunctional Requirements (NFRs) such as security, safety, performance, and reliability are treated in a rather ad hoc fashion and are rarely traced. This is mainly because of the unique nature of NFRs. They are subjective, relative and they tend to become scattered among multiple modules when they are mapped from the requirements domain to the solution space. Furthermore, NFRs can often interact, in the sense that attempts to achieve one NFR can help or hinder the achievement of other NFRs at particular software functionality. Such an interaction creates an extensive network of interdependencies and tradeoffs among NFRs which is not easy to trace. In a previous work, we proposed a conceptualization of NFRs through the NFRs Ontology. In this paper, we extend the previous work by proposing a change management mechanism for tracing the impact of NFRs on the other constructs in the ontology such as FR or NFR operationalization and vice versa, and providing a traceability mechanism using Datalog expressions to imp lement queries on a relational model-based representation for the ontology. The proposed traceability queries are then evaluated through a multiproject variation quasi-experiment on regression testing conducted in the industry

Value-based Requirements Engineering for Value Webs

Since the 1980s, requirements engineering (RE) for information systems has been performed in practice using techniques (rather than the full method) from Information Engineering (IE) such as business goal analysis, function{ and process modeling, and cluster analysis. Recently, these techniques have been supplemented with portfolio management, which looks at sets of IT projects and offers fast quantitative decision-making about continuation of IT projects. Today's networked world, though, poses challenges to these techniques. A major drawback is their inability to adequately specify the requirements for IT systems used by businesses that provide services to each other in a value web. In this paper, we analyze this problem, and propose a solution by coupling IE and portfolio management with value-based RE techniques at the business network level. We show how these techniques interrelate, and illustrate our approach with a small example