As we have discussed, complexity and volatility are a cause of difficulty in software development and increase the risk of failure: failure to deliver in time and on budget, or to meet stakeholders’ needs in context. In turn, failure can have profound consequences: it may lead to tangible harm or losses (e.g. harm to people or damage to goods, loss of contracts, loss of revenue, decrease in market share, penalties in contracts) or intangible harm (e.g. loss of trust, credibility or future business opportunities, damage to the reputations of people, organisations or trademarks, dissemination of confidential information, loss of intellectual-property rights).
Note: risk assessment (how to identify risk) and risk management (how to deal with risk) have been the subject of study in a wide variety of domains, from business to engineering, health or statistics, and a vast literature exists on the subject.
One important role of software development processes is to reduce risk, particularly in relation to two fundamental categories:
- Problem-related risks: these are risks associated with misunderstanding the problem and the stakeholders’ requirements, or making inappropriate assumptions as to the context of the system.
- Solution-related risks: these are factors associated with developing software which does not address the identified problem or is not fit for its purpose.
Do a web search on software development risk. Which recurrent factors can you identify? How do they relate to the categories above?
Your list will be different from ours. Among the recurrent risk factors we identified are:
- Problem-related risks: incomplete or inconsistent requirements; unachievable goals; wrong assumptions about the domain.
- Solution-related risks: technical infeasibility; breakdown of specification.