Risk management in software engineering: What still needs to be done

Abstract

For quite a few decades, risk management has been an integral part of software engineering. Without proper risk management, the success of software projects is at stake. The risk management processes are categorized into risk planning, risk identification, risk analysis, risk response (or mitigation), and risk monitoring and control. This paper reviews the tools and techniques that are available in literature or practiced for the stated risk management processes. It analyzes a few of these commonly used techniques critically and identifies their shortcomings and/or limitations. This paper shows that the existing risk management techniques may result in incorrect risk management and hence may cause projects failure. The motivation of this research is to encourage researchers to find solutions and devise more effective risk management techniques.