MASTER OF BUSINESS ADMINISTRATION IN INFORMATION TECHNOLOGY M L D T Karunanayaka. Department of Computer Science & Engineering University of Moratuwa December 2009 ASSESSING THE AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT IN SRI LANKAN SOFTWARE INDUSTRY ASSESSING THE AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT IN SRI LANKAN SOFTWARE INDUSTRY By M L D T Karunanayaka The Dissertation was submitted, to the Department of Computer Science & Engineering of the University of Moratuwa in partial fulfilment of the requirements for the Degree of Master of Business Administration. Department of Computer Science & Engineering University of Moratuwa December 2009 i DECLARATION “I certify that this thesis does not incorporate, without acknowledgement, any material previously submitted for a degree or diploma in any university. To the best of my knowledge and belief, it does not contain any material previously published, written or orally communicated by any other person or me, except where due reference is made in the text. I also hereby give consent for my dissertation, if accepted, to be made available for photocopying and for interlibrary loans, and for the title and summary to be made available to outside organizations” ………………………………… …………………………. M L D T Karunanayaka. Date MBA/IT/08/9064 To the best of my knowledge, the above particulars are correct. ………………………………… …………………………. Prof. N D Gunawardena. Date Deputy Vice-Chancellor, University of Moratuwa. ii ABSTRACT Software projects are the lifeline of software development organizations. Due to the ever increasing complexities in systems, it is paramount that extensive planning and risk assessment is performed to ensure successful project completion. As an emerging industry in Sri Lanka, sound software project risk management is of crucial importance. This study is focused on measuring the awareness of software project risk management in Sri Lankan software industry. The study focuses primarily on investigating three key objectives: Firstly, identify the overall level of awareness of the software project risk management in Sri Lankan software industry. Secondly, extract the factors affecting to software project risk management and thirdly discussion on the risk response methods to the most significant risks found from survey results. Finally, the research discusses recommendations on improving the performance on better software project risk management based on the interviews conducted and the literature review. The research uses both qualitative and quantitative approaches to fulfill research objectives. Data was primarily gathered through the questionnaire and interviews. The questionnaire was distributed among selected professionals in Sri Lankan software industry. The results of the study indicate that the overall level of risk awareness in Sri Lankan software industry is above the average, evaluating to an estimated overall mean value of 3.7 out of 5. Study revealed that the awareness of software project risk management is dependent on the „organizational characteristics‟ such as size, complexity and cost of the project, organizational culture and higher management initiative. However there is no evidence to state that awareness is dependent on „technological aspects’ and ‘individual characteristics’. Since the „organizational characteristics‟ have a relationship with the risk awareness, it is advisable to strictly adhere to the processes and policies within an organization to ensure the positive outcome. iii ACKNOWLEDGEMENT Firstly, I would like to extend sincere thanks to my supervisor, Prof. Niranjan Gunawardena, Deputy Vice-Chancellor University of Moratuwa, for accepting my proposal and always being receptive, supportive and flexible. His constant confidence in me was definitely a driving factor to make this endeavor a success. I would like to thank specially, our head of department, Mrs. Vishaka Nanayakara. Your patience was invaluable when running out of time. I owe my deepest gratitude to Mrs. Dilini Kulawansa, Head of Department of Information Technology, for unconditionally taking time to give advice and show that analysis, in itself, is an art. I would also like to acknowledge the support and guidance provided by the academic and non academic staff of the Department of Computer Science and Engineering. I am indebted to my colleagues, who supported me in number of ways while completing their own research. I would also like to give special thanks to my parents and my brother for their inspiration and encouragement. Without their support this research would not have been possible. And last but not least, I wish to thank Aruna, for had it not been for the constant support and encouragement from him, this would not have materialized. iv TABLE OF CONTENTS DECLARATION ........................................................................................................... I ABSTRACT ................................................................................................................. II ACKNOWLEDGEMENT ........................................................................................ III LIST OF FIGURES ................................................................................................... VI LIST OF TABLES ................................................................................................... VII LIST OF ABBREVIATIONS ................................................................................ VIII CHAPTER 1: INTRODUCTION ............................................................................... 1 1.1 BACKGROUND .................................................................................................. 1 1.2 MOTIVATION .................................................................................................... 2 1.3 RESEARCH TOPIC .............................................................................................. 3 1.4 RESEARCH METHODOLOGY .............................................................................. 4 1.5 NATURE AND FORM OF RESULTS ...................................................................... 5 CHAPTER 2: LITERATURE SURVEY ................................................................... 6 2.1 SOFTWARE PROJECT RISK MANAGEMENT ........................................................ 6 2.2 IMPORTANCE OF RISK MANAGEMENT .............................................................. 6 2.3 RISK IDENTIFICATION MODELS ........................................................................ 7 2.4 SOFTWARE RISK IN OTHER COUNTRIES .......................................................... 17 2.5 FACTORS AFFECTING THE SOFTWARE PROJECT RISK MANAGEMENT............. 22 2.6 RISK RESPONSE STRATEGIES .......................................................................... 23 2.7 PROJECT LEVEL RISKS ................................................................................... 25 2.8 SUMMARY ...................................................................................................... 29 CHAPTER 3: METHODOLOGY ............................................................................ 30 3.1 THEORETICAL BACKGROUND AND CONCEPTUAL FRAMEWORK OF THE STUDY 30 3.2 RESEARCH APPROACH.................................................................................... 37 3.3 RESEARCH DESIGN ......................................................................................... 41 3.4 SAMPLE DESIGN ............................................................................................. 43 3.5 DATA COLLECTION ........................................................................................ 44 3.6 DATA ANALYSIS ............................................................................................ 45 CHAPTER 4: DATA ANALYSIS ............................................................................ 46 4.1 RELIABILITY AND VALIDITY .......................................................................... 46 4.2 DESCRIPTIVE ANALYSIS ................................................................................. 47 4.3 STATISTICAL ANALYSIS ................................................................................. 58 4.4 RESULT OF HYPOTHESES ANALYSIS ............................................................... 71 v CHAPTER 5: DISCUSSION .................................................................................... 73 5.1 COMPARISON OF THE CURRENT AVAILABLE STRATEGIES TO MOST SIGNIFICANT RISKS ................................................................................................... 73 CHAPTER 6: CONCLUSION AND RECOMMENDATIONS ............................ 82 6.1 CONCLUSION .................................................................................................. 82 6.2 RECOMMENDATIONS TO IMPROVE THE PERFORMANCE .................................. 84 6.3 LIMITATIONS OF THE STUDY .......................................................................... 86 6.4 FURTHER RESEARCH ...................................................................................... 87 REFERENCES ........................................................................................................... 89 APPENDIX I: QUESTIONNAIRE .......................................................................... 93 APPENDIX II ........................................................................................................... 101 vi LIST OF FIGURES FIGURE 2.1: RISK BREAKDOWN STRUCTURE (PROJECT MANAGEMENT INSTITUTE 2004) ......................... 9 FIGURE 2.2: RISK IDENTIFICATION MODEL IN ORGANIZATION CONTEXT (IRM 2002).............................. 11 FIGURE 2.3: RISK IDENTIFICATION WITH VARIETY OF PROJECT RISKS (WIDEMAN 1992) ......................... 15 FIGURE 3.1: TAXONOMY BASED RISK IDENTIFICATION (CARR ET AL. 1993) ............................................ 36 FIGURE 3.2: CONCEPTUAL MODEL FOR RISK IDENTIFICATION ................................................................ 38 FIGURE 3.3: CONCEPTUAL FRAMEWORK BETWEEN AWARENESS AND FACTORS AFFECTING AWARENESS 39 FIGURE 4.1: SAMPLE DEMOGRAPHICS – GENDER .................................................................................... 47 FIGURE 4.2: SAMPLE DEMOGRAPHICS – EDUCATION .............................................................................. 48 FIGURE 4.3: SAMPLE DEMOGRAPHICS – AGE GROUP ............................................................................... 49 FIGURE 4.4 : SAMPLE DEMOGRAPHICS – JOB TITLE ................................................................................. 50 FIGURE 4 .5: NUMBER OF RESPONSES AGAINST EVALUATION CRITERIA FOR PRODUCT ENGINEERING RISK ....................................................................................................................................................... 51 FIGURE 4 .6: NUMBER OF RESPONSES AGAINST EVALUATION CRITERIA FOR DEVELOPMENT ENVIRONMENT RISK ....................................................................................................................... 51 FIGURE 4 .7: NUMBER OF RESPONSES AGAINST EVALUATION CRITERIA FOR PROGRAM ENVIRONMENT RISK ................................................................................................................................................ 51 FIGURE 4.8: RATINGS AGAINST THE PRODUCT ENGINEERING ................................................................. 53 FIGURE 4.9: RATING AGAINST THE DEVELOPMENT ENVIRONMENT ......................................................... 55 FIGURE 4.10: RATINGS AGAINST THE PROGRAM ENVIRONMENT ............................................................. 56 FIGURE 4.11 : OVERALL PROJECT RISK FEEDBACK SUMMARY ................................................................. 57 FIGURE 4.12: SCATTER DIAGRAM ON AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT VS EXPERIENCE ................................................................................................................................... 63 FIGURE 4.13: SCATTER DIAGRAM ON AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT VS ORGANIZATIONAL CHARATERISTICS .............................................................................................. 67 FIGURE 4.14 : SCATTER DIAGRAM ON AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT VS TECHNOLOGICAL ASPECTS ............................................................................................................. 69 FIGURE 4.15 : SCATTER DIAGRAM ON AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT VS INDIVIDUAL CHARACTERISTICS ...................................................................................................... 70 vii LIST OF TABLES TABLE 2.1: TOP 10 SOFTWARE RISK ITEMS (BOEHM 1991)..................................................................... 18 TABLE 2.2: CRITICAL 20 RISK FACTORS IN THE IMPLEMENTATION OF INFORMATION TECHNOLOGY SERVICE MANAGEMENT PROJECTS .................................................................................................. 20 TABLE 2.3: MANAGING PROJECT LEVEL RISKS (CONROW AND SHISHIDO 1997) .................................... 25 TABLE 2.4: MANAGING PROJECT ATTRIBUTE LEVEL RISKS (CONROW AND SHISHIDO 1997) ................. 26 TABLE 2.5: ENGINEERING AND MANAGEMENT LEVEL RISKS (CONROW AND SHISHIDO 1997) ............... 27 TABLE 2.6: MANAGING WORK ENVIRONMENT RISKS (CONROW AND SHISHIDO 1997) .......................... 28 TABLE 2.7: MANAGING OTHER RISKS (CONROW AND SHISHIDO 1997) .................................................. 28 TABLE 3.1: OPERATIONALIZATION OF VARIABLES USED IN THE STUDY ................................................... 43 TABLE 4.1: RELIABILITY STATISTICS FOR MAJOR RISK CLASSES .............................................................. 46 TABLE 4.2: RELIABILITY STATISTICS FOR INDEPENDENT VARIABLES ...................................................... 47 TABLE 4.3: DESCRIPTIVE STATISTICS OF RISKS IN PRODUCT ENGINEERING ............................................ 53 TABLE 4.4: DESCRIPTIVE STATISTICS OF RISK IN DEVELOPMENT ENVIRONMENT .................................... 54 TABLE 4.5: DESCRIPTIVE STATISTICS OF RISK IN PROGRAM ENVIRONMENT ............................................ 56 TABLE 4.6: FREQUENCY ON OVERALL AWARENESS ON SOFTWARE PROJECT RISK MANAGEMENT IN SRI LANKAN SOFTWARE INDUSTRY ...................................................................................................... 57 TABLE 4.7: DESCRIPTIVE STATISTICS OF RESEARCH CONSTRUCTS .......................................................... 57 TABLE 4.8: CORRELATION BETWEEN EXPERIENCES AND AWARENESS OF SOFTWARE PROJECT RISK MANAGEMENT ................................................................................................................................ 63 TABLE 4.9: ANOVA RESULTS ON LEVEL OF RISK AWARENESS AND AGE GROUPS ................................... 64 TABLE 4.10: ANOVA RESULTS ON LEVEL OF RISK AWARENESS AND GENDER ........................................ 66 TABLE 4.11: CORRELATION RESULTS BETWEEN AWARENESS AND ORGANIZATIONAL CHARACTERISTICS 68 TABLE 4.12: CORRELATION RESULTS BETWEEN AWARENESS AND TECHNOLOGICAL ASPECTS................ 69 TABLE 4.13: CORRELATION RESULTS BETWEEN AWARENESS AND INDIVIDUAL CHARACTERISTICS ........ 71 TABLE 5.1: RISK RESPONSE STRATEGIES TO MOST SIGNIFICANT RISKS .................................................... 81 viii LIST OF ABBREVIATIONS IRM – Institute of Risk Management RBS –Risk Break Down Structure RIM – Risk Identification Model SEI – Software Engineering Institute SPSS – Statistical Package for Social Science SQA – Software Quality Assurance TBQ – Taxonomy Based Questionnaire