Information and Software Technology xxx (2013) xxx–xxx

Contents lists available at SciVerse ScienceDirect

Information and Software Technology

journal homepage: www.elsevier.com/locate/infsof

An empirical study on the implementation and evaluation

of a goal-driven software development risk management model
Shareeful Islam a,⇑, Haralambos Mouratidis a, Edgar R. Weippl b
a
School of Architecture, Computing, and Engineering, University of East London, 4-6 University Way, London E16 2RD, United Kingdom
b
SBA Research gGmbh, Sommerpalais Harrach, Favoritenstrasse 16, 1040 Wien, Austria

a r t i c l e i n f o a b s t r a c t

Article history: Context: Building a quality software product in the shortest possible time to satisfy the global market
Received 17 October 2012 demand gives an enterprise a competitive advantage. However, uncertainties and risks exist at every
Received in revised form 23 June 2013 stage of a software development project. These can have an extremely high influence on the success of
Accepted 25 June 2013
the final software product. Early risk management practice is effective to manage such risks and contrib-
Available online xxxx
utes effectively towards the project success.
Objective: Despite risk management approaches, a detailed guideline that explains where to integrate
Keywords:
risk management activities into the project is still missing. Little effort has been directed towards the
Software risk management
Goal modelling language
evaluation of the overall impact of a risk management method. We present a Goal-driven Software Devel-
Requirements engineering opment Risk Management Model (GSRM) and its explicit integration into the requirements engineering
Empirical study phase and an empirical investigation result of applying GSRM into a project.
Goal-risk model Method: We combine the case study method with action research so that the results from the case study
directly contribute to manage the studied project risks and to identify ways to improve the proposed
methodology. The data is collected from multiple sources and analysed both in a qualitative and quanti-
tative way.
Results: When risk factors are beyond the control of the project manager and project environment, it is
difficult to control these risks. The project scope affects all the dimensions of risk. GSRM is a reasonable
risk management method that can be employed in an industrial context. The study results have been
compared against other study results in order to generalise findings and identify contextual factors.
Conclusion: A formal early stage risk management practice provides early warning related to the prob-
lems that exists in a project, and it contributes to the overall project success. It is not necessary to always
consider budget and schedule constraints as top priority. There exist issues such as requirements, change
management, and user satisfaction which can influence these constraints.
Ó 2013 Elsevier B.V. All rights reserved.

1. Introduction failure [7]. An advantage of considering risk management during

Software projects, by inherent nature, contain a significant
number of uncertainties such as time-to-market, budget and sche-
dule estimation, technology evolution, and stakeholders’ expecta-
tions. Failure to control such uncertainties imposes potential
risks on a project. Software risk management can be used as a tool
to manage these risks and to reason about the uncertainties in-
volved. There exist several risk management methods for manag-
ing risks in software projects [1–5]. Practitioners and researchers
agree that for a risk management practice to be effective, it needs
to be included at the early phase of the development process [6],
since requirement problems are one of the main causes of project
⇑ Corresponding author. Tel.: +442082237273.
E-mail addresses:
the requirements engineering phase is that such integration en-
ables the identification of expensive and persistent requirement
problems [8]. However, the literature fails to provide comprehen-
sive and detailed guidelines and clear evidence on how to integrate
risk management activities at the early development stages
[9,10,6]. Moreover, although several study results exist in the
literature on identifying risk factors in software projects, only
few reports are available on evaluating the impact of an overall risk
management method onto a software project [4]. Research studies
indicate that risk management is not well applied in practice [11]
and practitioners are more concerned on the tangible development
cost, which provides direct benefits in terms of project deliverables
[9]. For a successful project, it is difficult to prove that any part of
the resulting product is influenced by software risk management

[email protected] (S. Islam), [email protected] (H. Mouratidis),
[12]. Therefore, it is necessary to integrate risk management
[email protected] (E.R. Weippl). approaches into the early development and to create awareness

0950-5849/$ - see front matter Ó 2013 Elsevier B.V. All rights reserved.
http://dx.doi.org/10.1016/j.infsof.2013.06.003

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
2 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
among the practitioners about the impact of risk management
practice on software projects.
Within this context, the novel contributions of this paper are (i)
a goal-driven risk management method; (ii) an explicit integration
of the risk management method into the requirements engineering
phase; and (iii) an empirical evaluation of the impact of the risk
management method into a software development project. The
presented risk management method is based on the KAOS goal
modelling language [8]. In particular, GSRM adopts goal and obsta-
cle concepts from the KAOS goal modelling language and extends it
with risk assessment and treatment [6]. We have decided to build
our work on existing research on goal modelling because goals and
risks are complementary entities of a software project. A risk is
usually defined as negation to single or multiple goals or loss of
attainment of corresponding objectives [8]. As such, the goal-dri-
ven approach anchors the risk management activities and allows
to trace and rationalise the risk factors, events and control actions
with respect to the goals. Furthermore, Goal-orient Requirements
Engineering (GORE) has long been recognised in requirements
engineering community as an important paradigm to elicit, ana-
lyse, and document requirements. As such, the decision to build
on KAOS allows us to explicitly integrate risk management into
the early development phase. The methodology is explained with
the aid of a carefully designed case study for the development of
an automation system in a public sector organisation (Ministry of
Planning Commission) under the e-governance project. The main
goal of empirical investigation is to evaluate the effectiveness of
GSRM and in particular the impact of an early risk management
practice on a software development project. Our work combines
a case study method with action research, so that identified
treatment actions can be used to control the potential project risks.
The results from the case study outline the impact of GSRM on the
project and compare the identified results with other literature
results. Such comparison demonstrates the impact of risk manage-
ment, at requirements engineering level, on software development
projects.
The remainder of the paper is structured as follows: Section 2
outlines the state of the art on risk management methods and risk
factors. Section 3 provides an overview of the goal-driven risk
management model and Section 4 outlines the integration of GSRM
into requirements engineering. Section 5 demonstrates the evalu-
ation results on the implementation of the GSRM into a software
project. Section 7 provides a critical discussion of the various parts
of GSRM and it outlines some of our experiences from the studied
project. Section 8 provides validity of the study results. Section 9
finally provides summary and directions for future work.
2. Related works
Risk, in ISO Guide 73:2002, is defined as combination of the
probability of an event and its consequence [13]. It is constituted
upon three basic concepts: event, likelihood, and severity. Risk
management in software projects describes an integrated engi-
neering approach with methods, processes and artefacts for identi-
fying, analysing, controlling and continuously monitoring risks in
order to reduce the chance of project failure [14,4]. This section fo-
cuses on existing work that relates to our approach.
2.1. Risk management framework
The theoretical foundation of putting risk management into a
single framework is initially contributed to Boehm [15] risk-driven
Spiral model. Later, Boehm extended the original Spiral model
using the theory W (Win–Win) model [1] to satisfy the objectives
and concerns of the stakeholders. The model also supports risk
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
identification, resolution and continuous monitoring of risks. How-
ever, the approach requires intensive active involvement of project
customers/users, which is difficult to attain in real on-going project
situations. The Software Engineering Institute (SEI) provides a
comprehensive framework to support continuous risk manage-
ment activities [16,17]. The approach concerns identification, anal-
ysis, communication and mitigation strategies for software risk
management and depends on risk taxonomy [18]. SEI also devel-
oped a process improvement model, Capability Maturity Model
Integration (CMMI), which provides close correlation between
the quality of software products and the quality of the software
development processes [19]. CMMI is compatible with ISO stan-
dard for software process assessment, i.e. ISO/IEC 15504 [14].
CMMI considers continuous risk management as an important fea-
ture with concepts like risk management strategy, identifying and
analysing risks and risk control. ISO 31000:2009 provides process,
framework and a number of principles for an effective risk man-
agement practice [20]. Risk management is considered as an inte-
gral part of all organisational processes, including strategic
planning and all project and change management processes. Kon-
tio proposed the Riskit methodology [4], which provides a com-
plete conceptual framework for risk management using a goal/
expectation approach from the stakeholders and risks which threa-
ten the goals. It provides precise and unambiguous definitions of
risks and aims at modelling and documenting risks qualitatively.
At the heart of the approach, is the visual formalism of the risk
by analysing risk factors, risk events, risk reactions, risk effect sets
and utility loss that would occur due to risk events. However, Riskit
has some important limitations. There are no clear sources speci-
fied from where the goals originate and how the identified goals
are modelled. Risks are analysed and prioritised by deriving sce-
narios, which is a non-trivial task when a scenario depends upon
more than one probabilistic element. Moreover, it is always hard
to formulate a scenario from factors and attempt to perform a com-
parison amongst them. Foo et al. [3] make use of a comprehensive
questionnaire to construct the Software Risk Assessment Model
(SRAM). A set of questions are chosen for nine critical risk ele-
ments, i.e. complexity, staff, targeted reliability, requirements,
method of estimation, monitoring, process, usability and tools.
However, the main limitations of this approach are the lack of a de-
tailed implementation of the model and the lack of a set rule for
common weight value, which means that practitioners need to
determine a risk probability for each element. Roy’s pro risk man-
agement framework [5] is an extension of the AS/NZS standard
4360:1999 [21]. The main attention of the framework is on the
business component in which the project is created and the oper-
ational domain where the project is actually carried out.
2.2. Study results
2.2.1. Risk factors
A well known ‘‘top-ten’’ list of risk factors is provided by Boehm
[15]. After that several lists of risk factors have been published
[22–26]. Among these contributions, Barki and Schmidt composed
the most comprehensive ones. Barki et al. [22] compiled a list of 35
risk variables, which were represented in the form of a question-
naire consisting of 144 items. The results of their survey are based
on the questionnaire showing five influential factors: technological
newness, application size, lack of expertise, application complexity
and organisational environment for the most interpretable solu-
tion of software risk. Moynihan [27] focuses on project constructs,
i.e. personal constructs and application which need to be consid-
ered by the project manager. The study observed that risk variables
identified by Barki et al. [22] lack the client’s apparent knowledge.
Schmidt et al. [23] published a comprehensive list of risk factors
and categorised the risk factors into several different areas such
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
as corporate environment, sponsorship, relationship management,
project management, scope, requirements, funding, scheduling,
development process, staffing, technology and external dependen-
cies. Iacovou et al. [28] summarised a risk profile by the top ten risk
factors for offshore-outsourced development projects. The risk fac-
tors are ranked as ‘‘very important’’, ‘‘important’’ and ‘‘less impor-
tant’’ by focusing on three main areas: communication, client’s
internal management and vendor capabilities. Nakatsu et al. [26]
further investigated and compared the risk factors between off-
shore and domestic outsourcing. The results showed that many
risk factors related to project management commonly appeared
on the top of both domestic and offshore risk lists such as lack of
top management commitment, inadequate user involvement and
failure to manage end user expectation. Some are unique for the
offshore context such as lack of communication, poor change con-
trols, lack of business know-how and failure to consider all costs.
2.2.2. Risk factors impact and risk management barriers
Some works have been undertaken to investigate the potential
effects of risk factors on software development projects. Wallace
et al. focused on risk factors from six different dimensions and
their effect on a project [24]. The study considered low, medium
and high risk projects and observed the impact of risk dimensions
on the projects. The six risk dimensions are: user, team, require-
ments, planning and control, complexity and organisational envi-
ronment. The results showed that risks associated with
requirements, planning and control and organisational environ-
ment are more obvious in high risk projects. Ropponen et al. [29]
identified six components of software development risks, which
are: scheduling and timing, system functionality, subcontracting,
requirement management, resource usage and performance, and
personnel management. Jiang et al. [30] examined the risk impact
on different system development aspects, in particular the study
looked at the 12 most common software development risks pro-
posed by Barki [22]. Ropponen et al. showed that 75% of the project
managers did not follow any detailed risk management practice
and did not have adequate knowledge about software risk manage-
ment [11]. However, for a successful project, it is difficult to prove
that any part of the resulting product was influenced by the soft-
ware risk management [12]. Kwak et al. observed that project
managers and practitioners perceive risk management activities
as extra work and expenses [31]. A recent survey study of experi-
enced project managers on their perception of software risk man-
agement outlines that tangible development cost, lack of resources
and efforts from organisation or process change due to risk mitiga-
tion are the top three identified barriers of software risk manage-
ment [9]. The result also emphasises other barriers such as: too
much risks to control, reward for problem solving not for risk mit-
igation, overconfidence regarding individual measurements that
pose challenges for the implementation of risk management in
the development.
To summarise, risk management frameworks, standards and
study results discussed above are important, but they also demon-
strate a number of limitations. Although Kontio’s Riskit is a goal-
driven approach, it is not clear from where goals can originate
and the risk analysis is based on scenarios which are difficult to
formulate. ISO 31000:2009 provides generic high level guidelines
for implementing risk management into organisational processes
using process, framework and principals. But how risk manage-
ment should be integrated into organisation processes and what
techniques are needed to perform risk management activities is
not clearly described by the standard. For instance, the risk
management process includes risk identification, analysis and
treatment activities. The standard recommends to identify a com-
prehensive list of risks and quantify the risks based on likelihood
and consequence. But it does not provide any detail on how to
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
3
identify a comprehensive list of risks or how to estimate the like-
lihood of risk factors. Moreover, details about the output from
the activities are also missing. The standard emphasises on under-
standing the risk management context considering internal and
external organisational issues, risk management process and risk
criteria. GSRM adopts this context concept and follows the guide-
line to define the risk management context within the process.
The existing risk management frameworks, standards and survey
results from practitioners emphasise on the integration of risk
management from the early development process.However, details
on integrating risk management activities into software projects
are still missing and little work has been undertaken to understand
the impact of an overall risk management framework on software
development.In contrast, our work improves the current state of
the art by (i) introducing a goal-driven approach for risk manage-
ment; (ii) explicitly integrating risk management activities into
early development; (iii) identifying the techniques necessary to
perform the risk management activities and precisely defining
the artefacts produced by the activities and (iv) empirically evalu-
ating the impact of a risk management method, in particular
GSRM, on an ongoing software project.
3. Overview of the goal-driven software development risk
management model
The Goal-driven Software Development Risk Management Mod-
el (GSRM) is a framework that supports assessment and manage-
ment of risks from the early requirements engineering phase. It
is an extension of the KAOS goal modelling language with concepts
related to risk management. It is worth stating that the focus of
this paper is not to present in detail the GSRM framework, but
rather to present its applicability and its empirical usage in a case
study. GSRM has been presented in other publications [32–34,6]
and this section gives a brief overview of GSRM.
3.1. Levels of abstraction
The model supports different levels of abstraction from goal to
obstacle and finally to treatment. Fig. 1 gives an overview of the
different levels of abstraction.These levels build the bridge from
the goals of a software project to the risks that obstruct these goals
and finally the treatments that reduce the risks to satisfy these
goals. On the top level, there are the goals, i.e. objectives, expecta-
tions and constraints from the development components and these
goals match with the project success indicators. The middle two
levels include the risk factors and events, which directly or indi-
rectly obstruct the fulfillment of the goals. Risk events are then as-
sessed to estimate the severity of the risk. At the bottom level,
there are the control actions that obstruct the risks and associated
consequences to attain the goals. This abstraction supports refine-
ment of goals and obstacles and establishment of the obstruction
and contribution links amongst them.The more goals and risks
are refined, the better the support of risk management at an early
stage. The Risk specification is the main artefact produced by the
model as shown in the right hand side of Fig. 1. On the left side,
the figure shows different models, i.e. goal model, obstacle model
and causal relationship model. A goal model refines higher level
goals to lower level finely grained sub-goals through AND or OR
refinement so that sub-goals contribute to the main goals. An
obstacle model is the refinement of risk factors to the risk event
and obstruction link from obstacle to the goals. Therefore, an
obstacle model is a goal-risk model as it links from the obstacles
to the goals. Finally, a causal relationship model visualises the
factors that are responsible for the occurrence of a risk event.
Fig. 2 shows an abstract view of the model. Goals and obstacles
4 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx

Overview of Goals

model
What are the issues relating to the project success?

Goal
What are the goals, expectations, constraints of the development component-
element-factor from the perspective of project success ?

Obstacle

Causal relationship model

Levels of abstraction
What are the risk factors that obstruct the goals ?
Obstacle model

What are the risk factors that create problems within the development?

Consequence
How are risk factors related with each other and contribute for the risk event
occurence?
How severe are the risks within the projectt?
What are the important risks for the project ?
Treatment and monitor
Risks specification
What are the control actions that countermeasure the risks?
How effective are the control actions?
Are there any new risks that arise within the development environment ?

Fig. 1. Overview of risk abstraction levels.

are derived from the development components, stakeholder activities within the layer consider these components to under-
expectations and project success indicators. The goal-risk model stand goals, obstacles and treatments from both technical and
and associated artefacts are the main outputs under the risk non-technical perspectives.
specification.
3.2.1. Goal layer
3.2. Framework Goal is the core concept of this approach and the goal layer fo-
cuses on the factors that contribute effectively to complete the pro-
The framework consists of four layers to support software ject activities and directly link to the project success. Such goals are
development risk management. The advantage of a layer based important as they describe what needs to be done for a successful
modelling framework is that it includes suitable tasks, methods project and who is responsible for achieving the goal. Goals are
and techniques for performing specific activities under any layer. project specific and focus on the economic benefit, project success
We categorise development components into five dimensions: pro- criteria and boundary, knowledge gathering and reuse, user satis-
ject execution, development process, product, human, and envi- faction, quality, vendor reputation, successful delivery, and other
ronment (internal and external) [35–37,33]. Therefore specific critical issues of the product. Goals can be stated at different levels

Development Stakeholders Project

components expectations success
indicators

derive
e

de
riv

ri ve
de

Goals
by
ed

at
ta
ct
ru

in
st
ob

construct

construct Goal-risk support

Risks Control
model actions

le a
d
influence
re

select
qu
ire

Treat &
Assess
lead monitor
co
ns

ad

Causal
tru

le
ct

relationship
model

Fig. 2. Conceptual view of the proposed approach.

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
of abstraction from higher level coarsely grained to lower level fi-
nely-grained goal assertions.
3.2.2. Obstacle layer
Obstacles are the main causes that reduce the ability to achieve
a single or multiple goals. We treat risk factors as obstacles that di-
rectly or indirectly lead to a goal negation and create problems in
the project. Obstacle categories should be aligned with and derived
from the goal categories and model the situation about how sev-
eral obstacles violate the identified goals. The obstacle layer iden-
tifies the potential software development risk factors and it
formulates the obstruction to the goal dissatisfaction. It provides
an overview of the risk factors that exist in the project.The risk
obstacle layer establishes the obstruction link from risk factors to
sub-goals and from events to the main goal.
3.2.3. Assessment layer
The assessment layer quantifies the risk events as a conse-
quence of single or multiple risk factors. This layer precisely anno-
tates individual risk events and it establishes the causal
relationship model between risk factors and related risk events.
It also focuses on the severity of the risk events’ impact on goals.
For highly prioritised goals, obstacle identification and refinement
should be extensive. It is worth stating that the same risk factor
may lead to more than one risk events and the same risk event
can obstruct more than one goals. Conversely, a goal is obstructed
by multiple obstacles that relate risk events and associate fac-
tors.This representation allows us to model situations where an
event is influenced by more than one risk factor and impacts on
single or multiple goals. An obstruction link is established from
the risk event to the specific goal that it obstructs. This approach
supports the construction of a goal-risk model by refining risk fac-
tors to risk events and their combined obstruction to goals.
3.2.4. Treatment layer
The treatment layer focuses on the control actions to counter
the risks so that goals can be attained. It also monitors the effec-
tiveness of the implemented control actions and identifies any
new risks throughout the development. The main aim is to gain
control over the risks as early as possible, preferably during the
requirements engineering phase. Generally, there exists an alterna-
tive countermeasure to the obstacles but one should select the
most cost effective one for the risk mitigation. This layer includes
two different links: contribution link from the control action to
the goal that it fulfills, obstruction link from the control action to
the specific obstacle that it obstructs. The treatment layer allows
modelling, reasoning, and tracing the adopted control action for
the risk mitigation and goal satisfaction. It also includes a respon-
sibility link from the control action to the agent so that the specific
active agent would be responsible for implementing the control ac-
tion in order to mitigate the risks.
Fig. 3 shows the modelling framework of GSRM. GSRM uses the
same notations for goals (parallelogram) and obstacles (reverse
parallelogram) as used in the KAOS model. Goals are refined
through AND and OR refinement into sub-goals. Obstacles are
linked to the goals through obstruction links.The treatment layer
includes the agent who has the responsibility to implement se-
lected actions to control risks.
3.3. GSRM activities
The activities describe all the tasks and steps that are required
for goal-driven risk management and creation of the risk specifica-
tion artefact.Concepts of the goal-driven risk management model,
such as goal, obstacle, and treatment are used within the activities.
The first activity initialises goal-driven risk management during
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
5
the requirements engineering phase. This activity defines the risk
management scope, threshold and boundary, it allocates schedule
and formulates the risk management team. A project’s inherent
riskiness nature is important for this activity. In particular, it deter-
mines how risky a project is so that an appropriate treatment strat-
egy can be determined for the risk management. Once the risk
management plan is initialised, the next activity involves the iden-
tification and modelling of goals by focusing on the state of the
development components and matching them with the project
success indicators. It mainly identifies and categorises goals and
refines high level goals to provide more concrete meaning in terms
of their contribution to the project success. The goal refinement
activity results in the construction of a goal model from a parent
goal to the sub-goals. The artefact produced by this activity is goal
detail that triggers subsequent risk assessment and management
activities. The next activity involves the identification and model-
ling of obstacles. We need to identify as many likely obstacles as
possible so that the development team is aware of the problems
from the beginning. Obstacle identification extends the goal model
by including obstruction links from obstacles to goals. This exten-
sion supports the construction of goal-risk models that visualise
influential risk factors, which obstruct multiple goals. The follow-
ing activity assesses risk by estimating the risk level and relevant
priority. We start with the causal relationship model by following
risk factors and associated risk events as a consequence. This al-
lows us to focus on the relevant risk events for the risk level esti-
mation, rather than considering all raw risk factors. Risk
estimation considers risk event likelihood and its severity of im-
pact on goal negation. The impact assessment builds the cause-
consequence relationship from the risk event to the obstructed
goals. The risk assessment finally prioritises risks, so that highly
prioritised ones get immediate attention. The final activity of
GSRM aims to control risks as early as possible and to monitor
the effectiveness of the control action throughout the project. Risk
treatment needs to be planned and matched with the risk manage-
ment scope. There may have been multiple control actions, but
depending on the project context, only potential ones should be se-
lected. Once the selected control actions are implemented this
activity monitors risks throughout the project life cycle.
4. Integration of GSRM into requirements engineering
As stated previously, the proposed work considers risk manage-
ment activities from the early stage of the development, in partic-
ular from the requirements engineering phase. However,
requirements engineering and software risk management are two
different processes. Therefore, performing an integration requires
to consider the interactions among the underlying activities, tasks,
methods, roles and dependencies amongst the artefacts that are in-
volved in these two processes [6]. First, we examine two different
perspectives, i.e. artefact and process oriented views, which allow
to understand the rationale in terms of the integration.
4.1. Artefact oriented view
Artefact oriented requirements engineering is a systematic
methodology which describes the problem space of the system-
as-is as comprehensively as possible towards complete require-
ments specification documents [38]. It combines both structure
and content of the artefacts, expressed by the domain-specific con-
cept model. The structure is described with a taxonomy reflecting
the hierarchical structure of produced specification documents.
The included content (the underlying concept model) reflects the
concepts of an application domain in terms of precisely defining
the used elements and their relations for specific description
6 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx

Fig. 3. Framework of GSRM.

techniques [39]. Business and requirements specification are the
two main artefact types of requirements engineering. These arte-
fact types formulate goals, capabilities, constraints, system vision
and requirements [40]. As stated previously, GSRM provides arte-
fact type risk specification that encompasses content items such
as goals, obstacles, and treatment, which in turn consist of concept
types such as risk management plan, goals details, risks details and
risk status report. Goals are one of the fundamental concepts to
support the integration, in particular they provide background
foundation to elicit and analyse requirements and risks. Require-
ments are amongst one of the elementary inputs for risk identifica-
tion.The quality of the elicited requirements is a highly influential
factor in attaining project goals related to schedule, budget, prod-
uct quality, and error free requirements. Reducing project risks is
one of the critical requirements of a software project. Risk concepts
contribute to reduce errors from the elicited requirement. Attri-
butes such as risk level, priority, control action, and risk status help
to reduce requirement errors. Attributes like requirements accep-
tance, time constraint and design decision are also supported by
the risk status report. Fig. 4 shows the interaction between the
requirement and the risk artefact concept.
4.2. Process oriented view
The activities, tasks and methods of the requirements engineer-
ing and risk management process are coherent and interrelated.
Requirements engineering is mainly comprised of eliciting, analys-
ing, validating, and managing activities, which further contain fine-
grained tasks and sub-tasks within these activities. The activities of
both requirements engineering and risk management are sequen-
tial and techniques used within the activities are partially similar.
For instance, requirement elicitation commonly relies on the back-
ground study of specific types of artefacts, including pre-existing
documents about the system-as-is, such as organisational charts,
policies, work procedure, business rules, data samples and scenario
analysis of the interaction among the systems [8]. It also focuses on
the stakeholder-driven elicitation through structured and unstruc-
tured interviews and joint workshops. Goals and risks identification
of the GSRM focus on the preliminary analysis of the system-as-is,
such as project information, project domain analysis and require-
ment artefacts. The taxonomy-based questionnaires and brain-
storming sessions with stakeholders are very effective techniques
for the risk identification [18,41]. Therefore the techniques used
and input artefacts required for goals, requirements, and risk iden-
tification are similar. The activities and tasks under the process cou-
ple to one or more roles which take the responsibilities for
producing the related artefacts. Typical roles for requirements engi-
neering activities are customer/user representative, business ana-
lyst and requirement engineer. The requirement engineer is the
key responsible person who creates and manages the requirement
specification by aligning the business needs to the software-to-be.
He establishes the bridge among business analyst, architect, project

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx 7

Fig. 4. Attributes dependency of requirements and risk artefacts.

manager, and customer/user. On the other hand, a risk manager is
mainly responsible for performing risk assessment and manage-
ment activities. He should have adequate knowledge of the project
domain and sufficient skills to handle the risks in a specific project
situation. Generally in small and medium projects, the project man-
ager is concerned with the overall project execution and takes the
additional role of risk manager. A successful project manager is
always a good risk manager [42]. There is no strict rule, more spe-
cifically, it is hard to define any fixed point when risk management
activities should initiate within requirements engineering. How-
ever, we argue to start the goal and risk identification activities in
parallel with the requirement elicitation activity. Goals and risks re-
lated to the business needs and projects such as schedule and bud-
get, staffing, participant competency, customer/user involvement,
development facilities, and complexity can be effectively identified
and analysed at this stage, even before analysing the system
requirements. Such early consideration also allows to capture
non-technical project risks up-front so that appropriate counter-
measures can be undertaken to produce robust and error-free
requirements. Risk management plans should also align with the
project scope as well as requirements elicitation. In particular, an
appropriate schedule is necessary for the risk management activi-
ties within the requirements engineering process. GSRM follows a
pattern of iterative activities and can be tailored to support the
requirements elicitation, analysis and verification activities.
5. Evaluation and data collection
5.1. Study design
We have chosen to employ an empirical research method to
evaluate GSRM. In particular, we follow the case study method
along with action research as empirical inquiry based on a real life
active on-going software development project [43]. Action re-
search makes an effort to provide practical value of real subject
problems while simultaneously contributing to the acquisition of
new theoretical knowledge [44]. However, performing an empiri-
cal study within the software risk management domain is chal-
lenging, because software projects are generally of long durations
with focus on time, budgetary, and quality control; therefore a
comprehensive risk management practice is not always possible.
We carefully designed the study by mixing case study and action
research. The choice of research method selection depends on
many factors such as availability of resources and alignment of
method with the questions. We have confirmed these factors be-
fore performing the study. Our study design is based on a single
real software project and questions are constructed focusing on
this single case. The risk management and project team members
were learning by performing GSRM activities to identify and ana-
lyse the risks and implement the chosen actions to control the
risks. Therefore, practitioners were directly involved in under-

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
8 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
standing and performing risk management activities. Results from
the activities were used to improve the project situation from po-
tential risks. We followed typical study design components such as
study construct, data collection techniques and analysis, observa-
tion, action and conclusion [45,43,46]. Fig. 5 depicts the combined
case study and action research design components. Data collection
and analysis were based on the case context and GSRM concepts,
and they followed a sequential explanatory strategy to support
both the case study and action research. Concepts of GSRM such
as goal and obstacle, along with activities and artefacts, provided
impact for the observation and interpretation of study results. In
particular, action research focused on mitigating the risks of the
studied project context. The execution of GSRM activities and arte-
facts, as a part of action research, directly contributed to control
the identified risks. Finally, the study concluded with observation,
comparison, and feedback for the overall observation refinement of
GSRM. The conclusion considered both case study and action re-
search. Case study is a widely used empirical research method in
software engineering domain [47,45]; action research was in our
case effectively used to control the risks of the project. When per-
forming action research, it is necessary to solve a real problem; the
next section shows that the project we have selected is a high-risk
project. Therefore, action research adequately supported the study
project to solve a real problem by identifying and controlling the
risks. The combination of these two practical research methods
provided us with in-depth understanding about GSRM and its im-
pact into the studied context, allowing practitioners to play an ac-
tive role for empirical investigation, and controlling the risks for
the successfully project completion.
5.2. Study construct
The main focus of this study was to specify the impact of the
goal-driven risk management model on the software development
project. The study goals aim to:
1. evaluate the advantages and limitations of goal-driven risk
management in software development projects;
2. improve our understanding of the issues involved in the inte-
gration of risk management activities into requirements
engineering.
5.3. Data collection and analysis
The data was collected from various sources using different data
collection techniques. In particular, project documents were one of
the main inputs and the data collection techniques were mainly
Fig. 5. Study design details.
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
kick-off, brainstorming and interview sessions. Closed questions
were used during the interview sessions, considering the studied
project context, and open questions were used to evaluate the
applicability of GSRM in a subjective way. The project team mem-
bers, users and sponsor representatives mainly participated in the
interview and brainstorming sessions. The kick-off session was
used for the members of the risk management and project team.
Closed questions focused on the exploratory basis to identify exis-
tence and frequency of problems and their causal dependencies to
the risk events and consequences. The open questions were mainly
descriptive and comparative questions used to identify the partici-
pants’ perception about the GSRM and its integration into require-
ments engineering. Open questions also answered specific
practitioners’ beliefs about risk management and its importance
during the development process. In the beginning, a kick-off work-
shop was carried out amongst the members of the development
team to provide an overview of GSRM, risk artefacts, and its integra-
tion into requirements engineering. The open and closed question
responses and project artefacts were inputs to the brainstorming
session. Three Master of Information Technology (MIT) students
of the Institute of Information Technology (IIT), University of Dhaka,
Bangladesh (former students of the first author) were employed for
the implementation of GSRM. The students had adequate knowl-
edge and experience working in software projects.
The units of analysis for the study were mainly considered
GSRM concepts, automation project, and project team/users. The
collected data was analysed both qualitatively and quantitatively
based on the units of analysis. We followed a sequential explana-
tory strategy to collect and analyse the data [48,49]. In particular,
data collection and analysis were initiated from a short training
session about GSRM, then sequentially followed GSRM activities
and output of one activity subsequently used by the next activity.
For instance, a risk management plan was used by the goal identi-
fication and modelling activities. Once the GSRM activities were
performed, the focus was to obtain information about the useful-
ness about GSRM and conclude the study. Therefore, feedback
about the method and the conclusion considered quantitative data
from previous activities. The quantitative analysis considered vari-
ables such as effort performing the risk management activities, the
number of risks factors and risk events, erroneous requirements
and the number of control actions and their effectiveness to sup-
port the units of analysis. Thus, the responses and observations
from the closed question sessions were used as input to analyse
the data. The qualitative analysis considered issues such as using
goal-driven approach for risk management, risk management
impact on the project, integration of risk management into
requirements engineering, and adequacy of activities and artefacts
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
of GSRM, and comparing the risk factors with the other study re-
sults. Project participants’ positive and negative observations, risk
management results, performance of the activities, and process
integration were mainly used to evaluate the benefits and weak-
nesses of GSRM. Furthermore, as mentioned before, quantitative
metrics, such as effort spent on GSRM in requirements engineering,
number of risks and treatment actions over time were also consid-
ered to support the study goals.
6. Case study
6.1. Study context
6.1.1. Company profile and project context
The study reports on our empirical work of a software develop-
ment project at Domain Software Technologies Ltd. (Domain Tech),
a subsidiary company of Domain Technologies Ltd [50]. Domain
Tech started its operation in 2002 in Bangladesh with multi-
dimension lines of business, such as software development, global
IT support, and consultancy.The project considered in the case
study aimed to automate the Planning Commission Campus of
the Ministry of Planning, as part of the e-Governance project of
the government of People’s Republic of Bangladesh. The project
was officially initiated in November 2009, once Domain Tech ob-
tained the work order from the ministry. The project context was
the development of an application software which contained ten
separate modules to automate day-to-day ministry operational
activities. The modules were: Project Planning, Personnel Manage-
ment, Payroll Management, Budgeting, Auditing and Accounting,
File Tracking, Letter Dispatching, Meeting minutes, Library Man-
agement, Inventory and Vehicle Management. Every module has
its own features, constraints and requirements, but it also relates
to the other modules. The main project goals were:
 Automate the whole planning commission campus.
 Digitise old and new data and dynamic report generation.
 Interconnect with existing software on the commission campus.
 Train employees for the new system.
6.1.2. Project riskiness
This was the first government project by Domain Tech in which
the main users are government employees. Initially a high-level
technical specification about the different project modules was
developed by a consultant company on behalf of the ministry.
Based on the specification, Domain Tech, similar to other vendors,
submitted an expression of interest and successfully obtained the
work order. Apart from the office automation application software
to be developed, the project context also included a comprehensive
user training. The development team consisted of 15 members, the
duration was 13 months. The management was convinced of the
need to integrate a comprehensive risk management practice in
the project, due to the project’s inherent risk nature. From Domain
Tech’s perspective this study benefits them by understanding and
control the risks of the project. Furthermore, this study provides
a comprehensive risk management practice from the early stage
of the project and awareness about risk management to the Do-
main Tech employees. The Domain Tech management and main
project team members considered the project as high-risk even
though the practitioners have experience from similar projects.
The reasons were:
 Lack of experience on how to handle government employees.
 High-level initial specification.
 Large number of users to train who are government officials.
 Effective usage of the product and user satisfaction.
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
9
 High reputation regarding successfully completing of the
project.
Despite the project being considered a high-risk project, the
management decided to undertake it in order to accomplish the vi-
sion. The management vision is to successfully develop the office
application and customise it for other government ministries and
agencies. High reputation and user satisfaction may give Domain
Tech a competitive advantage on the market, given that the local
government recently decided to digitialise its ministry offices un-
der the Digital Bangladesh Vision 2021 project [51]. Therefore, the
project was important for the Domain Tech to secure the market
regarding future business opportunities.
6.2. Introduction of GSRM process
6.2.1. Activity 1: Initialise goal-driven risk management
A kick-off workshop as a tutorial for the risk management team
was initially carried out to provide an overview of GSRM. The final
part of the workshop was used for the GSRM initialisation activity.
The Project Manager (PM) elaborated the factors, which made the
project considered a risky one. The first task under this activity (i.e.,
determine the riskiness nature of the project) was considered and
the main factors for the high risk project were noted. Project scope,
success criteria, business goals, and initial high-level system spec-
ifications were used to define the risk management context. The
risk management scope was to control risks related to the applica-
tion development, specifically project execution, user, product
specification, quality, and user training, and was biased by the pro-
ject inherent challenges and scope. However, risks related to pro-
ject sponsor, fund support, and user-internal organizational
problems were not considered within this scope. The Risk Manage-
ment (RM) team consisted of a PM as the team leader along with 3
students and 2 development team members. The risk management
was scheduled at the first deliverable phase, i.e. requirements
specification and design phase.The interview participants, from
both users and sponsor representatives, were identified and sched-
uled. However, no schedule was considered for risk monitoring and
the PM categorised it as a demand-based activity.
6.2.2. Activity 2: Identify and model goals
This activity was carried out in a brainstorming session by the
members of the RM team. The risk management plan and project
documents were considered as input for this activity. Table 1 out-
lines the four goals and sub-goals which were agreed upon by the
RM team. These were: complete project within estimated budget and
schedule, complete user’s training, obtain positive reputation and gen-
eralise the application for other government ministries. The first two
goals were considered through focusing on the project contract
and the tasks needed to be achieved before the system goes oper-
ative. The remaining two goals were critical for the future business
vision of Domain Tech. It needed positive user feedback, overall
product quality, and successful deployment and maintenance of
the software. High vendor reputation could give a competitive
advantage to obtain further work orders for similar government
projects. Generalising the application by gathering knowledge
from this project could significantly reduce the development cost
from the vendor’s perspective. These goals were refined during
the session.
6.2.3. Activity 3: Identify and model obstacles
Initially, interviews were carried out by student members with
the selected practitioners of the development team. The interviews
continued further with the selected users and sponsor members.
However, it took more time than expected with the user members
10 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx

Table 1 who needed training for the new system environment. But the
Identified goals and sub-goals. planning ministry and UNDP refused to increase the training bud-
Goals Sub-goals get as total project budget was already approved and there was no
Complete project in Maintain estimated budget in development room for revision because several donor agencies supported the
estimated project fund. Domain Tech also had inadequate experience to han-
budget and schedule Maintain estimated schedule in development dle the government officials. Existing data was documented with
Maintain realistic estimation dissimilar structure, which made it difficult to convert the manual
Clear milestones
Competence practitioner
data into new electronic formats. Risk factors were summarised
Reduce errors from requirements from the raw list. These factors were mainly due to unavailable,
User active participation wrong and incomplete information, poor participation, errors from
User positive motivation the existing system, and data conversion difficulties, which re-
Complete user’s training Adequate training budget sulted in incomplete specifications and inaccurate estimations. Ta-
Professional and competence training ble 2 shows the risk factors.
Complete training and user manual
User active participation
User positive motivation 6.2.4. Activity 4: Assess risks
Improve effective communication & The RM team considered interview responses of the selected
coordination risk factors as initial input for the risk assessment. Moreover,
Improve practitioner motivation & PM’s and other members’ experience and the pre-assumptions pro-
productivity
vided by GSRM about the causal link of the risk factors to the risk
Reduce user and practitioner conflict
events and consequence to the goals were also considered for the
Obtain positive reputation, User satisfaction
generalise the application Complete project in estimated budget
estimation of the risk event likelihood and risk impact. Table 2 in-
and schedule cludes risk events caused by the identified risk factors. These
Quality product events directly obstruct the goals, for example budget overruns,
Successful training erroneous requirements, poor training, and system use obstruct
Details understanding of business process
the goals like complete project in estimated budget and schedule
Successful system usage
Complete elimination of existing manual or vendor high reputation. To construct a causal relationship mod-
system el, risk factor, event, and priority were considered as target, obser-
Complete specification vable and decision nodes of a Bayesian Belief Network. The RM
team agreed that budget overrun is the highest prioritised risk fac-
tor. Risk factors such as inaccurate estimation, high training cost,
as they did not follow the agreed schedule and demonstrated lack erroneous requirements, and schedule overruns casually link to
of IT and project domain knowledge. The RM team also needed to budget overruns as shown in Fig. 6.These factors are the most
provide an overview of goals, risks, and the main purpose of the influential for the project context and some of them were beyond
interview before the actual interviews took place. A raw list of risk the control of the project manager and the project environment.
factors was generated from the interview responses. The raw list The identified factors resulted in complete obstruction of the goal
was very large and was refined by following the identified goals to maintain estimated budget in the development. Erroneous
and the brainstorming session. Most of the identified risks were re- requirements and schedule overruns were considered as risk fac-
lated to the project execution, product, and human perspectives. tors but these factors were again treated as risk events in different
The development team only had a high-level initial specification. contexts. Finally, risk events were prioritised into the three scales,
As such, it was difficult to fully understand the necessary require- i.e. ‘‘very important’’, ‘‘important ‘‘, and ‘‘less important’’, so that
ments. Domain Tech Management agreed to accept any user severe ones get immediate attention. However, for confidentiality
change at any stage and believed it would increase the company reasons we cannot provide the detailed results.
reputation, which turned out to be a mistake. Users could not pro-
vide detailed information and lately numerous gaps were identi- 6.2.5. Activity 5: Treat and monitor risks
fied that needed to be considered. Users added several new The RM team initially planned to control the high and medium
things compared to the initial specification based on which sche- prioritised risks by completely eliminating or reducing the likeli-
dule and effort estimation were calculated. Numerous changes hood of risk event occurrences and severity of the impacts. The ses-
were requested by the users, such as change of staff profile and lay- sion identified the possible countermeasurs and potential ones
out as well as an addition of more functionalities under a specific were selected so that the goals could be attained. Erroneous
module related to personal and payroll management, budgeting, requirements were among the main events which negatively affect
auditing, and accounting. The collected information was some- the possible outcome of goals such as: complete project in esti-
times incomplete and ambiguous due to different interpretations mated budget and schedule, reduce erroneous requirements, im-
of the same context. It was difficult to obtain appointments from prove completeness in requirement specification, and generalise
high-level officials and several meetings were needed to collect rel- the application. Users’ factors were among the main reasons for
evant information. But their remarks were important for the pro- the risk events and a large number of users increased the overall
ject acceptance. Some of the users did not have adequate total training cost and,as a result, the overall project budget. But
knowledge of the software application, but played important roles these factors were beyond the PM’s controls and difficult to elim-
to support the key business process. There were ambiguities in inate completely. The RM team identified possible countermea-
describing the key operational process and roles involved within sures, i.e. train selected representatives from user groups, extensive
the process. Once an interview was completed, no user agreed to user involvement, signed frozen requirements, complete understand-
sign the interview documents. At the end, the requirements analy- ing of users business processes and dependencies among the modules,
sis consumed much more time than estimated. obtain and incorporate key users feedback, and include a J2EE expert
Another problem appeared concerning the number of users into the project. The identified countermeasures were potential and
who participated in the training. Initially Domain Tech agreed to would not incur additional cost except of the integration of a J2EE
train 500 users. However, during the requirements identification expert. However, it was difficult to involve the key users even
and on site observation, there were about 800 users identified though they were available on the commission campus. Users’ lack

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx 11

Table 2 for the project as well as for the future customisation. Domain Tech
Identified risk factors and events. planned to arrange workshop sessions with the high government
Risk factor Event officials to inform them about the status of the project and the nec-
Numerous change request Budget overruns essary further action. These sessions were effective to develop and
Users passive involvement Erroneous requirements implement the application into the planning commission campus.
Users lack of project domain knowledge Schedule overruns
User lack of IT competence Ineffective training
Inadequate training budget Unclear system vision 6.2.6. Goal-risk model
Large number of users requiring training Ineffective communication Fig. 7 illustrates the goal-risk model for the complete project in
High training cost User dissatisfaction
Incomplete & incorrect initial specification Poor system use
the estimated budget. The goal was refined into several sub-goals,
Over-promise & inaccurate estimation Poor reputation such as: maintain estimated budget and schedule, realistic estima-
Error in project contract Incomplete information tion, clear milestones, user active participation and motivation,
Lack of experience in handling government Unable to generalise and reduce errors from requirements. Risk factors, such as numer-
officials product
ous change requests, user passive involvement and lack of knowl-
Bureaucratic nature of organisation Poor feedback
Users’ lack of motivation Deployment problems edge, high training costs, inaccurate estimation, errors in contract
Data conversion difficulties High variation and incomplete specification obstructed the sub-goals and led to
Unwilling to sign interview document risk events such as erroneous requirements, schedule overruns
Complex interactions among the modules and budget overruns. The bottom part of Fig. 7 shows the treat-
Political biasness
ment actions and the associated agents responsible for implement-
ing the actions, e.g. comprehensive and competence training.
Fig. 8 shows the model for obtaining positive reputation. The
of project domain knowledge and lack of IT competency could not goal was rather subjective and refined into user satisfaction, qual-
be addressed by any means during the duration of the project. ity product, successful training, and system usage. Risk factors,
However, selected users’ training would reduce the overall training such as poor training, ineffective communication, incomplete and
cost significantly. The RM team emphasised the professional and complex product, and retaining the existing system obstructed
competence training and preparation of a comprehensive training the goal and led to user dissatisfaction and low reputation as the
manual before physically deploying the system. Still, there was no main risk events. User motivation for the new system, effective
effective way to address the numerous change requests, but the cooperation between users and practitioners, complete and com-
PM decided that once the feedback was integrated the frozen petence training are control strategies, which can mitigate the risk
requirements of a specific module would be signed by the key user. factors. The elimination of old manual systems was considered as a
At that stage, the project experienced a huge number of user requirement within the control action. Project contracts did not
change requests and several new things were added compared to cover the maintenance part which seemed to be an important issue
the initial specification. The PM agreed that it was not possible for this project. The PM decided to convince the project sponsor to
to maintain the estimated budget and schedule, and management allocate the maintenance budget for the project. Domain Tech
decided to accept 15% budget overrun. The management decided management also decided to arrange 2 or 3 common workshop
to obtain positive reputation from the users by any mean and a sessions apart from training to motivate the users for the new
complete understanding of the business processes was essential system.

Fig. 6. BBN network for budget overruns.

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
12 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx

Fig. 7. Goal-risk model for project completion.

The difficult part regarding risk management was to convince the
key government officials regarding the implementation of the
selected control actions. The PM communicated the agreed control
actions to the management, and the management scheduled a meet-
ing with the planning commission secretary. The visual representa-
tion of the goal-risk model effectively helped to communicate the
risk information to the management. In the meeting, the secretary
of the planning ministry agreed on the recommended actions and
assigned 20 key users to be extensively involved in helping the
development team. The secretary also circulated an office order at
joint, deputy and assistant secretary level to collaborate with the
project by giving necessary information. Furthermore, only 58 users
were selected as champions for the training session conducted by
Domain Tech. The PM decided to arrange a risk monitor meeting, ini-
tially twice a month and less frequently at the later stages of the
development. At the end, student members carried out the inter-
view sessions with the open questions to obtain feedback about
GSRM. The interview participants were the PM and other members
of the RM team, three practitioners of the development team, one
management representative of Domain Tech and two users.
7. Discussion
7.1. Study results and applicability of GSRM
The data was collected and analysed by following sequential
explanatory strategy, from GSRM activities to the feedback about
GSRM and its usefulness [48]. As stated previously, different data
collection techniques were used to collect and analyse qualitative
and quantitative data for a more comprehensive understanding
about the context [49]. Two kick-off workshops and five brain-
storming sessions, each approximately 4 and 6 h respectively,
and interview sessions (2 h for the closed questions by the practi-
tioner and 3 h and 30 min by the users and 1 h and 30 min for open
questions by the practitioner) were used to evaluate the activities
of the GSRM process. There were in total 23 responses gathered
from 200 closed questions including 10 practitioners, 12 users
and 1 sponsor. The closed questions were on an exploratory basis
that supported identification of the risk factors from the project
context [46]. 7 practitioners, including 2 members of the risk man-
agement team participated in 30 open questions providing feed-
back about GSRM and its integration into requirements
engineering. The open questions response was mostly on positivis-
tic basis from the practitioners’ observation about GSRM for man-
aging risks within the project. The student members along with the
other members of the risk management team analysed, as input
data for the risk management process, the project documents
and in particular artefacts, such as the initial specification, the nat-
ure of change requests, the detailed requirements specification, the
project scope, and the success criteria. They also compiled the
interview responses to identify risks and to obtain feedback about
GSRM. Among the top 7 risk events and 15 influential risk factors
such as high training cost, overall budget overruns, erroneous
requirements, users participation, and detailed system specifica-
tion, only 3 risk events and 11 risk factors were fully or partially
controlled through 8 potential countermeasures. Risk factors orig-
inating from the users’ perspectives were beyond the project man-

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx 13

Fig. 8. Goal-risk model for positive reputation.

ager’s control. The identified countermeasures were supported by
the management and directly implemented to improve the project
situation for managing risks. The action research method effec-
tively used on this occasion. The analysis took approximately four
complete working days. Goals and risks identification and model-
ling activities consumed the highest effort. Project complexity
and a large number of goals certainly increased the overall risk
management effort. A total of approximately 26% effort of initial
deliverable phase including the student members effort was used
for risk management. A short tutorial was adequate to provide
the basics about GSRM to the practitioner. Therefore, applicability
of GSRM in terms of the effort to perform the activities and integra-
tion into early requirements engineering is reasonable and feasible
for any software project. Empirical study has well proven to be an
effective research method to collect and analyse relevant data for
investigating a specific issue of the software engineering domain
[52]. We believe the studied project and obtained results based
on combination of research methods provide comprehensive
understanding about the issues relating to the goal-driven risk
management approach into software development projects.
7.2. Usefulness of the GSRM
7.2.1. Goal-driven approach for risk management
A goal-driven approach for risk management is reasonably ben-
eficial during the early development. A project contains goals, and
goals make it easy to communicate with the users, project spon-
sors, and development team members. The main users of the pro-
ject were government officials who did not have adequate
knowledge of the purpose of automation due to lack of IT expertise.
However, they were able to demonstrate their expectations regard-
ing the project. From the user’s perspective, several goals were
identified such as user satisfaction, successful training, system
usage and project team perspective; goals were emphasised more
on issues related to project completion, training, user participation
and reputation. However, some participants observed that goal
modelling was difficult to perform and required more experience.
7.2.2. Integration of GSRM into requirements engineering
Based on the open question responses, the PM and practitioners
appreciated the integration of risk management into requirements
engineering. It provided them with early warnings about the prob-
lems that existed in the project. There were dependencies among
the requirements and risks specification artefacts. In particular,
goals were one of the fundamentals to support the integration.
For instance, in the studied project, positive reputation was consid-
ered one of the highly prioritised goals. Several risk factors such as
poor training and ineffective communication were directly
obstructing the goals. Elicited requirements were considered to
identify risk factors. Risk artefacts, such as risk level, priority and
list of erroneous requirements directly contributed to reduce er-
rors from the requirements. In the project, a brainstorming session

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
14 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
was used to identify the goals, requirements and risk factors. The
Project Manager and other members of the risk management team
played main roles in the risk management and requirements anal-
ysis. Furthermore, active user participation observed influential
factors for both requirements engineering and risk management.
Therefore, roles like project manager, requirements engineering,
risk management, and user participation can effectively support
activities within requirements engineering and risk management.
7.2.3. GSRM process
Activity definition: Based on the open questions response, the
activities under the GSRM process were identified as fully opera-
tional and adequate, as the approach provided adequate tech-
niques to identify and analyse goals, risks and treatment actions.
The initial activity explicitly allocated schedule and resource for
risk management within the project. The composition of the risk
management team from different roles was beneficial as different
views of the goals and risks were identified and combined. Under-
standing the riskiness nature of the project at early stages was
appreciated by the project manager and other members of the
development team, as it allowed them to understand the necessity
of the risk management activities in the project. The GSRM process
provides three techniques (i.e. structured interviews with closed
questions, brainstorming sessions, and analysis of project docu-
ments) to identify and analyse goals and risks. The information
gained from the project brainstorming session was verified during
the interview session. The combination of these techniques was
treated as being systematic, reasonably applicable and in particu-
lar, reducing the bias for the risk identification.
Artefacts: GSRM provides both textual and graphical representa-
tion of artefacts produced by its activities. In particular, visual pre-
sentation is provided through goal-risk models and causal
relationship models which made it easy to communicate the risk
information with the project team and management, as observed
during the studied project. The central textual artefact of GSRM
is a risk status report which is the final output of the activities.
Thus the risk status report provides complete information about
the goals, risk factors, risk events and treatment actions and status
of the risks.
7.2.4. Limitations of GSRM
The studied project also allowed us to identify the limitations of
GSRM based on the feedback obtained about GSRM from the open
questions response. First, when the project focuses on a large num-
ber of goals, the efforts for developing and maintaining the arte-
facts are considered too high. In particular, GSRM needs more
effort in analysing the goals and constructing goal-risk and causal
relationship models. Secondly, constructing a casual relationship
model through BBN is a complex undertaking, especially if several
risk factors are considered as intermediate nodes, which increase
the size of the probability density table. Thirdly, from the studied
project, the risk monitoring activity was not properly performed
at later stages due to the pressure to handle user changes and later
deliverables. Finally, based on the studied project, it was difficult to
answer some of the closed questions, in particular, quantify the
state of the factors under the development components into three
different scales at an early development stage. We agreed with
these limitations as they reflected the practitioners’ realistic justi-
fication about GSRM.
7.3. Comparison with other study results
We compare the result of our study with other study results
found in the literature, specifically those concerned with software
development risk factors and their influence on the project
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
outcomes. Such comparison allows us to generalise our findings
and to identify contextual factors from the current study context.
7.3.1. Commonality in risk factors
There is a substantial commonality fully or partially amongst
our results and those discussed in existing literature. For instance,
Schmidt et al. [23] identified a comprehensive list of risk factors
and top factors such as lack of adequate user involvement and
cooperation, lack of frozen requirements, change scope, and un-
clear/misunderstood scope/objective are similar to our findings.
The most noticeable areas, which included distinctive risk factors
by our study, are user, user’s organisational and requirements con-
text which match important risk components such as schedule and
budget, requirements management, and personnel management
demonstrated by Ropponen et al. [29]. Our results also show sim-
ilarities with Wallance’s et al. [53,24] findings on requirements,
user, and complexity risk dimensions. Procaccino’s et al. [37] study
results emphasised the factors related to the customer/user and
requirements, such as user involvement, realistic expectations,
complete and accurate requirements, and well defined project
scope which highly influence project success. Linberg [54] also
summarised factors such as effective leaders, technologically real-
istic requirements, and realistic schedule and effort estimation rel-
evant to the project success. Keil [55] identified a changing project
scope and the lack of frozen requirements as critical risk factors of
IS projects. Our results fully or partially match with these findings.
7.3.2. Risk management barriers
In the case study, the PM realised the need for risk management
and he was the main authority for the task. However, practitioners
were not motivated to implement a complete risk management
process. A similar situation is observed by other study results. This
situation is treated as the main barrier that obstructs the imple-
mentation of a formal risk management practice. Our interview re-
sponses summarised a large number of risk factors from the
project. A recent survey study result shows that intangible benefit,
lack of resource, and too many risks to control are the main per-
ceived barriers by the experienced project manager to a successful
implementation of software risk management [9]. Nyfjord et al.
[10] and Kwak et al. [31] emphasise the organisational problems,
such as variation of risk perception by different roles, lack of com-
petence and process problems, lack of plan and coordination are
additional barriers besides resource problems to integrate risk
management into development. We observed that formal risk
management practice was missing in the Domain Tech case study.
However, implementation of GSRM and its results certainly advo-
cate for a formal risk management practice in the upcoming
projects.
7.3.3. Factors related to current study context
It is worth mentioning that some important factors derived
from case studies found in the literature were not applicable to
the Domain Tech case study. These included no planning or inade-
quate planning, lack of management support, problems related to
the development process, and development team. Moreover, sev-
eral risk factors, seem to have a partial or no match compared to
the other studies, such as user unwillingness to provide informa-
tion and sign the interview document, bureaucratic nature of the
organisation, political biasness, users’ lack of IT knowledge, numer-
ous change/update requests, errors in contracts, training for large
number of users, and over-promise made by the vendor. These fac-
tors dominate our case and mostly originate from the user context.
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
7.4. Conclusion
Our experience based on the case study concludes that GSRM is
reasonably suitable for any complex project. The studied project
was complex, GSRM was well integrated to identify and control
the software development risks. The project manager agreed that
by using GSRM it was possible to identify and tackle the problems
in a structured way from the beginning of the development. We
observed similarities of the identified risk factors comparing with
other studied results as well as unique factors based on the project
specific context. Therefore, GSRM supports identification of both
project specific and generic risks that need adequate attention.
Analysis of the observations from the studied project helps us to
better integrate our goal-driven risk management method into
requirements engineering. A tutorial session about goal modelling
and risk management helps to understand the basic concepts of
GSRM. Our observation is that when treatment of risk factors is be-
yond the control of the project manager and development environ-
ment, it is difficult to control the risk. The studied project failed to
be completed within the estimated budget and schedule. The pro-
ject suffered approximately 25% budget overrun even though some
of the risk factors were mitigated. The risk management team
agreed on 15% acceptable limits for budget overruns, which was
also exceeded. The project users were government officials and
the project was funded by UNDP, therefore there was no room
for budget increase. The Domain Tech management considered
the project as a loss project. Nevertheless, Domain Tech obtained
the next work order from the planning ministry which implies that
the government officials were happy with the final outputs of the
project. The project manager believed that without integration of
risk management, budget overrun could have been even more,
government officials would not consider to significantly participate
in the project and the requirement errors would not have been
controllable from an early stage. The project is planned to be de-
ployed in the ministry campus and selected users are currently un-
der training. Domain Tech already obtained phase 2 of the project,
which includes three more modules in the existing application
software. Therefore, one goal is attained i.e. good reputation. The
upcoming project concerns the annual development program, pro-
ject and foreign aid monitor systems of the planning ministry, and
maintenance. The Domain Tech management hopes that phase 2
will compensate the loss suffered by the developed project. One
further conclusion is that it is not necessary to always consider
budget and schedule factors at the highest priority. Software devel-
opment projects are complex undertakings. There exist other is-
sues such as requirements, users, change management, user
satisfaction, and system usage, which directly or indirectly influ-
ence the budget and schedule constraints. These factors need early
attention in the development. Early determination of the nature of
project riskiness is very effective to plan the risk management
activities. Our study concluded that the project scope affects all
dimensions of risk and for high-risk projects; risks associated to
requirements specification, users, change management and project
execution are more obvious.
8. Study validity
8.1. Internal validity
We tried to reduce the expectation bias on the case study result.
The interview responses were commonly analysed in the brain-
storming session by the risk management team. None of the prin-
ciple investigators of GSRM were directly involved in the case
study, in order to reduce the bias of the findings. However, the stu-
dent members were adequately trained with GSRM and assigned
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
15
clear roles in performing the study. Therefore, student members
were part of the related research and their knowledge outcomes
were considered by the project team to mitigate the risks. A pre-
condition for the action research is the involvement of the partic-
ipants from both studied context and researchers. In our case,
this condition was satisfied. Data was collected not only from the
development team but also from the customer and project sponsor
representatives. Additionally, project documents were also ana-
lysed to understand the goals and risk factors. Therefore, several
sources were used to collect data, and this limits the effects of
the interpretation of one single data source. Interview responses
and results of the project documents inspection were further ana-
lysed and discussed in the brainstorming sessions. The PM and
other team members were not fully motivated for a formal risk
management practice in the project. This attitude changed later
in the project by observing the outcome of GSRM activities. This
demonstrates the importance of GSRM and the fact that it assisted
in quickly creating visual and critical insights. Maturation effects
also intimidate the internal validity, in particular when the partic-
ipants react differently the perception of risk during the course of
development. However, in our work activities GSRM took place in
the requirement engineering phase, and therefore that threat can-
not significantly affect our study.
8.2. External validity
The case study context is located in a single geographical region,
and as such there is possibility for cultural bias. Our findings are
based on multiple data sources which allow for stronger conclu-
sions. The study results were compared with other results from
the literature in order to generalise our findings. The comparisons
confirmed several commonalities in terms of goals and risk factors,
however, there are also some unique factors caused by local con-
text. Therefore, factors related to goals and risks are influenced
by the local context.
8.3. Construct validity
We considered benefits and limitations of the GSRM and cor-
rectly measured quantitative metrics, such as the effort required
to undertake risk management activities in a software project.
The quality of the case study questionnaires was improved by fol-
lowing the feedback from our previous study. The participants an-
swered most of the questions apart from those which are perceived
as difficult at an early stage. The threat of asking the wrong ques-
tions was mitigated. The project manager and the development
team members had adequate experience from several software
development projects. User representatives also had adequate
experience in the government service. The student members con-
ducted a kick-off workshop for the practitioners and explained de-
tails about the interview purpose to the users. We believe that the
participants understood the terms being used.
9. Summary
In this paper we presented the GSRM method and reported our
experience from its usefulness and integration of risk management
activities into requirements engineering through an empirical
evaluation, by combining a case study method with action re-
search. The study is based on a single active ongoing software pro-
ject case, and project team members were actively involved within
the case study. The application of GSRM to a real case study has
been very promising. Our results showed that a goal-driven ap-
proach is suitable for risk management and risk management is
well integrated into the early requirements engineering. The re-
16 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx
sults indicate that GSRM is a practical and reasonable risk manage-
ment method that can be employed in an industrial context. The
goal oriented view made it easy to understand and communicate
the concepts of GSRM, and a short training session was adequate
for this purpose. The results from the risk management activities
have directly incorporated into the project to control the potential
risks. We have noted our gained experience and insight lessons
learned from the case study. These can be useful for integrating
risk management practice into software projects. We also observed
limitation of GSRM mainly related to the risk management model-
ling artefacts and closed questions.
To generalise our results we compared the study results with
other similar study results. We believe this study is useful to im-
prove GSRM and to inform and motivate practitioners about the
effectiveness of integrating risk management activities in the early
phase of the development. However, a single case study is not ade-
quate to generalise the findings. Therefore more case studies are
necessary so that the validity of the results can be further general-
ised and the risk management method can be improved based on
the case study observations and limitations. We are currently
working on defining comprehensive application guidelines for
the GSRM so that it can provide better support for risk analysis into
a software project. Additionally, our effort will focus on developing
a goal-risk taxonomy. A goal-risk taxonomy identifies and classifies
goals and risks that are associated with certain project characteris-
tics and links with possible potential control actions in controlling
specific types of risks. Project managers can reuse the taxonomy
for any upcoming project. Some factors within the course of the
product life cycle such as deployment, operation, and maintenance
do not get adequate attention at an early stage. Later on these fac-
tors can pose a real threat for the project. Therefore these factors
need further investigation. We would like to integrate continuous
risk management activities to analyse these factors. Finally, it is
important to develop automated mechanisms and tools to support
risk management activities. Our future work will be dedicated to-
wards these aims.
Acknowledgments
We would like to thank all the project team members of the
automation project and the ministry of planning employees. A spe-
cial thanks goes to the MIT students for the endless support in the
empirical investigation. Finally, we thank the management of Do-
main Techx for giving us the opportunity to work in this project.
References
[1] B. Boehm, A. Egyed, J. Kwan, D. Port, A. Shah, R. Madachy, Using the winwin
spiral model: a case study, Computer 31 (7) (1998) 33–44. http://dx.doi.org/
10.1109/2.689675.
[2] D.W. Karolak, Software Engineering Risk Management, IEEE Computer Society
Press, 1995.
[3] S.-W. Foo, A. Muruganantham, Software risk assessment model, in:
Proceedings of the IEEE International Conference on Management of
Innovation and Technology (ICMIT 2000), 2000.
[4] J. Kontio, Software engineering risk management: A method, improvement
framework and empirical evaluation, Ph.D. thesis, Helsinki University of
Technology, 2001.
[5] G. Roy, A risk management framework for software engineering practice, in:
ASWEC ’04: Proceedings of the 2004 Australian Software Engineering
Conference, IEEE Computer Society, Washington, DC, USA, 2004, p. 60.
[6] S. Islam, Software development risk management model-a-goal-driven
approach, Ph.D. thesis, Institute für Informatik, Technische Universität
München, Germany, 2011.
[7] R.L. Glass, Software Runaways: Monumental Software Disasters, Prentice-Hall,
1998.
[8] A. van Lamsweerde, Requirements Engineering: From System Goals to UML
Models to Software Specifications, Wiley, 2009.
[9] E.E. Odzaly, P.D. Greer, Software risk management barriers: an empirical study,
in: ESEM ’09: Proceedings of the 2009 3rd International Symposium on
Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003
Empirical Software Engineering and Measurement, IEEE Computer Society,
Washington, DC, USA, 2009, pp. 418–421. doi:http://dx.doi.org/10.1109/
ESEM.2009.5316014.
[10] J. Nyfjord, M. Kajko-Mattsson, Integrating risk management with software
development: state of practice, in: Proceedings of the International
Multiconference of Engineers and Computer Scientists 2008 (IMECS), 2008.
[11] J. Ropponen, Risk assessment and management practices in software
development, in: L.P. Willcocks, S. Lester (Eds.), Beyond the IT Productivity
Paradox, John Wiley & Sons, Chichester, 1999, pp. 247–266.
[12] P.L. Bannerman, Risk and risk management in software projects: a
reassessment, The Journal of Systems and Software 81 (12) (2008) 2118–
2133. http://dx.doi.org/10.1016/j.jss.2008.03.059.
[13] Risk management-vocabulary-guidelines for use in standards, iso/iec guide 73,
2002.
[14] ISO/IEC 15504 information technology – process assessment, International
Organization for Standardization (ISO)/International Electrotechnical
Commission (IEC), 2004.
[15] B.W. Boehm, Software risk management: principles and practices, IEEE
Software 8 (1) (1991) 32–41. http://dx.doi.org/10.1109/52.62930.
[16] F. Sisti, S. Joseph, Software risk evaluation method version 1.0., Tech. rep.,
SEI,Carnegie-Mellon University, 1994.
[17] C.J. Alberts, A.J. Dorofee, R. Higuera, R.L. Murphy, J.A. Walker, R.C. Williams,
Continuous Risk Management Guidebook, Software Engineering Institute,
Carnegie Mellon University, Pittsburgh, PA, 1996.
[18] M. Carr, S. Konda, I. Monarch, C. Ulrich, C. Walker, Taxonomy based risk
identification (cmu/sei-93-tr-6, ada266992), Tech. rep., Software Engineering
Institute, Carnegie Mellon University, Pittsburgh, PA, 1993.
[19] M.K.M.B. Chrissis, S. Shrum, CMMI Guidlines for Process Integration and
Product Improvement, Addison-Wesley Longman Publishing Co., Inc., Boston,
MA, USA, 2003.
[20] ISO 31000:2009 Risk Management Principles and Guidelines, International
Organization for Standardization (ISO)/International Electrotechnical
Commission (IEC), 2009.
[21] Standard australia, as/nzs 4360:1999 risk management, 1999.
[22] H. Barki, S. Rivard, J. Talbot, Toward an assessment of software development
risk, Journal of Management Information Systems 10 (2) (1993) 203–225.
[23] R. Schmidt, K. Lyytinen, M. Keil, P. Cule, Identifying software project risks: an
international delphi study, Journal of Management Information Systems 17 (4)
(2001) 5–36.
[24] L. Wallace, M. Keil, A. Rai, Understanding software project risk: a cluster
analysis, Information and Management 42 (1) (2004) 115–125.
[25] N.H. Arshad, A. Mohamed, Z.M. Nor, Risk factors in software development
projects, in: SEPADS’07: Proceedings of the 6th WSEAS International
Conference on Software Engineering, Parallel and Distributed Systems,
World Scientific and Engineering Academy and Society (WSEAS), Stevens
Point, Wisconsin, USA, 2007, pp. 51–56.
[26] R.T. Nakatsu, C. Iacovou, A comparative study of important risk factors
involved in offshore and domestic outsourcing of software development
projects: a two-panel delphi study, Information and Management 46 (1)
(2009) 57–68. http://dx.doi.org/10.1016/j.im.2008.11.005.
[27] T. Moynihan, How experienced project managers assess risk, IEEE Software 14
(3) (1997) 35–41. http://dx.doi.org/10.1109/52.589229.
[28] C.L. Iacovou, R. Nakatsu, A risk profile of offshore-outsourced development
projects, Communication of the ACM 51 (6) (2008) 89–94. http://doi.acm.org/
10.1145/1349026.1349044.
[29] J. Ropponen, K. Lyytinen, Components of software development risk: how to
address them? a project manager survey, IEEE Transactions on Software
Engineering 26 (2) (2000) 98–112. http://dx.doi.org/10.1109/32.841112.
[30] J. Jiang, G. Klein, Software development risks to project effectiveness, The
Journal of Systems and Software 52 (1) (2000) 3–10. doi:http://dx.doi.org/
10.1016/S0164-1212(99)00128-4.
[31] Y.H. Kwak, J. Stoddard, Project risk management: lessons learned from
software development environment, Technovation 24 (11) (2004) 915–920.
doi:10.1016/S0166-4972(03)00033-6.
[32] S. Islam, S.H. Houmb, D. Mendez-Fernandez, M.M.A. Joarder, Offshore-
outsourced software development risk management model, in: Proc. of the
12th IEEE International Conference on Computer and Information Technology
(ICCIT 2009), Dhaka, Bangladesh, 2009, pp. 514–519, doi:http://dx.doi.org/
10.1109/ICCIT.2009.5407292.
[33] S. Islam, S.H. Houmb, Integrating risk management activities into
requirements engineering, in: Proc. of the 4th IEEE Research International
Conference on Research Challenges in Information Science(RCIS2010), Nice,
France, 2010.
[34] S. Islam, S.H. Houmb, Towards a framework for offshore outsource software
development risk management model, Journal of Software (JSW), Special
Issue: Selected Papers of the IEEE International Conference on Computer and
Information Technology (ICCIT 2009) 6 (1) 2011.
[35] S. McConnell, Rapid Development, Taming Wild Software Schedules, Microsoft
Press, 1996.
[36] T. Saarinen, An expanded instrument for evaluating information system
success, Information and Management 31 (2) (1996) 103–118. doi:http://
dx.doi.org/10.1016/S0378-7206(96)01075-0.
[37] J.D. Procaccino, J.M. Verner, S.P. Overmyer, M.E. Darter, Case study: factors for
early prediction of software development success, Information and Software
Technology 44 (1) (2002) 53–62.
 S. Islam et al. / Information and Software Technology xxx (2013) xxx–xxx 17

[38] M. Broy, A. Fleischmann, S. Islam, L. Kof, C. Leuxner, K. Lochmann, D. Mendez-
Fernandez, B. Penzenstadler, W. Sitou, S. Winter, Towards an integrated
approach to requirement engineering, Tech. rep., TUM-I0935, Technische
Universität München, Germany, December 2009.
[39] B. Schätz, Model-based development of software systems: from models to
tools, habilitation, Technische Universität München, 2008.
[40] D.M. Fernández, B. Penzenstadler, M. Kuhrmann, M. Broy, A meta model for
artefact-orientation: Fundamentals and lessons learned in requirements
engineering, in: MoDELS (2), 2010, pp. 183–197.
[41] B. Freimut, S. Hartkopf, P. Kaiser, J. Kontio, W. Kobitzsch, An industrial case
study of implementing software risk management, SIGSOFT Software
Engineering Notes 26 (5) (2001) 277–287. http://doi.acm.org/10.1145/
503271.503247.
[42] C. Chittister, Y. Haimes, Risk associated with software development: A holistic
framework for assessment and management, IEEE Transactions on Systems,
Man and Cybernetics 23 1993.
[43] R.K. Yin, Case Study Research: Design and Methods, SAGE Publications Inc.,
2008.
[44] R.M. Davison, M.G. Martinsons, N. Kock, Principles of canonical action
research, Information Systems Journal 14 (2004) 65–86.
[45] B.A. Kitchenham, S.L. Pfleeger, M.L. Pickard, P.W. Jones, D.C. Hoaglin, K.E.
Emam, J. Rosenberg, Preliminary guidelines for empirical research in software
engineering, IEEE Transactions on Software Engineering 28 (8) (2002) 721–
734. http://dx.doi.org/10.1109/TSE.2002.1027796.
[46] S. Easterbrook, J. Singer, M. Storey, D. Damian, Selecting Empirical Methods for
Software Engineering Research, Springer, 2007.
[47] S.L. Pfleeger, B.A. Kitchenham, Principles of survey research: part 1: turning
lemons into lemonade, SIGSOFT Software Engineering Notes 26 (6) (2001) 16–
18. http://doi.acm.org/10.1145/505532.505535.
[48] J.W. Creswell, Research Design: Qualitative, Quantitative, and Mixed Methods
Approaches, Sage Publications, 2002.
[49] I.P.C.M. Varkevisser, A. Brownlee, Designing and conducting health systems
research projects: vol. 1 – proposal development and fieldwork. chapter 10:
Data collection techniques, Tech. rep., KIT Publishers, Amsterdam, 2002.
[50] Domain Software Technologies Ltd., <http://www.domtech.co.uk/> (accessed
October 2010).
[51] Digital Bangladesh Vision 2021, <http://www.boi.gov.bd> (accessed October
2010).
[52] D.I.K. Sjoberg, T. Dyba, M. Jorgensen, The future of empirical methods in
software engineering research, in: FOSE ’07: 2007 Future of Software
Engineering, IEEE Computer Society, Washington, DC, USA, 2007, pp. 358–
378. doi:http://dx.doi.org/10.1109/FOSE.2007.30.
[53] L. Wallace, M. Keil, Software project risks and their effect on outcomes,
Communications of the ACM 47 (4) (2004) 68–73. http://doi.acm.org/10.1145/
975817.975819.
[54] K.R. Linberg, Software developer perceptions about software project failure: a
case study, The Journal of Systems and Software 49 (2–3) (1999) 177–192.
doi:http://dx.doi.org/10.1016/S0164-1212(99)00094-1.
[55] M. Keil, P.E. Cule, K. Lyytinen, R.C. Schmidt, A framework for identifying
software project risks, Communications of the ACM 41 (11) (1998) 76–83.
http://doi.acm.org/10.1145/287831.287843, issues 11.

Please cite this article in press as: S. Islam et al., An empirical study on the implementation and evaluation of a goal-driven software development risk
management model, Inform. Softw. Technol. (2013), http://dx.doi.org/10.1016/j.infsof.2013.06.003