Preparation involves the establishment of the evaluation team, including a
Site Coordinator to make arrangements for the on-site portion of the
evaluation. The evaluation team members and site participants are chosen and
notified of the upcoming evaluation. Scheduling commitments are made and
read-ahead orientation materials are requested for the evaluation team.
Software Risk Evaluation encompasses the implementation of the protocol
analysis steps tailored for implementation of a software risk assessment. The
actions constituting each of these steps are summarized as follows:
The record step begins with orientation: evaluation team members become
familiar with the SRE methodology and the program being evaluated; both
acquisition management and program management are briefed on the evaluation
objectives. Next, the taxonomy-based questionnaire is used to lead interviews
of development staff peer groups. Following each interview, the evaluation
team captures perceptions of risk issues raised.
The group step involves producing a taxonomy-based categorization of all
risk issues recorded from all sessions. Also during this step. the list of
risk issues is collapsed by merging duplicate risk entries and combining
fragmented entries into complete thoughts.
During the format step, risk entries are reworded into risk statement
format. This formatting isolates the components of risk while maintaining the
context and content of the original issues raised during the
As partial completion of the codify step, the formatted risk statements are
scanned again to identify relationships between statements. Finally, ranking
of the risk statements is performed to prioritize the risk list based on risk
The final on-site step is to deliver results of the evaluation. An outbrief
is developed and presented both to the program manager and the acquisition
manager. The list of risks identified is offered as a baseline of risks from
which to develop a risk management plan.
Post-evaluation actions include archival of nonattributed risk list
information into the SEI Risk Program's risk knowledge base, and incorporation
of process improvement feedback into the SRE methodology itself.
The remaining sections offer detailed descriptions of each of the Software
Risk Evaluation activities summarized above.