Risk analysis of software process measurements

Quantitative process management (QPM) and causal analysis and resolution (CAR) are requirements of capability maturity model (CMM) levels 4 and 5, respectively. They indicate the necessity of process improvement based on objective evidence obtained from statistical analysis of metrics. However, it is difficult to achieve these requirements in practice, and only a few companies have done so successfully. Evidence-based risk-management methods have been proposed for the control of software processes, but are not fully appreciated, compared to clinical practice in medicine. Furthermore, there is no convincing answer as to why these methods are difficult to incorporate in software processes, despite the fact that they are well established in some business enterprises and industries. In this article, we challenge this issue, point out a problem peculiar to software processes, and develop a generally applicable method for identifying the risk of failure for a project in its early stages. The proposed method is based on statistical analyses of process measurements collected continuously throughout a project by a risk assessment and tracking system (RATS). Although this method may be directly applicable to only a limited number of process types, the fundamental idea might be useful for a broader range of applications.