Risk assessment in new software development projects at the front end: a fuzzy logic approach

  • Ming-Yuan Hsieh
  • Yu-Chin Hsu
  • Ching-Torng Lin
Original Research


New software development (NSD) has inherent complexity, uncertainty, and risk. Risk analysis and mitigation is perhaps the most critical activity in an NSD project, yet such risk evaluation is often not adequately performed. To reduce the high failure rate of NSD projects, managers require more effective tools for evaluating and managing NSD project risks. Limited by both the nature and timing of NSD, risk evaluation is associated with data, information, and imprecise or ambiguous knowledge. Fuzzy logic is well suited for analysis in this situation. Thus, a fuzzy risk impact rating (FRIR) was developed for determining the total project risk exposure level for an NSD project according to risk attributes associated with the project, such as organizational environment, users, requirements, project complexity, team, and planning and control. The FRIR is composed of attributes’ possible ratings and corresponding severity levels, and is aggregated using fuzzy weighted average. As an illustration, the development of a new electronic toll collection project by a Taiwanese company is evaluated. This evaluation evidences that the fuzzy logic-based risk evaluation model can efficiently aid managers in dealing with ambiguity, imprecision, and complexity in NSD risk evaluation.


New software development Software project risk evaluation Fuzzy weighted average Fuzzy risk impact rating Electronic toll collection service systems 


  1. Afshar-Nadjafi B, Rahimi A, Karimi H (2013) A genetic algorithm for mode identity and the resource constrained project scheduling problem. Scientia Iranica 20(3):824–831Google Scholar
  2. Aloini D, Dulmin R, Mininno V (2012) Risk assessment in ERP projects. Inf Syst 37(3):183–199CrossRefGoogle Scholar
  3. Altuwaijri MM, Khorsheed MS (2012) InnoDiff: a project-based model for successful IT innovation diffusion. Int J Project Manage 30(1):37–47CrossRefGoogle Scholar
  4. Bannerman PL (2008) Risk and risk management in software projects: a reassessment. J Syst Softw 81(12):2118–2133CrossRefGoogle Scholar
  5. Cerpa N, Bardeen M, Astudillo CA, Verner J (2016) Evaluating different families of prediction methods for estimating software project outcomes. J Syst Softw 112:48–64CrossRefGoogle Scholar
  6. Chen T, Chuang YH (2016) Fuzzy and nonlinear programming approach for optimizing the performance of ubiquitous hotel recommendation. J Ambient Intell Humaniz ComputGoogle Scholar
  7. Chen K, Gorla N (1998) Information system project selection using fuzzy logic. IEEE Trans SMC-Part A Syst Hum 28(2):849–855CrossRefGoogle Scholar
  8. Chen SJ, Hwang CL (1992) Fuzzy multiple attribute decision making methods and application. Springer, BerlinCrossRefGoogle Scholar
  9. Doctor F, Iqbal R, Naguib RN (2014) A fuzzy ambient intelligent agents approach for monitoring disease progression of dementia patients. J Ambient Intell Humaniz Comput 5(1):147–158CrossRefGoogle Scholar
  10. Dubois D, Prade H (1988) Possibility theory-an approach to computerized processing of uncertainty. Plenum, New YorkzbMATHGoogle Scholar
  11. Elmazi D, Kulla E, Oda T, Spaho E, Sakamoto S, Barolli L (2015) A comparison study of two fuzzy-based systems for selection of actor node in wireless sensor actor networks. J Ambient Intell Humaniz Comput 6(5):635–645CrossRefGoogle Scholar
  12. Guesgen HW, Albrecht J (2000) Imprecise reasoning in geographic information systems. Fuzzy Sets System 113:121–131CrossRefzbMATHGoogle Scholar
  13. Han WM (2015) Discriminating risky software project using neural networks. Comput Stand Interfaces 40:15–22CrossRefGoogle Scholar
  14. Hsu TH, Lin LZ (2014) Using fuzzy preference method for group package tour based on the risk perception. Group Decis Negot 23(2):299–323CrossRefGoogle Scholar
  15. Hu Y, Feng B, Mo X, Zhang X, Ngai EWT, Fan M, Liu M (2015) Cost-sensitive and ensemble-based prediction model for outsourced software project risk prediction. Decis Support Syst 72:11–23CrossRefGoogle Scholar
  16. Kangari R, Riggs LS (1989) Construction risk assessment by linguistics. IEEE Trans EM 36(2):126–131Google Scholar
  17. Kao C, Liu ST (2001) Fractional programming approach to fuzzy weighted average. Fuzzy Sets Syst 120:435–444MathSciNetCrossRefzbMATHGoogle Scholar
  18. Karwowski W, Mital A (1986) Applications of approximate reasoning in risk analysis. In: Karwowski W, Mital A (eds) Applications of fuzzy set theory in human factors. Netherlands, AmsterdamGoogle Scholar
  19. Kumar C, Yadav DK (2015) A probabilistic software risk assessment and estimation model for software projects. Procedia Comput Sci 54:353–361CrossRefGoogle Scholar
  20. Lee-Kwang H, Lee JH (1999) A method for ranking fuzzy numbers and its application to decision-making. IEEE Trans Fuzzy Syst 7(6):677–685CrossRefGoogle Scholar
  21. Li Y, Yang MH, Klein G, Chen HG (2011) The role of team problem solving competency in information system development projects. Int J Project Manage 29(7):911–922CrossRefGoogle Scholar
  22. Lin LZ, Lu CF (2013) Fuzzy group decision-making in the measurement of ecotourism sustainability potential. Group Decis Negot 22(6):1051–1079CrossRefGoogle Scholar
  23. Lin CT, Yang YS (2015) A linguistic approach to measuring the attractiveness of new products in portfolio selection. Group Decis Negot 243(12):145–169CrossRefGoogle Scholar
  24. Lo CC, Chen WJ (2012) A hybrid information security risk assessment procedure considering interdependences between controls. Expert Syst Appl 39:247–257CrossRefGoogle Scholar
  25. Machacha LL, Bhattacharya P (2000) A fuzzy logic-based approach to project selection. IEEE Trans Eng Manage 47:65–73CrossRefGoogle Scholar
  26. McConnell S (1997) Software project survival guide: how to be sure your first important project isn’t your last. Microsoft Press, RedmondGoogle Scholar
  27. Miller GA (1956) The magical number seven plus or minus two: some limits on our capacity for processing information. Psychol Rev 63:81–97CrossRefGoogle Scholar
  28. Montoya-Torres JR, Gutierrez-Franco E, Pirachicán-Mayorga C (2010) Project scheduling with limited resources using a genetic algorithm. Int J Project Manage 28(6):619–628CrossRefGoogle Scholar
  29. Moreno García M, Román I, García Peñalvo F, Bonilla M (2008) An association rule mining method for estimating the impact of project management policies on software quality, development time and effort. Expert Syst Appl 34(1):522–529CrossRefGoogle Scholar
  30. Neumann D (2002) An enhanced neural network technique for software risk analysis. IEEE Trans Softw Eng 28(9):904–912CrossRefGoogle Scholar
  31. Osei-Bryson KM, Ojelanki K, Ngwenyama OK (2006) Managing risks in information systems outsourcing: an approach to analyzing outsourcing risks and structuring incentive contracts. EJOR 174:245–264CrossRefzbMATHGoogle Scholar
  32. Pfeifer J, Barker K, Ramirez-Marquez JE, Morshedlou N (2015) Quantifying the risk of project delays with a genetic algorithm. Int J Prod Econ 170:34–44CrossRefGoogle Scholar
  33. Roussel RA, Saad KN, Erickson JJ (1991) Third generation R&D: managing the link to corporate strategy. Harvard Business Press, BostonGoogle Scholar
  34. Samantra C, Datta S, Mahapatra SS (2014) Risk assessment in it outsourcing using fuzzy decision-making approach: an Indian perspective. Expert Syst Appl 41:4010–4022CrossRefGoogle Scholar
  35. Schmidt R, Lyytinen K, Keil M, Cule P (2001) Identifying software project risks: an international Delphi study. J Manag Inf Syst 17(4):5–36CrossRefGoogle Scholar
  36. Schmucker KJ (1985) Fuzzy sets, natural language computations and risk analysis. Computer Science Press, USAzbMATHGoogle Scholar
  37. Schwalbe K (2013) Information technology project management. Cengage LearningGoogle Scholar
  38. The Standish Group (2014) The Standish Group report chaos—Project smart. Accessed 01 Dec 2015
  39. Vrhovec SL, Hovelja T, Vavpotič D, Krisper M (2015) Diagnosing organizational risks in software projects: stakeholder resistance. Int J Project ManagGoogle Scholar
  40. Wallace L, Keil M, Rai A (2004) Understanding software project risk: a cluster analysis. Inf Manag 42(1):115–125CrossRefGoogle Scholar
  41. Wanderley M, Menezes J, Gusmão C, Lima F (2015) Proposal of risk management metrics for multiple project software development. Procedia Comput Sci 64:1001–1009CrossRefGoogle Scholar
  42. Xu Z, Yang B, Guo P (2007) Software risk prediction based on the hybrid algorithm of genetic algorithm and decision tree. Commun Comput Inf Sci 2(5):266–274Google Scholar
  43. Yen H, Li E, Niehoff B (2008) Do organizational citizenship behaviors lead to information system success? Testing the mediation effects of integration climate and project management. Inf Manag 45(6):394–402CrossRefGoogle Scholar
  44. Yucel G, Cebi S, Hoege B, Ozok AF (2011) A fuzzy risk assessment model for hospital information system implementation. Expert Syst Appl 39:1211–1218CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Department of International BusinessNational Taichung University of EducationTaichungTaiwan
  2. 2.Dayeh UniversityChanghuaTaiwan
  3. 3.Department of Information ManagementDayeh UniversityChanghuaTaiwan

Personalised recommendations