Faculty & Research -Software Development Risk – the key to matching IT process management with the final product?

Software Development Risk – the key to matching IT process management with the final product?

No-one is under any illusions as to the level of technical progress made in IT in recent years. Looking in from the outside, software development appears to be not only a lucrative business but also offer a money-spinning, stable career.

However, with recent statistics suggesting that Chief Information Officers only last an average 2½ years in each position due to the large number of failed or even incomplete projects, a problem clearly needs to be addressed. Companies need to start embracing the concept of the Capability Maturity Model and the return on investment that it can offer.

It is widely recognised that IT projects within firms fail for three main reasons – inadequate planning, a poor grasp of the development process, and a lack of clarity at managerial framework level. The highly-regarded Standish Group research report delivered damning figures in 2009 to illustrate the consequences – 31.1% of projects are cancelled before completion for these reasons, whilst 52.7% of projects end up costing 189% of the estimated original budget. What some firms are seemingly failing to “connect” is the process with the product – it remains essential that project procedure be correctly undertaken in order to ensure that the end result meets the satisfaction of customers and users. But how?

A five-point scale to evaluate the process

A possible solution to the problem lies with the Pittsburgh-based Software Engineering Institute and its five-point Capability Maturity Model (or “CMM”), a formal process that ranks IT firms as regards the efficiency and effectiveness of their project management, from Initial, Repeatable, and Defined, through to Managed, and then Optimised. The procedure to attain such labels is potentially time- and cost-consuming but it nevertheless provides an accurate roadmap for firms to implement effective practices and progress logically in order to improve software development processes.

Firms who have chosen not to do so have paid the price, as this new system enables those in need to establish a link between the potential of an unwanted outcome (i.e. from project abandonment through to costly project delivery and/or user dissatisfaction) and how best to assess and, better still, anticipate the risk factors involved. On this latter key point recent research has shown just how important it is to establish the interaction of process maturity and risk and its resultant impact on performance.

The Maturity-Risk-Performance Conundrum

The three underlying potential success/failure factors break down as follows. Software Process Maturity refers to the attempt to improve a project’s capability to produce high-quality software based on the requirements of customers or end users, from the perspective of scheduling, coding time, testing time and quality. Software Development Risk can be offset by senior management’s ability to identify, assess and mitigate risks upfront and thereby increase the chances of success at product delivery time. Such risks can be broken down into five main categories – technological newness, application size, expertise, project complexity, and organisational support. Project Performance boils down to engineering aspects of efficiency and effectiveness, as well as organisational issues of control, communication, and organisational knowledge.

All of these are familiar challenges faced by IT professionals on a daily basis. What IT practitioners and researchers have failed to do up until now is to establish a correlation of the three and, above all, the moderating effect that development risk might have on the linkage between process maturity and project performance.

A research model where discipline isn’t always everything

Recent research focussing upon 500 Capacity Maturity Model-accredited organisations, comprising Information System managers from a variety of types of organisation in terms of size of overall structure and the development teams found therein, has been based around the five-point scale mentioned above (Initial, Repeatable, Defined, Managed, and Optimised).

The overwhelming conclusions of this questionnaire-based inquiry are that performance increases with higher levels of CMM process maturity, that development risk can negate performance, and that the link between process maturity and project performance is moderated by development risk. A disciplined process may be assumed to always produce the best possible result, but recent research suggests that the conundrum is a much finer balancing act of maturity, risk and performance. From a practical perspective, this could serve as the positive tipping point that encourages firms to invest in the short-term costly procedure that may reap long-term financial benefits.

Implications and steps ahead

Whilst the typical time required to move up a scale in the CMM scale is in the region of 18-30 months, there have been enough recent success stories to suggest it is worth the effort. Groupe Bull and Hewlett Packard are just two examples. In the latter case, a six-year study found that delivered defects were significantly reduced and savings of over $100 million made by improving their software process. On the flipside, look no further than the repeated failure of the Denver airport baggage handling software system and the estimated $1.1 million per day that it was costing the city through a lack of attention to the maturity-risk-performance issue.

From a research perspective each of the five maturity levels are worthy of extra attention, as well as the extent to which each risk factor could be mitigated by management practice. However, there now exists an increasingly persuasive argument for the ROI on the CMM process. More than ever before, IT project managers must remember factors such as project size, software development managerial capabilities, and user involvement in projects before launching themselves and the firms they represent into potentially very costly IT ventures.


This article was inspired by the paper The impact of Software Process Maturity on Software Project Performance: The Contingent Role of Software Development Risk, written by Bouchaib Bahli and Dany Di Tullio and published in Systèmes d’information et Management, 18, 3 (2013).

Bouchaib Bahli is Professor of Information Technology (IT) at ESC Rennes School of Business, France. His research areas are: IT outsourcing, risk management of software development projects and, IT adoption modelling. His publications appeared in Information and Management, Journal of Information Technology, OMEGA, Communications of AIS, and Requirement Engineering Journal.

Vecteur de Infographie conçu par Freepik