Abstract:
Many Software development organizations suffer chronic problems of cost overruns, schedule slips and projects that do not meet the originally specified functions in almost all software projects. This study commenced by reviewing existing risk management models. Thereafter, a survey which involved software project managers in Kenya was conducted to gather empirical data about the practice of risk assessment. Thirty Software Project managers participated and were interviewed. Structured questionnaires were used to capture information. Observation made from this study show that in Kenya, risk assessment is poorly practiced and many projects do not yet practice systematic risk assessment. This is because 83% of software project managers implicitly assess risks and the same percentage (83%) use unstructured approaches, poor risk identification and analysis techniques. It additionally shows that risks are not documented and experiences not properly utilized. This has led to ever recurring problems. The conclusion drawn indicates that Kenya’s software project managers need to start assessing risks using proper approaches. Cross-section review of existing models showed that these models are complex and may not help address existing shortcomings. This study proposes a risk assessment framework, which helps managers to simply start assessing, documenting major risks, estimating risks using an objective approach that is based on frequently occurring risks to project likelihood of a risk occurring and subjective approach where objective approach is not applicable. It also supports qualitative risk estimation technique using prearranged risk estimation matrices and is supported by a tool which collects and stores risk data for analysis and improvement purposes.