臺灣博碩士論文加值系統

軟體開發流程中潛藏著許多不確定性的因素，因此做好軟體風險管理是軟體開發專案成功與否的一個重要關鍵因素。軟體風險管理包含一連續性的流程作業：風險辨識、風險分析、風險監控、風險避免、風險復原等，其中軟體風險的辨識是首要的工作項目。文獻中對軟體風險的辨識主要是經由專案經理的問卷調查或訪談歸納出不同構面下的軟體風險因子，而在實務上軟體風險的辨識大都是仰賴專案經理憑藉以往的經驗或是利用風險查核表來實施軟體風險的辨識。然而每個專案的類型、需求、成本、人力與資源等軟體特徵皆會影響各個軟體風險因子發生的機率與影響程度，而這些軟體特徵值會隨著軟體專案的進行而有所改變，因此軟體風險因子的重要排序亦需要跟著調整，然而以上述憑藉專案經理個人主觀經驗判斷的方式來執行軟體風險的辨識是較不確實際的作法。
因此針對上述的問題，本研究提出了『軟體風險因子動態辨識模式』，主要的想法是當影響軟體風險因子重要程度的軟體特徵值有變動的時候，可以經由將軟體特徵值與軟體專案風險資料庫進行比對，找出一筆最相似的軟體專案歷史資料，進而提供十大軟體風險因子資訊。我們首先透過文獻探討彙整出軟體風險因子六大構面與其27項軟體風險因子、與影響軟體風險因子發生機率與影響程度的30項軟體特徵，並建置網站蒐集軟體專案風險歷史資料，並實際開發『軟體風險因子動態辨識工具』（Dynamic Identification Tool for Software Risk Factors）。本研究所建構的軟體工具，可以供軟體專案風險管理者在專案進行的任何時候，或當軟體特徵值有變動的時候輸入各項專案特徵值，而能動態地列出該專案軟體風險因子重要程度的排序，以幫助專案管理者有效地執行後續的軟體風險避免作業，進而降低軟體風險因子發生的機率或影響程度。

There are many uncertainties inherent within all software development life cycle stages, which seriously impact the cost, schedule and quality of the software project. Therefore, a good software risk management is a key to success of software development project. Software risk management is a systematic process including risk identification, risk analysis, risk monitoring, risk avoidance and risk mitigation, etc. Among these activities, risk identification is an essential and foremost activity. Many researches in the past have conducted numerous works on risk identification issue, but all primarily focused on the static identification or classification of software risk factors by conducting questionnaires or interviews with project managers. In the real practice of software risk management, most project managers perform risk identification based on their past experiences or using risk checklist. However, each project characteristics, such as type, requirement, cost and workforce limitations, affecting the likelihood and severity of consequences of software risk factors are different from other projects. As these characteristics are changing throughout the software development stages, the priority order of software risk factors needs to be modified when one or more project characteristics are changed. Therefore, it is not realistic to perform software risk identification just only by relying on the subjective judgment of project managers.
To address the above question, this thesis proposes “Dynamic Identification Model of Software Risk Factors”. The major thought is that the risk identification needs to be dynamically performed when project characteristics affecting software risk’s probability and consequences are changed. The high priority software risk factors are provided by finding a historical software project whose characteristics are the most similar to the software project being developed. We first summarize 27 software risk factors, which are classified into six categories, and 30 software project characteristics affecting software risk’s likelihood and consequences, and then build up a website for collecting historical software project risk data and finally develop a software tool called “Dynamic Identification Tool for Software Risk factors” based on our proposed model. Such a tool can assist project managers in dynamically generating the priority order of software risk factors by entering project characteristics to the tool at any time during the software development life cycle or when there is any change to software characteristic(s), thus helping them efficiently perform risk avoidance activity and further mitigate the likelihood or consequences of software risk factors

摘 要 IV
ABSTRACT V
誌 謝 VI
目 錄 VII
表 目 錄 IX
圖 目 錄 XI
第一章 緒論 1
1.1研究背景 1
1.2研究動機 3
1.3研究目的 4
1.4研究程序 5
1.5研究限制 7
1.6本文架構 7
第二章 文獻探討 9
2.1專案風險管理的相關文獻探討 9
2.2軟體風險因子的相關文獻探討 14
2.3軟體風險辨識的相關文獻探討 27
第三章 研究設計 35
3.1研究架構 35
3.2問卷調查設計 36
3.3軟體風險因子資料庫設計 47
3.4動態軟體風險辨識系統設計 49
3.5問卷範本之信度與效度 55
第四章 研究結果 57
4.1問卷調查結果 57
4.2軟體風險資料庫設計結果 70
4.3動態軟體風險辨識系統設計結果 72
4.4動態軟體風險辨識系統實測結果 81
第五章 結論與建議 83
5.1研究貢獻 83
5.2研究困難與限制 83
5.3後續研究建議 84
參考文獻 85
I中文部分 85
II英文部分 85
III網站部分 88
附錄A、問卷調查結果列表 89
附錄B、問卷調查範本 101
作者簡介 109

I中文部分
[1]Project Management Institute著，吳俊德、蘇佳慧 譯 ，「PMBOK Guide 2000 專案管理知識體系導讀指南」，博頡策略顧問股份有限公司，民國91年。
[2]林信惠、黃明祥、王文良，「軟體專案管理」，智勝文化事業有限公司，民國91年。
[3]Gido & Clements 著，宋文娟 譯，「專案管理」，滄海書局，民國93年。
[4]Pankaj Jalote 著，沈君豪、楊博裕、陳志良 譯，「CMM最佳實務」，維科圖書有限公司，民國92年。
[5]提摩西．李斯特、湯姆．狄馬克 著，錢一一 譯，「與熊共舞」，經濟新潮社，民國93年
[6]酒井 隆 著，賴虹燕 譯 ，「問卷設計、市場調查與統計分析實務入門」，博誌文化股份有限公司，民國93年

II英文部分
[7]Preston G. Smith, Guy M. Merritt, “Proactive Risk Management”, Productivity Press, 2002。
[8]Tom Kendrick, “Identifying and Managing Project Risk”, AMACOM, 2003。
[9]Dale F. Copper, Stephen Grey, Geoffrey Raymond, Phil Walker，“Project Risk Management Guildlines”, John Wiley & Sons, Ltd, 2004。
[10]Bruce T. Barkley, “Project Risk Management,” McGraw-Hill Companies, Inc. 2004。
[11]Mark Keil, Paul E. Cule, Kalle Lyytinen, Roy C. Schmidt, “A Framework for Identifying Software Project Risks,” Communication of the ACM, Vol. 41, No.11, November 1998。
[12]Linda Wallace, Mark Keil, “Software Project Risks and Their Effect on Outcomes,” Communication of the ACM, Vol. 47, No.4, April 2004。
[13]Linda Wallace, Mark Keil, Arun Rai, “Understanding software project risk: a cluster analysis”, Information & Management, March 2004
[14]Linda Wallace, Mark Keil, Arun Rai, “How Software Project Risk Affects Project Performance: An Investigation of the Dimensions of Risk and an Exploratory Model,” PMI-ISSIG, Volume 35 Number 2, Spring 2004。
[15]James J. Jiang, Gary Klein, T. Selwyn Ellis, ” A Measure of Software Development Risk,” IEEE, 2001.
[16]IEEE Software, “Software’s Ten Essentials,” IEEE Software Vol. 14, No.2, March /April 1997。
[17]DOD, “Risk Management Guide for DOD Acquisition,” Department of Defense Defense Acquisition University， June 2003
[18]Audrey J. Dorofee, Julie A. Walker, Christopher J. Alberts, Ronald P. Higuera, Richard L. Murphy, Ray C. Williams, “Continues Risk Management Guidebook,” SEI (Software Engineering Institute), June 1996。
[19]Ronald P. Higuera, Yacov Y. Haimes, “Software Risk Management,” SEI (Software Engineering Institute), June 1996。
[20]Geoffrey G. Roy，〝A Risk Management Framework for Software Engineering Practice〞 ASWEC’04，IEEE，2004。
[21]Roger S. Pressman，〝Software Engineering: A Practitioner s Approach〞 5th Edition，McGraw-Hill，2001。
[22]Marvin J. Carr, Suresh L. Konda, Ira Monarch, F. Carol Ulrich, Clay F. Walker, “Taxonomy-Based Risk Identification,” SEI (Software Engineering Institute), June 1993.
[23]IEEE-SA Standard Board – IEEE 12207, “IEEE Standard for Software Life Cycle Processes – Risk Management,” IEEE Std 1540-2001.
[24]F. Michael Dedolph, ”The Neglected Management Activity: Software Risk Management,” Bell Labs Technical Journal 8(3), 91-95, 2003。
[25]CMMI Product Development Team, “CMMI-SE/SW/IPPD,” Software Engineering Institute, November, 2000。
[26]The Standish Group,” CHAOS: A Recipe of Success,” The Standish Group, 1999。
[27]Tom Addison, Seema Vallabh, “Controlling Software Project Risks – an Empirical Study of Methods used by Experienced Project Managers,” SAICSIT, Page 128-140, 2002.
[28]Jaak Jurison, “Software Project Management: The Manager’s View,” Communications of the Association for Information Systems (CAIS), Vol. 2, Article 17, September 1999.
[29]Roy Schmidt, Kalle Lyytinen, Mark Keil, Paul Cule,” Identifying Software Project Risks: An International Delphi Study,” Journal of Management Information Systems, Vol. 17, No. 4, Page 5-36, Spring, 2001.
[30]Sanjay Mrthi,” Preventive Risk Management for Software Projects,” Vol. 33, No. 3, Page 30-41, PMI, 2002.
[31]Boehm, B.W. “Software Risk Management: Principles and Practices,” IEEE Software. 8,1 (1991) 32-41。

III網站部分
[32]The Standish Group, http://standishgroup.com//