Commentary - Given the state of the current global economy, there’s been a lot of talk about the need for “proper risk analysis” lately. The concept of risk analysis and management has been around for many years but still is not executed well within the software industry. One of the main reasons for this slow adoption is the relatively low cost of R&D in software as compared to industries such as pharmaceuticals or oil and gas exploration. However, as the software industry landscape becomes more competitive, as technology advances ever faster, and as the risk of having your product illegally distributed increases, more software companies are realizing the significance of investing in risk analysis tools before they embark on a project.
While quantitative, probabilistic risk modeling techniques like Monte Carlo simulation and decision trees are used extensively across many industries to evaluate the outcomes of projects, the 2008 financial meltdown and the current economic crisis have increased the demand for risk analysis tools significantly in the software industry. Unlike other industries, the software industry is fortunate to not have a lot of manufacturing costs, but the timelines in this industry are lightning fast. Technology becomes out of date almost as soon as it is released, and it is particularly susceptible to copycat competitors who can appear to replicate functionality at a lower price.
Another risk that software companies face is casual copying, or, more harshly, piracy. Most people don’t buy software in order to illegally copy and sell it, which is the traditional piracy model. However, many people buy it with the intention of using it on multiple computers for multiple people, without fully understanding the limitations on the license they purchased for the price they paid. This casual copying can cost software companies a lot, so steps must be taken to prevent it. Unfortunately, these steps (such as locking software to a particular computer) can sometimes be inconvenient to customers, despite the fact that such security measures are commonplace.. Therefore, more software companies are performing risk analysis to make better-informed decisions using the information at hand.
While there are many benefits of conducting risk analysis, the top five benefits include:
1. Identifying pitfalls and uncovering opportunities you didn’t know existed
2. Understanding the risk factors that are the most important and have the biggest impact on the bottom line
5. Getting buy-in from those on your team when implementing a project
The downfalls of not conducting risk analysis can be significant. Not to oversimplify, but the entire financial crisis had roots in improper or nonexistent risk analysis. Risks were ignored for the sake of short-term profitability, simply stated. Not doing risk analysis means ignoring what could happen. By ignoring what could happen, companies fail to plan and are surprised when the unexpected inevitably strikes.
A technique such as Monte Carlo simulation can not only help organizations identify all possible outcomes that might occur, but how likely each is to occur. A computerized mathematical technique, Monte Carlo simulation enables organizations to account for risk in quantitative analysis and decision-making. It furnishes the decision-maker with a range of possible outcomes and the probabilities they will occur for any choice of action. It shows the extreme possibilities—the outcomes of going for broke and for the most conservative decision—along with all possible consequences for middle-of-the-road decisions.
The technique works by substituting ranges for values for uncertain inputs in a model, then sampling from those ranges over and over to record new outcomes each time. This is the simulation itself, and the result is a range – or distribution – of possible outcomes and associated probabilities. It is a highly flexible tool used extensively in risk management to gain insight into what could happen so that resources can be allocated more effectively, better strategies designed, mitigation plans developed, and better decisions made.
Today, organizations are focusing on methodologies that can help them assess the risks more accurately. By exploring the full space of possible outcomes for a given situation, a good risk analysis can both identify pitfalls and uncover new opportunities for the software industry. To deliver software projects on time and remain profitable, software companies need to pay more attention to evaluating holistic, enterprise risk. Risk cannot always be divided into separate categories. All risks are interrelated, and so too must an organization’s risk modeling. One of the key concepts to pay attention to is the necessity to model correlations – or dependent relationships – between risks. For example, it’s unrealistic to assume that what goes on in the legal risk department is not going to affect what happens in R&D risk. Software organizations must build new models to unify these different areas of risk.
Randy Heffernan is vice president at Palisade Corporation, a provider of risk analysis and decision support software for Fortune 500 companies in finance, oil and mineral exploration,, real estate, heavy manufacturing, pharmaceuticals and aerospace.