KNOWLEDGE MAPPING PROCESS MODEL FOR RISK MITIGATION IN SOFTWARE MANAGEMENT

As software organizations try to mitigate operational and technical risk that occurs when using software, there is need to develop a knowledge intensive system to assist team members in mitigating both operational and technical risk. Knowledge mapping in risk mitigation context is in its infancy and has the potential to address both operational and technical risk faced by software organizations. However, as the amount and depth of organizational knowledge increases, it poses some challenges to software organizations. The key challenges for knowledge intensive organizations are how to identify, assimilate, disseminate, and apply these risk knowledge; particularly between different team members in same software development project. Thus this paper proposes a knowledge mapping process model to assist in mitigating risk (operational and technical) that occurs in software organizations. Knowledge mapping is the field within Knowledge Management (KM) that aims to optimize the efficient and effective use of the organization’s knowledge. The mapping process model can support software management teams in measuring and treating risk, thus aiding decision making in software management. Data was collected using semi-structured interview through case study. The interview transcripts were coded and categorized using Nvivo software.


INTRODUCTION
Risks are very likely to happen when projects proceed, affecting the progress and outcome of the projects.Thus software risks are uncertain events that have negative impact on goals of software project (Wang & Cheng, 2008;Noraini, Bokolo, Rozi & Masrah, 2015).Risk mitigation in software management involves identifying, analysing, evaluating, treating, monitoring and reviewing risk (Yildiz, Dikmen, Birgonul, Ercoskun & Alten, 2014).In mitigating identified risk there is need for software practitioners to be supported by a knowledge source.Where knowledge can be classified as Know-What, Know-Why, Know-How and Know-Who.The most important responsibilities of knowledge mapping are to visualize knowledge for knowledge seekers.
Knowledge mapping process model for risk mitigation in software management 2 According to Davenport and Prusak (1998) knowledge is a mixture of experience, values, contextual information, and expert insight that provides a basis for evaluating and incorporating new experiences and information.It originates and is applied in the minds of knowers.In software organizations, it often becomes embedded not only in documents or repositories but also in organizational routines, processes, practices.Knowledge mapping is one way that allows risk knowledge to be represented graphically through nodes to represent main ideas and links leading to representing the relationships between the ideas (Balaid, Rozan & Abdullah, 2014).
Knowledge mapping aims to integrating key project risk components and technologies for the effective improvement of project risk mitigation in software projects.Knowledge has been emphasized as an intellectual capital because it can be identified, captured, codified, transferred and used by software team members in mitigating risk in their organizations (Krb´alek & Vacek, 2012).Knowledge mapping in risk mitigation aims to optimize the efficient and effective use of an organizations' knowledgebase in mitigating risk.Knowledge mapping addresses the question of how one can best establish the risk knowledge that is available within an organization (Suresh & Egbu, 2004).Knowledge mapping of any software organisation knowledge in mitigating risk is implemented by developing a knowledge maps.This involves locating important knowledge within the organization and then publishing some sort of list or picture that shows where to find it (Suresh & Egbu, 2004).Knowledge maps typically point to people as well as to documents and databases.Therefore knowledge is recognized as a key strategic resource for successful projects and a critical resource of sustainable competitive advantage (Yun, Shin, Kim & Lee, 2011).
Software management (SM) comprises the knowledge, procedures, and tools required to manage the development of quality software products.Software management directs software development teams to produce plans for software development (Bokolo & Noraini, 2015).SM ensures that software project activities follow certain procedure, the activities are usually organized in different phases, and the process requires what modules should be developed and delivered in each phase (Noraini & Bokolo, 2015).By mitigating these risks, software team members can guard against poor decision making and accidental exposure to risk magnitudes, as well as meet its objectives in delivering quality software to end-users.The rest of this paper is organized as follows.The second section describes related works.The third section describes the research methodology; the fourth section describes the application of knowledge mapping process model for risk mitigation in software management.The fifth Section presents the research implication and limitation.The last section is the discussion and conclusion of the research paper.

RELATED WORKS
The introduction of knowledge concepts into software management in this paper is aimed at mitigating both operational and technical risks and provides supports on decision making to software practitioners in software project (Ermine, Boughzala & Tounkara 2006).Knowledge mapping in software management process helps software practitioners identify risky tasks that require additional knowledge concepts, which can be considered as an initiative for managing software project (Rodríguez-Elias, 3 Martínez-García, Vizcaíno, Favela, & Piattini, 2005;Charles, 2008).Based on the risk measurement, software practitioners can take rational and efficient decisions to support the software development process.Software management is knowledge intensive, and thus knowledge mapping can assist software team members understand knowledge flow in mitigating risk to use software efficiently and also develop quality software.
Knowledge mapping is the field within knowledge management that aims to optimize the efficient and effective use of the organization's knowledge (Suresh & Egbu, 2004).Knowledge maps usually point to people as well as to documents and databases.Knowledge, and its appropriate management, is recognized as a key strategic resource for successful projects and a critical resource of sustainable competitive advantage (Yun et al., 2011).This section proceeds to review previous studies related to this research domain.

Knowledge Mapping in Software Process
This sub section presents existing studies that utilized knowledge mapping to facilitate software process.Presently there have been a few studies that utilizes knowledge mapping in software process.Such research studies include the work of Érica, Ricardo and Nandamudi (2015) where the authors researched on knowledge management initiatives in software testing by applied knowledge management (KM) principles and techniques to manage software testing knowledge in their research.However the authors only utilized secondary data derived from a comprehensive literature review.
Balaid, Rozan and Abdullah (2014) described the influential factors of knowledge maps adoption in software development organizations using a pilot case study to present their findings.Through the pilot case study of knowledge maps adoption in software organizations, they identified the key factors that influencing the adoption of knowledge maps in software development organisations.Fabri, L'Erario, Domingues & Trindade (2009) presented a concept maps model applied to software process improvement.The researchers proposed how knowledge management and conceptual maps concepts can be used in the replication of knowledge among an organization of software production and its affiliates.Fabri et al. (2009) showed how knowledge management and conceptual maps can be used in the replication of knowledge among an organization of software production and its affiliates.The developed model utilized knowledge management and concept maps to improvement software process.The authors went further to analyze the effectiveness of their model in a case study.Rodríguez-Elias et al. (2005) constructed a knowledge map for software maintenance organization by developing a prototype of the knowledge management system based on a multi-agent architecture where there is an agent that plays the role of assistant of a member of the maintenance team using knowledge mapping.Their methods and tool help software maintainers reduce the time needed to do their jobs can provide major benefits to software organizations.The authors adopted a qualitative and theoretical research to develop the knowledge map for software maintenance.Although knowledge mapping technique has been utilized previously in software process as seen in this section, none of the previous researchers has applied knowledge mapping technique in software management process.Thus this research papers aimed to present how knowledge mapping in software management process domain.Also the reviewed studies presented by Érica et al. (2015); Balaid et al. (2014); Fabri et al. (2009);Rodríguez-Elias et al. (2005) all utilized secondary data from literature review and qualitative research method similar to this research study.

Software Risk Mitigation and Knowledge Mapping
In this sub section this paper explores on previous studies that adopt knowledge mapping for risk mitigation in software processes, where knowledge mapping has been used as knowledge management techniques by other researcher.Thus this section reviews the utilization of knowledge mapping by previous researchers in risk management and mitigation processes.Kerzazi and Robillard (2010) developed a new approach to software process modelling, which enables the mapping of knowledge required by the activity roles and stored into the activity input artifacts.In their approach the information is fed into a dashboard, which outlines any knowledge discrepancies within the software process model and enables process manager to manage risks associated to knowledge within a given task.
Tien-Cheng, Chuang and Wen ( 2009) suggested applying knowledge mapping to build a knowledge Map of project risk management for research and development using mind mapping technique.The researchers aim to build a knowledge map that transforms tacit knowledge into explicit knowledge.Such transformation can clearly display tacit knowledge by texts, categories, and graphics.Yildiz et al. (2014) proposed a knowledge-based risk assessment mapping tool to systematically assess risk-related to variable that may lead to cost overrun.The tool uses the best available knowledge within the company and helps the decision-makers to establish the context for solving risk during projects.The tool uses a database which captures and stores lessons learned from previous projects and enables learning from previous projects to support decision making in forthcoming projects if needed.
Johnson (2010) suggested a conceptual mapping for risk management by mining the risk data from the knowledgebase thus discovering large amount of risk data.Yun et al. (2011) presented a knowledge mapping models as an approach to integrating key project components and technologies for the effective improvement of project performance within and across IT projects.The researcher mentioned that knowledge is recognized as a key strategic resource for successful projects and a critical resource of sustainable competitive advantage.Dilbag and Pradeep (2012) recommended the conceptual mapping of risk management concepts and techniques using data mining in risk identification, risk analysis, risk prioritization, risk planning and risk monitoring.The researchers used knowledge mapping to show the relationship among each risk process meaning that risks can be managed with the help of conceptual data mapping.
Dang, Zhang, Hu, Brown and Chen (2011) developed a web-based knowledge mapping system that provides interactive search and analysis on various project document sources.The researchers claimed their study addresses several gaps in knowledge and illustrates desirability of using the design approach to design, implement, and evaluate an advanced information system for decision making.Wang and Cheng (2008) proposed a risk mapping using a web-based spatial decision support services approach to provide user with a decision-making environment that enables the analysis of geographical information to be carried out in a flexible organisations critical knowledge sources and locations.
Although knowledge mapping technique has been utilized previously in software process as seen in this section none of the previous researchers has applied knowledge mapping technique for mitigating risk that occurs in software management process.Thus this research papers aimed to present how knowledge mapping can be applied to mitigating risks that occurs in software management process domain.

Purpose of Knowledge Mapping for Risk Mitigation in Software Management
Knowledge mapping can identify barriers to the flow of sustainable knowledge within and across organisations.It also helps make knowledge quicker and easier to find and access.It identifies the utility of critical sustainable knowledge, and also highlights where the important knowledge is, and where the redundant knowledge resides within and across organisations for risk mitigation.Table 1 shows the purpose of knowledge mapping for risk mitigation in software management.Knowledge mapping process model for risk mitigation in software management 6 3. Knowledge maps are used to document the skills, techniques, positions, job experience and even career path of various individuals, such as software architects, software engineering designers, software quantity testers, software project managers, software managers.4. Knowledge maps aid effectively shows the networks of knowledge and the patterns of relationships between organizations, their members and other social entities.5. Knowledge maps are a critical tool to visualize and codify knowledge in projects and organizations, key project resources and technologies must be considered and integrated in project-based K-mapping.

Potential Benefits of Knowledge Mapping for Risk Mitigation in Software Management
Table 2 shows the potential benefits of knowledge mapping for risk mitigation in software management Table 2 Benefits of knowledge mapping for risk mitigation in software management (Suresh & Egbu, 2004) Function Benefits

To identify knowledge gaps
Identifies what knowledge is needed to support overall risk mitigation, team decision and individual activities.
To identify risk knowledge assets It provides the inventory of knowledge assets allowing them to become more visible.

To identify risk knowledge flow
It provides a map of knowledge flow within and across the software development process.To identify untapped knowledge It reveals pockets of knowledge that are not being used for organizational advantages.Also suggests potential re-use or better use of valuable knowledge.

For team building
It reduces barriers between team members.By helping to create shared understanding among software teams.

Provides knowledge Context
Provides contexts for existing knowledge and information resources.It also increases reliability and value of knowledge.

Knowledge accessible in time
Makes essential knowledge resources accessible in a timely way.It improves efficiency and quality of access to the knowledge.

Understanding of the context
Gives team members an understanding of the context of risk mitigation, thus enhances decision-making.

RESEARCH METHODOLOGY
This research study adopts a qualitative research method as shown in Figure 1.
Figure 1 Research methodology used for this research paper Figure 1 shows the research methodology adopted for this paper which is qualitative research.A qualitative research approach was carried out using case study to gain relevant and in-depth data, understanding of software practitioners experiences (people), technology, process, procedure, measurement, methods, technique and insights in risk mitigation practices in their organizations.This research is aligned to participatory paradigm, since informants are involved to provide primary data on how they mitigate risk in their organization.
Where the participatory paradigm allows freedom to use any of the methods; techniques and procedures typically associated with qualitative research, thus recognizing that every method has its limitations and that the different approaches can be complementary (Creswell, 2009).In this research secondary data was collected from existing literatures on risk mitigation practice in organizations, the data was synthesized and extracted as shown in related works Section of this paper.
The Secondary data was later confirmed by collecting primary data through semi structure interview.As stated above this research uses case study.The primary data was analyzed using Nvivo to code or categorize the data on risk mitigation practice into the type of technology used to mitigate risk, the people involved in risk mitigation (internal or external people), techniques, methods, process, procedures, measurement and activities involved or used in mitigating risk.

Case Study
Case study was carried out involving in-depth investigation of practitioners in Malaysian based organization over a period in time.E.g. how they mitigate risk in their organisations.Data was collected using Case study by conducting open ended interview, mainly from informants (IT practitioners and IT experts) in 13 Malaysian organisations.The case study is the combination of the data collected from the pilot and main data collection.The interview is considered open-ended because even though the

Research Techniques
Data collection: Literature review and synthesis, Semi-structured interviews Data analysis: Content analysis using Nvivo

Research Approach (Case Study)
Research Paradigm (Participatory) questions can be scripted, the interviewer usually doesn't know what the contents of the response will be.The interview questions focus more on the participant's experiences, knowledge, skills, ideas and preferences on risk mitigation.
The targeted population for this interview are experienced IT/Software professionals that have in depth knowledge of risk mitigation and management.Additionally, it is assumed that the data derived from the responses given by this sample is sufficient to achieve the goal of developing the proposed model.For sampling strategy purposely sampling is used, in which the informants (IT/ Software practitioners and IT experts) for the interview are selected based on their idea, knowledge and experience in risk mitigation practices in various Malaysian organizations.

Data Analysis
At the end of the data collection process 20 interview transcript was collected back from the 20 informants from 13 various organisations as showed in Table 3.

Table 3 Data collection informants and position
Table 3 shows the informants that were involves in the interview sessions across the organisations.The interview transcripts was analysed using Nvivo software package in categories or codes based on the people involved in risk mitigation, technology used for risk mitigation (ranging from the hardware, software, network communication and other devices), the process, activities, procedures, methods and practices involved in risk mitigation.
Nvivo was used to analyse the interview transcripts in to categories and nodes as shown in Figure 2. Figure 2 shows how Nvivo software was used to present the risk mitigation category or nodes, similar to previous qualitative study carried out by Liana, Joekie, Petra, Flora, and Jozé, (2012).Each category denotes how risk is mitigated in software management process.

# Informants
Thus Figure 2 illustrates the categories derived from Nvivo software.After using Nvivo software to categorize the interview transcript, the data was analysed descriptively and narratively.The coded risk mitigation categories which comprises of people, technology, techniques, methods, management, risk decisions, procedures, activities and measurement are used to analyse the interview transcript.However results of the analysed interview transcript are beyond the scope of the paper and as such were not presented in this paper, although this research paper explained each of the categories gotten from the interview transcripts as explained below.

People
These are software practitioners/team members involve in the risk mitigation in the software organization.

Technology
Comprises the software, hardware, network communication used for mitigating risk in the software organization.

Techniques
Involves techniques that assist in risk mitigation such as spread sheets, focus group, discussions, scenario analysis, brainstorming, lessons learnt, checklist, risk breakdown, inductive reasoning, swot analysis, team meeting, worksheet lists.

Methods
Involves either qualitative or quantitative methods such as interview, questionnaire, workshops, survey used for risk mitigation in software organization.

Management
These are the decision maker or software management board members that endorse rules and regulations that govern the software process in the organization.

Risk Decisions
This is the current risk decision process or software being used for making risk decisions in the organization.

Procedures
This are the step-by-step sequence of events or course of action carried out by software practitioners in mitigating risk in software organizations.

Activities
Refer to the strategies implemented for risk mitigation is in the organization.This activities influence how software practitioners carryout their day-to-day organization task in accomplishing the objectives of their organization.

Measurement
Denotes the present approach utilized by software practitioners in quantifying identified risk in their organization.

KNOWLEDGE MAPPING PROCESS MODEL
Knowledge map shows the relationship between knowledge and their usage.A knowledge map provides indexes to real knowledge, whether it is an actual map, a cleverly constructed database.It is a guide like Yellow Pages that shows where to find resources and knowledge.Figure 3 shows how the knowledge map transforms tacit knowledge into explicit knowledge.The expert software practitioners add the risk information (tacit knowledge) based on their experience, based practices and lesson learnt.Such transformation can clearly display tacit knowledge by texts, categories, and graphics.The risk knowledge (explicit knowledge) is either downloaded or saved and used to mitigate risk by other software practitioners (software manager and software team members/staffs).Thus knowledge mapping is a method of knowledge expression and a mechanism of knowledge storage.Mind mapping was used to build a knowledge map that can be easily understood by software practitioners in the organisation as seen in Figure 3. Figure 3 shows the knowledge mapping process for risk mitigation drawn using Mindjet MindManager tool, the developed risk mitigation knowledge map process model, aids retrieval of relevant knowledge for software practitioners in mitigating risk that occurs in software process in their organization.Figure 4 shows the proposed knowledge mapping process model for risk mitigation in software management.The model comprises of risk identification, risk decision, risk treatment and risk monitoring.Each process is carried out in mitigating risk in software management.The first phase is risk identification which involves registering, starting the risk scope, defining the risk areas and asserting the risk type.
Knowledge mapping process model for risk mitigation in software management

12
The second phase is the risk decision in which decision is made on how to mitigate the risk by starting the risk character description, risk rank classification, risk impact and probability measurement.
The third phase is risk treatment, which includes determining the risk rating, establishing risk priority and implement risk solution.In this stage options are applied on solving the risk.
The last phase is risk monitoring which is mainly carried out to get feedback, implement remedial actions and carrying out communication and consultation on the situation of the risk (Bokolo et al., 2015).
Figure 5 Applying knowledge mapping for risk mitigation in software management Figure 5 illustrates the application of knowledge mapping for risk mitigation in software management process.Figure 5 can be used to implement and code the risk mitigation system facilitated by knowledge mapping technique.Thus Figure 5 shows the architecture design of risk knowledge mapping for mitigating risk that occurs in software management process.It comprises of 7 main modules (risk measurement, risk process, operational/technical risk, access group configuration, risk report and users) as explained in Table 4.

Knowledge Mapping for Risk Mitigation Process Model modules and Descriptions
Based on Figure 5, Table 4 shows the risk mitigation system functions and descriptions.
Table 4 shows the risk mitigation process model modules and descriptions.

Model Modules Description Risk measurement
Contains data on risk impact probability of each risk in the organizations knowledgebase.

Risk process
This module contains data on the mitigation process stating the people involved, time taken, date and tasks carried out to mitigate the risk.Operational/technic al risk Contains data on the risk name, description of the risk and the risk mitigation date.This module collects and saves risk from the experts' users.

Access group
Contains data on the access name, default name and number of the group.The system will be based on 4 access groups namely; Software Manager, Software Staff, Software Experts and the Admin User.

Configuration
Contains data on the system name, time of the country were the system is used and language of the system which are English and Malay.

Risk report
Contains data on the risk report that is to be downloaded/printed by software practitioners, stakeholders or decision makers to aid in mitigating risk.It contains the risk name, people involved, risk document, mitigation description (risk advice) and risk comment.

Users
Contains basic information of software practitioners such as the username, group and photo of users of the system.

DISCUSSION
The need for increased transparency and reduction of complexity has often been created by the use of knowledge mapping tools.Knowledge mapping is an approach for creating structure out of an overabundance of potentially useful information.It is a method for coordinating, simplifying, highlighting, and navigating in complex knowledge contexts.Effective knowledge mapping can produce economic, structural, organizational and knowledge returns for organisations (Charles, 2008).A knowledge map makes important knowledge about an essential business activity available to the organisation in an organized, explicit, and usable form.Its main benefit is better coordinated, more efficient, purposeful, and consistent work.The knowledge map creates a shared context for employees whose work is interdependent, though the individual employees themselves may be separated by distance, organizational structure, and even language (Bokolo, Noraini, Teh, Rozi, and Yusmadi, 2015) Knowledge mapping can identify the organisations critical knowledge sources and locations.This can be people, relationships, artefacts etc.Also, it identifies current and future knowledge gaps within and across the organisations.Knowledge mapping can identify barriers to the flow of sustainable knowledge within and across organisations.It also helps make knowledge quicker and easier to find and access.It identifies the utility of critical sustainable knowledge, and also highlights where the important knowledge is, and where the redundant knowledge resides within and across organisations for risk mitigation.Knowledge mapping is the process, methods and tools for analysing knowledge areas in order to discover features or meaning and to visualize them in a comprehensive, transparent form such that the business-relevant features are clearly highlighted, thus it's a decision support tool (Charles, 2008).
Knowledge for mitigating risk can be obtained from documents, people, and organizations.This knowledge can be discovered in work procedures and organization rules.If organization members can learn fast what risks are, and how to prevent those risks, they can apply the knowledge into risk mitigation process (Bokolo et al., 2015).
Therefore, it is of great importance to accumulate, share and learn the risk knowledge in software organizations.The flowing of the knowledge can help software team members to get useful information in right time and to make quick response, the main works of mapping knowledge for risk mitigation focus on collecting different risk information of potential risks and then applying these risk knowledge in software management.Thus knowledge map is an efficient medium to reduce risks of software management projects.

RESEARCH IMPLICATION AND LIMITATION
This study aims to utilize knowledge mapping technique to mitigate risk in software management process, thus assisting software practitioners in identifying potential risk, making decisions on how to treat the risk and lastly monitoring/reporting the risk.The model is facilitated by knowledge mapping which is based on knowledge management theory.The model aids software practitioners in implementing risk mitigation process to resolve identified risk.Every research has limitation(s) and this research study is no exception.Therefore this research possesses some limitations due to the fact that this research study did not highlight the software management process type.This study did not specify if the proposed process model is aimed at supporting software practitioners when they develop software or is the process model aimed at supporting software practitioners when they use already developed software to carry out their organizational development process.
Another implication of this research is that, the study only utilized qualitative data by collecting data using interview from 20 informants in 13 different organizations, the analysed data cannot be generalized, because data from quantitative method such as survey may present a different results.Lastly the data was collected from practitioners in Malaysian based organization only.Therefore the results are only conclusive for Malaysia and cannot be generalized to other countries.

CONCLUSION AND FUTURE WORK
In conclusion the complexity of risk mitigation in software process makes it difficult for software project manager and software practitioners to deal effectively with decision making relating to operational and technical risk.Difficulty in linking data, analysis tools and models across software organization is one of the barriers to be overcome in developing a model using knowledge mapping for mitigating risk in software management process.The developed model can assist collaborative decision-making, by supporting distributed data sharing and services.Applying knowledge mapping for risk mitigation provides a comprehensive environment for mitigating risk through integrated information retrieval, information sharing for efficient risk measurement and risk treatment in software management process.
The proposed Knowledge mapping process model for risk mitigation in software management is shown in Figure 4.The model can provide information on each process activities to be implemented in mitigating technical and operational risk in software management process.Figure 5 shows the application of knowledge mapping to show the functionalities in the risk mitigation system tool.Future work will involve the implementation of a risk mitigation system (RMS) as a web based tool to aid in the mitigation of risk in software management.The risk mitigation system will be developed using PHP MySQL and HTML/JavaScript.The system will assist in mitigating operational and technical risk in software management, thus aiding risk mitigation in software management process.

Figure 3
Figure 3 Knowledge mapping process for risk mitigation

Figure 4
Figure 4 Knowledge mapping process model for risk mitigation in software management

Table 1
Key purpose and principle of knowledge mapping for risk mitigation in software management Knowledge mapping can be applied in software management by software practitioners utilizing the knowledge map.The knowledge map can locate credible tacit knowledge from experts' practitioners to novice software practitioners.

of Knowledge Map for Risk Mitigation in Software Management 1
. Knowledge maps are used to visualize risk knowledge and knowledge resources in software project or business processes in software organizations.2. Knowledge maps are used for content management of knowledge as a method of hierarchically organizing and classifying knowledge contents.