Risk Management is an integral part of every project. Risk management must estimate the risks’ significance, especially in the SDLC process, and mitigate those risks. Since 2016, many papers and journals have researched planning, design, and risk control in software development projects over the last five years. This study aims to find the most exciting topics for researchers in risk management, especially in software engineering projects. This paper takes a systematic approach to reviewing articles containing risk management in software development projects. This study collects papers and journals included in the international online library database, then summarizes them according to the stages of the PICOC methodology. This paper results in the focus of research in the last five years on Agile methods. The current issue is that many researchers are trying to explicitly integrate risk management into the Agile development process by creating a comprehensive risk management framework. This SLR helps future research get a theoretical basis to solve the studied problem. The SLR explains the focuses of previous research, analysis of research results, and the weaknesses of the investigation. For further study, take one of the topic papers, do a critical review, and find research gaps.

risk management; project; software development; systematic literature review; SLR

S. L. Fahrenkrog, D. Bolles, J. D. Blaine, and C. Steuer, “PMBOK®guide: an overview of the changes,” Project Management Institute, Newtown Square, US, 2004.

S. Chaouch, A. Mejri, and S. A. Ghannouchi, “A framework for risk management in Scrum development process,” in Procedia Computer Science, 2019, vol. 164, pp. 187–192. doi: 10.1016/j.procs.2019.12.171.

L. Sarigiannidis, P. D. Chatzoglou, and others, “Software development project risk management: A new conceptual framework,” Journal of Software Engineering and Applications, vol. 4, no. 05, p. 293, 2011.

S. Rizky and others, “Konsep dasar rekayasa perangkat lunak,” Jakarta: Prestasi Pustaka, 2011.

T. Rudy, “Manajemen Proyek Sistem Informasi, bagaimana mengolah proyek sistem informasi secara efektif & efisien,” Andi Offset: Yogyakarta, 2016.

D. Crnković and M. Vukomanović, “Comparison of Trends in Risk Management Theory and Practices Within the Construction Industry,” Elektronički časopis građevinskog fakulteta Osijek, no. December 2016, pp. 1–11, 2016, doi: 10.13167/2016.13.1.

J. Partogi, “Manajemen Modern dengan Scrum,” Yogyakarta: Penerbit Andi, 2015.

B. Verma, M. Dhanda, B. Verma, and M. Dhanda, “A review on risk management in software projects,” International Journal, vol. 2, pp. 499–503, 2016.

Romi Satria Wahono, “A Systematic Literature Review of Software Defect Prediction: Research Trends, Datasets, Methods and Frameworks,” Andi Offset, vol. 1, no. 1, pp. 1–16, 2015, [Online]. Available: https://www.researchgate.net/publication/275945834_A_Systematic_Literature_Review_of_Software_Defect_Prediction_Research_Trends_Datasets_Methods_and_Frameworks

B. Kitchenham and S. Charters, “Guidelines for performing systematic literature reviews in software engineering,” 2007.

S. Sharma and B. Ram, “Causes of human errors in early risk assesment in software project management,” in ACM International Conference Proceeding Series, 2016, vol. 04-05-Marc, pp. 1–11. doi: 10.1145/2905055.2905069.

R. Gandhi, M. Germonprez, and G. J. P. Link, “Open Data Standards for Open Source Software Risk Management Routines,” in Proceedings of the 2018 ACM Conference on Supporting Groupwork, Jan. 2018, pp. 219–229. doi: 10.1145/3148330.3148333.

N. D. Linh, P. D. Hung, V. T. Diep, and T. D. Tung, “Risk Management in Projects Based on Open-Source Software,” in Proceedings of the 2019 8th International Conference on Software and Computer Applications, Feb. 2019, vol. Part F1479, pp. 178–183. doi: 10.1145/3316615.3316648.

S. Santos, F. Carvalho, Y. Costa, D. Viana, and L. Rivero, “Risking: A game for teaching risk management in software projects,” in Proceedings of the XVIII Brazilian Symposium on Software Quality, Oct. 2019, pp. 188–197. doi: 10.1145/3364641.3364662.

C. M. Tae, P. D. Hung, and L. D. Huynh, “Risk Management for Software Projects in Banking,” in PervasiveHealth: Pervasive Computing Technologies for Healthcare, Feb. 2020, pp. 65–69. doi: 10.1145/3387263.3387268.

P. Kumar, S. Gupta, M. Agarwal, and U. Singh, “Categorization and standardization of accidental risk-criticality levels of human error to develop risk and safety management policy,” Safety Science, vol. 85, pp. 88–98, Jun. 2016, doi: 10.1016/j.ssci.2016.01.007.

E. Han, A. V. M. Ines, and W. E. Baethgen, “Climate-Agriculture-Modeling and Decision Tool (CAMDT): A software framework for climate risk management in agriculture,” Environmental Modelling & Software, vol. 95, pp. 102–114, Sep. 2017, doi: 10.1016/j.envsoft.2017.06.024.

C. F. Oduoza, O. Odimabo, and A. Tamparapoulos, “Framework for Risk Management Software System for SMEs in the Engineering Construction Sector,” Procedia Manufacturing, vol. 11, no. June, pp. 1231–1238, 2017, doi: 10.1016/j.promfg.2017.07.249.

S. V. Shrivastava and U. Rathod, “A risk management framework for distributed agile projects,” Information and Software Technology, vol. 85, pp. 1–15, 2017, doi: 10.1016/j.infsof.2016.12.005.

W. S. Wan Husin, Y. Yahya, N. F. Mohd Azmi, N. N. Amir Sjarif, S. Chuprat, and A. Azmi, “Risk management framework for distributed software team: A case study of telecommunication company,” in Procedia Computer Science, 2019, vol. 161, pp. 178–186. doi: 10.1016/j.procs.2019.11.113.

V. Vujović et al., “Project planning and risk management as a success factor for IT projects in agricultural schools in Serbia,” Technology in Society, vol. 63, no. August, p. 101371, Nov. 2020, doi: 10.1016/j.techsoc.2020.101371.

A. S. Filippetto, R. Lima, and J. L. V. Barbosa, “A risk prediction model for software project management based on similarity analysis of context histories,” Information and Software Technology, vol. 131, Mar. 2021, doi: 10.1016/j.infsof.2020.106497.

U. I. Janjua, J. Jaafar, and F. W. Lai, “Expert’s opinions on software project effective risk management,” in 2016 3rd International Conference on Computer and Information Sciences (ICCOINS), Aug. 2016, pp. 471–476. doi: 10.1109/ICCOINS.2016.7783261.

T. Lueddemann, S. Sahin, J. Pfeiffer, and T. C. Lueth, “Experimental evaluation of a novel ISO 14971 risk management software for medical devices,” in 2016 IEEE/SICE International Symposium on System Integration (SII), Dec. 2016, pp. 162–167. doi: 10.1109/SII.2016.7843992.

Y. Hsu, M.-F. Hsu, and S.-J. Lin, “Corporate risk estimation by combining machine learning technique and risk measure,” in 2016 IEEE/ACIS 15th International Conference on Computer and Information Science (ICIS), Jun. 2016, pp. 1–4. doi: 10.1109/ICIS.2016.7550763.

K. Ghane, “Quantitative planning and risk management of agile software development,” in 2017 IEEE Technology and Engineering Management Society Conference, TEMSCON 2017, Jun. 2017, pp. 109–112. doi: 10.1109/TEMSCON.2017.7998362.

A. Aslam et al., “Decision Support System for Risk Assessment and Management Strategies in Distributed Software Development,” IEEE Access, vol. 5, pp. 20349–20373, Oct. 2017, doi: 10.1109/ACCESS.2017.2757605.

M. Pasha, G. Qaiser, and U. Pasha, “A Critical Analysis of Software Risk Management Techniques in Large Scale Systems,” IEEE Access, vol. 6, no. c, pp. 12412–12424, 2018, doi: 10.1109/ACCESS.2018.2805862.

A. Boranbayev, S. Boranbayev, A. Nurusheva, K. Yersakhanov, and Y. Seitkulov, “A Software System for Risk Management of Information Systems∗,” in IEEE 12th International Conference on Application of Information and Communication Technologies, AICT 2018 - Proceedings, Oct. 2018, pp. 1–6. doi: 10.1109/ICAICT.2018.8747045.

P. Gouthaman and S. Sankaranarayanan, “Agile software risk management architecture for IoT-fog based systems,” in Proceedings of the International Conference on Smart Systems and Inventive Technology, ICSSIT 2018, Dec. 2018, pp. 48–51. doi: 10.1109/ICSSIT.2018.8748457.

O. E. Lieh and Y. Irawan, “Exploring Experiential Learning Model and Risk Management Process for an Undergraduate Software Architecture Course,” in 2018 IEEE Frontiers in Education Conference (FIE), Oct. 2018, vol. 2018-Octob, pp. 1–9. doi: 10.1109/FIE.2018.8659200.

Y.-T. Chen, “Modeling Information Security Threats for Smart Grid Applications by Using Software Engineering and Risk Management,” in 2018 IEEE International Conference on Smart Energy Grid Engineering (SEGE), Aug. 2018, pp. 128–132. doi: 10.1109/SEGE.2018.8499431.

A. Senkov, “Intelligent Software Platform and End-Point Software for Risk Management,” in 2018 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon), Oct. 2018, no. 16, pp. 1–5. doi: 10.1109/FarEastCon.2018.8602702.

M. Hammad, I. Inayat, and M. Zahid, “Risk management in agile software development: A survey,” in Proceedings - 2019 International Conference on Frontiers of Information Technology, FIT 2019, Dec. 2019, pp. 162–166. doi: 10.1109/FIT47737.2019.00039.

V. Muntés-Mulero et al., “Agile risk management for multi-cloud software development,” IET Software, vol. 13, no. 3, pp. 172–181, Jun. 2019, doi: 10.1049/iet-sen.2018.5295.

V. G. Psoyants, A. I. Taganov, A. N. Kolesenkov, and I. v. Bodrova, “Risk Management Technology of Software Project Sustainability in Fuzzy Conditions,” in 2019 8th Mediterranean Conference on Embedded Computing (MECO), Jun. 2019, no. June, pp. 1–4. doi: 10.1109/MECO.2019.8760176.

V. Machado, P. Afonso, and H. Costa, “Risk Catalogs in Software Project Management,” in 2019 XLV Latin American Computing Conference (CLEI), Sep. 2019, vol. 2019-Janua, pp. 1–10. doi: 10.1109/CLEI47609.2019.9089044.

F. Wiesweg, A. Vogelsang, and D. Mendez, “Data-driven Risk Management for Requirements Engineering: An Automated Approach based on Bayesian Networks,” Proceedings of the IEEE International Conference on Requirements Engineering, vol. 2020-Augus, pp. 125–135, 2020, doi: 10.1109/RE48521.2020.00024.

A. Puri and S. Sharma, “Risk Management in Software Engineering Using Big Data,” in Proceedings of International Conference on Intelligent Engineering and Management, ICIEM 2020, Jun. 2020, pp. 63–68. doi: 10.1109/ICIEM48762.2020.9160170.

E. Khanna, R. Popli, and N. Chauhan, “Artificial Intelligence based Risk Management Framework for Distributed Agile Software Development,” in 2021 8th International Conference on Signal Processing and Integrated Networks (SPIN), 2021, pp. 657–660.

B. Tenbergen and N. R. Mead, “Adapting a Software Acquisition Curriculum to Instruct Supply Chain Risk Management in a Project-Based Software Development Course,” in 2021 Third International Workshop on Software Engineering Education for the Next Generation (SEENG), 2021, pp. 36–40.

M. I. Lunesu, R. Tonelli, L. Marchesi, and M. Marchesi, “Assessing the Risk of Software Development in Agile Methodologies Using Simulation,” IEEE Access, vol. 9, pp. 134240–134258, 2021, doi: 10.1109/ACCESS.2021.3115941.

S. M. Avdoshin and E. Y. Pesotskaya, “Software Risk Management: Using the Automated Tools,” in CEUR Workshop Proceedings, vol. 963, 2016, pp. 85–97. doi: 10.1007/978-3-319-23929-3_8.

B. Roy, R. Dasgupta, and N. Chaki, “A Study on Software Risk Management Strategies and Mapping with SDLC,” in Advances in Intelligent Systems and Computing, vol. 396, Springer Verlag, 2016, pp. 121–138. doi: 10.1007/978-81-322-2653-6_9.

M. Felderer, F. Auer, and J. Bergsmann, “Risk Management During Software Development: Results of a Survey in Software Houses from Germany, Austria and Switzerland,” vol. 10224, J. Großmann, M. Felderer, and F. Seehusen, Eds. Cham: Springer International Publishing, 2017, pp. 143–155. doi: 10.1007/978-3-319-57858-3_11.

A. Stavert-Dobson, “Software Testing in Clinical Risk Management,” 2016, pp. 233–247. doi: 10.1007/978-3-319-26612-1_16.

D. Książkiewicz, “Risk Factor Classification GEMIO in the Planning Phase of Logistic Project Management,” M. Bąk, Ed. Cham: Springer International Publishing, 2016, pp. 211–219. doi: 10.1007/978-3-319-26848-4_19.

Y.-S. Chen, C.-K. Lin, and H.-M. Chuang, “Improving Project Risk Management of Cloud CRM Using DANP Approach,” in Lecture Notes in Electrical Engineering, vol. 375, 2016, pp. 1023–1031. doi: 10.1007/978-981-10-0539-8_100.

V. Boyko, N. Rudnichenko, S. Kramskoy, Y. Hrechukha, and N. Shibaeva, “Concept Implementation of Decision Support Software for the Risk Management of Complex Technical System,” in Advances in Intelligent Systems and Computing, vol. 512, 2017, pp. 255–269. doi: 10.1007/978-3-319-45991-2_17.

K. A. Demir, “3PR Framework for Software Project Management: People, Process, Product, and Risk,” 2017, pp. 143–170. doi: 10.1007/978-3-319-54325-3_7.

E. E. Odzaly, D. Greer, and D. Stewart, “Agile risk management using software agents,” Journal of Ambient Intelligence and Humanized Computing, vol. 9, no. 3, pp. 823–841, Jun. 2018, doi: 10.1007/s12652-017-0488-2.

T. Hussain, “Risk management in software engineering: What still needs to be done,” in Advances in Intelligent Systems and Computing, 2019, vol. 857, pp. 515–526. doi: 10.1007/978-3-030-01177-2_37.

Y. M. García, M. Muñoz, J. Mejía, G. P. Gasca, and A. Mireles, “Application of a risk management tool focused on helping to small and medium enterprises implementing the best practices in software development projects,” in Advances iGarcía, Y. M., Muñoz, M., Mejía, J., Gasca, G. P., & Mireles, A. (2018). Application of a risk management tool focused on helping to small and medium enterprises implementing the best practices in software development projects. Advances in Intel, 2018, vol. 746, pp. 429–440. doi: 10.1007/978-3-319-77712-2_41.

P.-F. Gu, J.-Z. Tang, W.-H. Chen, and others, “Risk Analysis and Management of Software V&V Activities in NPPs,” in International Symposium on Software Reliability, Industrial Safety, Cyber Security and Physical Protection for Nuclear Power Plant, 2018, pp. 123–128.

O. L. Loaiza and J. M. de León, “Adaptation of open up in the scrum framework to improve compliance in scope, risk management and delivery times in software development projects,” in Proceedings of the Computational Methods in Systems and Software, 2019, pp. 404–418.

D. Ionita, C. van der Velden, H. J. K. Ikkink, E. Neven, M. Daneva, and M. Kuipers, “Towards risk-driven security requirements management in agile software development,” in Lecture Notes in Business Information Processing, 2019, vol. 350, pp. 133–144. doi: 10.1007/978-3-030-21297-1_12.

L. Ferreira, A. Pilastri, C. Martins, P. Santos, and P. Cortez, “A Scalable and Automated Machine Learning Framework to Support Risk Management,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12613 LNAI, 2021, pp. 291–307. doi: 10.1007/978-3-030-71158-0_14.

M. Roy, N. Deb, A. Cortesi, R. Chaki, and N. Chaki, “Requirement-oriented risk management for incremental software development,” Innovations in Systems and Software Engineering, vol. 17, no. 3, pp. 187–204, Sep. 2021, doi: 10.1007/s11334-021-00406-6.

J. Finger, K. Ross, I. Häring, E.-M. Restayn, and U. Siebold, “Open Chance and Risk Management Process Supported by a Software Tool for Improving Urban Security,” European Journal for Security Research, vol. 6, no. 1, pp. 39–71, Apr. 2021, doi: 10.1007/s41125-021-00072-6.

E. Patelli, A Multi-Disciplinary Software Suite for Uncertainty Quantification and Risk Management, no. November. Cham: Springer International Publishing, 2016. doi: 10.1007/978-3-319-11259-6.

A. K. Chinemeze and B. C. Mbam, “Impact of Risk Managementon Software Projectsin Nigeria Using Linear Programming,” no. 7, pp. 142–147, 2019, [Online]. Available: https://www.researchgate.net/profile/Kyrian-Adimora-2/publication/347937527_U0807186192/links/5fe8dfd9299bf14088503489/U0807186192.pdf

A. Iordache and A. Woinaroschy, “Drinking Water Quality Risk Management. Risk Analysis of Nitrogen Groundwater Contamination Using Analytica Software,” Revista de Chimie, vol. 70, no. 11, pp. 3971–3976, Dec. 2019, doi: 10.37358/RC.19.11.7684.

W. Khan, “A Review on Some Pertinent Software Security Risk Management Frameworks,” no. September 2020, pp. 5–10, 2021.

J. Nyfjord, “Towards integrating agile development and risk management,” Institutionen för data-och systemvetenskap (tills m KTH), 2008.

Schwaber Ken and Sutherland Jeff, “Panduan Definitif untuk Scrum: Aturan Permainan,” Scrum.Org, no. November, pp. 1–17, 2020.

A. Moran, “Agile risk management,” in Agile Risk Management, Springer, 2014, pp. 33–60.

M. el Bajta and A. Idri, “Identifying Risks of Software Project Management in Global Software Development: An Integrative Framework,” in Proceedings of the 13th International Conference on Intelligent Systems: Theories and Applications, Sep. 2020, pp. 1–5. doi: 10.1145/3419604.3419780.

M. A. Rafeek, A. F. Arbain, and E. Sudarmilah, “Risk mitigation techniques in agile development processes,” International Journal of Supply Chain Management, vol. 8, no. 2, pp. 1123–1129, 2019.

J. Masso, F. J. Pino, C. Pardo, F. García, and M. Piattini, “Risk management in the software life cycle: A systematic literature review,” Computer Standards and Interfaces, vol. 71. Elsevier B.V., Aug. 01, 2020. doi: 10.1016/j.csi.2020.103431.