Authors
Louise Pryor
Abstract
Operational risk is increasingly coming under the spotlight, and software risk is an important part of it.
In this paper I discuss issues relating to user-developed software, which is increasingly prevalent in a number of important organisational areas. The advantages of user-developed software are clear to see, and are primarily based on the use that is made of the expertise of the users who do the developing, while the disadvantages and risks are likewise based on gaps in that expertise.
Software risks arise from the way that software is used as well as possible bugs in the software itself, and often merge into issues of competitiveness. Risk identification is a vital component of risk management, and a technique based on one used in chemical process plants for many years is applicable to software processes too.
The development and maintenance of user-developed software is one of the important aspects of its use, and is as subject to risk as any other. Many of the risks can best be addressed at the development stage through the application of well thought out processes and standards.
Finally, the main significance of bugs is probably not their presence, but the effort that goes into ensuring their absence. Software engineering techniques can assist with this effort, giving the same level of comfort for less work.
Sample
A simple procedure for making changes to a model might consist of the following:
- The purpose of the desired change in clearly specified (for example, to fix a problem or to introduce new functionality).
- The person with responsibility for maintaining the model approves the change.
- A copy is taken of the existing (working) state of the model.
- The copy is changed to fix the problem or introduce the functionality.
- The changed version is thoroughly tested, both for the effects of the change and for any unwanted and unforeseen side effects.
- The changes made are reviewed by somebody other than the person who implemented it.
- The changed version replaces the existing version of the model.
Publication
2002, General Insurance Convention, August
