MANAGEMENT OF RISK IN ENVIRONMENT OF
DISTRIBUTED SOFTWARE DEVELOPMENT
Results of the Evaluation of a Model for Management of Risk in
Distributed Software Projects
Cirano Soares de Campos and Jorge Luis Nicolas Audy
Faculdade de Informática (FACIN), Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
Av. Ipiranga, n. 6681, Partenon, CEP 90.619-900, Porto Alegre, RS, Brazil
Keywords: Software Project Management, Distributed Software Development, Management of Risks in Software
Projects, Management of Risks in Distributed Software Projects.
Abstract: The objective of this article is to present the results of the evaluation of a model of management of risk for
organizations that work with distributed software development – GeRDDoS. The model proposes the
administration of risks properly aligned among the global unit (head office) and the distributed unit (branch)
executor of the project, emphasizing that the success of the project depends on the success of the actions
executed in both units. The model is an extension of the proposal of management of risks of the Software
Engineering Institute – SEI, which shows a continuous and interactive process for the administration of
risks, supported by coordination and communication process during the whole life cycle of the project. In
that article the results of the application of the proposed model are presented, through the analysis of the
results of a case study on the application of the model in a company for distributed software development
located in Brazil.
1 INTRODUCTION
Countless organizations for several reasons (demand
and costs, speed of responding to the market, market
and global presence, multidisciplinarity of the team,
etc., according to Audy (Audy, 2008) and Agerfalk
(Agerfalk, 2008)), they have been adopting the
model of distributed software development (DSD) or
global software development (GSD) searching for
better results.
For some researchers: Herbsleb (Herbsleb,
2001), Kliem (Kleim, 2004), Damian (Damian,
2006), Agerfalk (Agerfalk, 2008), among others, if
on one hand the adoption of the model of distributed
projects brings better results, on the other hand it
introduces in the software development
environment, new variables which can become
sources of new problems - risks.
In the context of DSD, according to some
authors: Prikladnick (Prikladnick; Audy; 2004),
Sangwan (Sangwan, 2007), Audy (Audy, 2008),
among others, the administration of risks in itself
doesn't differ from the co-located environment.
However it demands more coordination, integration
and communication. Being the adaptation or the
adoption of new models recommended. Thus, the
purpose of this article is to present the results of the
application of the model for identification and
analysis of risks in environment of distributed
software development - GeRDDoS. This, as a result
of the extension of the approach of risk
administration of the SEI (Higuera, 1994) and
applied through a case study in an organization of
distributed software development located in Brazil.
This article is structured in the following way: in
section 2 a synthesis of the GeRDDoS model is
presented; in section 3 related works is presented; in
section 4 the application of the GeRDDoS model is
presented; in section 5 the final considerations,
future studies and limitations of the research are
presented.
2 THE GERDDOS MODEL
The figure 1 presents the general structure of the
391
Soares de Campos C. and Nicolas Audy J. (2010).
MANAGEMENT OF RISK IN ENVIRONMENT OF DISTRIBUTED SOFTWARE DEVELOPMENT - Results of the Evaluation of a Model for Management
of Risk in Distributed Software Projects.
In Proceedings of the 12th International Conference on Enterprise Information Systems - Databases and Information Systems Integration, pages
391-397
DOI: 10.5220/0002905503910397
Copyright
c
SciTePress
model for Identification and Analysis of Risks in
Distributed Software Development Environment -
GeRDDoS, which is divided into seven processes:
identification and analysis of global risks,
identification and analysis of local risks,
categorization and treatment, monitoring, control,
communication and coordination, and the
finalization process.
Figure 1: Structure of the GeRDDoS model.
The first process, identification and analysis of
global risks, is started with the identification activity
and preliminary analysis of the new risks in a global
way. This activity is accomplished in the global unit
(head office) and it should usually be aligned with
the IT strategic planning defined by the high
administration of the organization. The basic
declaration of global risks is the document which
works as a starting point to begin this activity.
The second process, identification and
preliminary analysis of the local risks, looks like the
previous process, because new local risks can be
identified and there can even be changes in the
existing planning of administration of risks. This
activity is accomplished in the distributed unit
(branch) chosen to execute the project. As subsidies
for this process there are: the relationship of global
risks and the basic declaration of risks of the
distributed unit (branch).
The third process consists of the categorization
and treatment of the identified risks. This phase
involves the actions of classification of the risks
according to its degree of importance, verification of
the state of the risk, discussion on the risks and the
strategies to be adopted in the treatment of the risks.
Monitoring the risks, the fourth process, consists
of the definition action and observing the metrics,
indicators and limits for each identified risk.
The fifth process consists of accomplishing the
control of the identified risks. The activities of the
control process aims at assuring that the
management of risk plan is being proceeded as
planned.
The communication and coordination process,
sixth process, consists of the supporting activities to
all the models which provide the necessary
interaction for the correct communication and
understanding of the project, as well as the
accompaniment of all the activities of the
management of risk plan of the organization.
The last process - finalization - it consists of the
closing of the cycle of administration of the project,
that firstly happens in the distributed unit (branch)
and later in the global unit (head office). When
concluding the local cycle of the administration of
risks of the project, the obtained results and the
lessons learned during the project are consolidated
and passed to the global unit (head office), which
after the closing of the global cycle form a
knowledge base to work as subsidies to the future
projects.
The extension of the GeRDDoS model in
relation to the SEI approach proposed by Higuera
(Higuera, 1994) it is exactly in the application of the
identification process and analysis of risks in a
global and local way, proposing the strategic,
tactical and operational alignment for the
management of risks. Besides, the GeRDDoS model
proposes roles, marks, events and artifacts that aid in
the process of administration of risks, and it still
illustrates each process of the model with a diagram
of activities with the objective of facilitating the
understanding of the tasks of each process.
The GeRDDoS model is a proposal for the
administration of risks in software distributed
projects, and it is the result of the master's degree
dissertation of one of the authors (Campos, 2009).
3 RELATED WORKS
In the bibliographical revision accomplished, we
looked for works which could be to correlated to the
areas management of risk in software projects and
distributed software development, proposing a
differentiation in the process of analysis of the risks
involving the two areas.
Among the proposals researched in the literature
that contemplate both areas, we highlight the
MuNDDoS (Prikladnicki; Audy; 2004) and the
ICEIS 2010 - 12th International Conference on Enterprise Information Systems
392
approach described by Sangwan (Sangwan, 2007).
3.1 The Management of Risk in the
MuNDDoS Model
The use of the reference model MuNDDoS for the
management of risks in DSD projects aims at
facilitating this activity. The approach contains
activities for the list of common risks in DSD
projects and a process of management of risks that
begins before the cycle of life of the project itself,
through the integration of three managerial levels:
strategic, tactical and operational (Audy, 2008).
Thus, considering that the reference model
contains activities in those three managerial levels
the creation of a model for distribution of the
software development was proposed, incorporating
specific activities of management of risk in each
stage of MuNDDoS. More specifically in the stages
of validation of the mapping of the distributed
projects, decision on which distributed units will
develop the project and project execution.
The use of the MuNDDoS model to formalize
the management of risks in DSD begins in the phase
of new projects, where the company defines the
vision in long term of distributed projects to be
developed. Once defined the projects, there are three
stages associated to the phase of allocation of
projects of the reference model. In those stages, risk
analysis, cost-benefit and the decision of places are
executed to develop the distributed projects.
Following, there is the stage of development of
projects, where the project manager should know
about the principal risks identified in the previous
stages, executed by the levels of superior decision.
The last phase of the reference model has an
evaluation and feedback stage that applied to the
management of risk, is able to document all the
rational one used during the process of management
of risks, in the three levels, so that it can feed new
cycles of management of risk and to consider the
learned lessons (Prikladnicki; Audy; 2004).
3.2 Sangwan's Approach
(Sangwan, 2007)
For the author, in projects of software development,
besides all the traditional subjects that can be
experienced in co-localized projects, the projects of
GSD possess private subjects related to the
coordination, resolution of problems, elucidation of
requirements, knowledge sharing and identification
of risks. The traditional approach of identification
and monitoring of risks are many times less effective
in a GSD context and they need to be improved.
The cycle of traditional life of administration of
risks proposed by SEI (Dorofee et al, 1996), needs
to be altered, because this cycle should be
continuous, in other words, that cycle is not only
executed in the beginning a project, there should be
mechanisms that allow the continuous execution of
that cycle during the life of the project (Sangwan,
2007).
The author proposes the use of a method called
"Profile for GSD Projects". This method describes
the capacity of the organization that will develop the
system, the needs of coordination contained in the
system to be developed and an evaluation of the
divergence degree. This divergence detaches the
areas of high risk and the evaluation works as an
entrance for the process of planning of risks. The
planning process involves appropriate strategies of
identification and mitigation for the level of
exhibition of the risk which the organization is
compatible with.
4 APPLICATION OF THE
GeRDDoS MODEL
The GeRDDoS model was applied in an
organization of distributed software development,
with the objective of: first, to evaluate the global
process of identification and analysis of risks;
second, to evaluate the local process of identification
and analysis of risks; third, to evaluate the
categorization and treatment of risks process. It also
aimed at knowing if the processes of the GeRDDoS
model helped in those activities and if they allowed
the integration of the process of administration of
risks between the global (head office) and
distributed (branch) units, and also between that
process with the strategic planning of the
organization.
In the next sections we described the research
method, the characterization of the organization, the
characterization of the project and the obtained
results.
4.1 Method of Research
The research is exploratory and qualitative, based on
a case study. According to Yin (Yin, 2005) and
Santos (Santos, 2000) the exploratory research is
usually used in the cases in which the theme was
little researched or when the revision of the
literature shows that there are only theoretical
MANAGEMENT OF RISK IN ENVIRONMENT OF DISTRIBUTED SOFTWARE DEVELOPMENT - Results of the
Evaluation of a Model for Management of Risk in Distributed Software Projects
393
fragments with very little relationship to the
researched theme. So, an exploratory research was
accomplished.
Besides exploratory, the defined research method
is characterized by following a qualitative strategy.
The application of the model was led by the
project management team of the chosen
organization, having the author of the research as a
support for the execution of the case study.
To collect the results of the research an analysis
protocol was used, a questionnaire with open and
closed questions, in lickert scale, characterizing an
exploratory research of transectional type according
to Yin (Yin, 2005). This instrument was organized
in eight dimensions, aiming at characterizing the
respondent, the organization, the experience of the
organization in management of risk and mainly, the
evaluation of the processes of the GeRDDoS model
which were applied in the case study.
4.2 Characterization of the
Organization
In the choice of the organization for application of
the GeRDDoS model, it was used an organization
which practiced distributed software development
(DSD) and that possessed a structure compatible
with the organizational context - offshore
insourcing. It was selected an organization that
strongly acts offering IT services in the center-north
area of Brazil.
The physical distribution of the organization
happens in 7 municipal districts of Brazilian states,
according to figure 2, in: Cuiabá (MT), Rio Branco
(AC), Macapá (AP), Manaus (AM), Maceió (AL),
Diadema (SP) and Canoas (RS).
Figure 2: Presence of the organization in Brazil.
The principal representatives of the strategic
levels (directors) and tactical one (product and
project managers) of the organization work at the
head office, located in Cuiabá (MT). Besides the
strategic and tactical levels, this unit also acts in the
operational level.
4.3 Characterization of the Project
The software project which was object of the
application of the GeRDDoS model, is a small short-
term project, (only 6 months), and the concept of
software factory of the selected organization was
used.
In the case study, the specification and
requirements team, was located in the distributed
unit (branch), and physically installed in the
customer's premises, and the implementation team
was in the global unit (head office) of the
organization.
Once the project for the case study was defined,
the distributed unit (branch) responsible for its
execution was a unit which is physically installed in
the customer's environment, Finance Secretary of
one of the states of the area of performance of the
organization. Characterizing the DSD environment
as offshore insourcing, according to authors Freitas
(Freitas, 2005) and Knob (Knob, 2007). In this unit
(branch) the collaborators of the organization were
responsible for accomplishing the phases of listing
the requirements and specification of the project.
The implementation and test phases were under the
responsibility of the team located in the global unit
(head office) of the organization. Later the
distributed team was responsible for the approval
activities and implantation together with the
customer.
Because of the period for the accomplishment of
the research and of the schedule for execution of the
project, the application of three processes of
GeRDDoS model was defined: "Identification and
analysis of global risks", "Identification and analysis
of local risks" and "Categorization and treatment",
and also the use of the "Communication and
coordination" process as a support to the application
of the other processes.
4.4 Obtained Results
Among the dimensions of the instrument of data
collection of the research - analysis protocol - in this
section we highlighted the results and analysis of
five dimensions: the characterization of the
respondents, the characterization and experience of
the organization in management of risk, the
applicability of the identification process and
analysis of global risks, the applicability of the
ICEIS 2010 - 12th International Conference on Enterprise Information Systems
394
identification process and analysis of local risks and
the applicability of the categorization process and
treatment.
The first dimension highlighted in this article,
aimed at identifying the profile of the people
involved in the case study. On this dimension there
were five respondents, being two of them from the
strategic level, one of them from the tactical level
and two others from the operational level of the
organization. The respondents from the strategic
level were 39 years old (average), 17 years of
experience in IT and an average of 9 years in the
organization. The respondent from the tactical level
was 28 years old, 9 years of experience in IT and 3
years working in the organization. The respondents
from the operational level were 24,5 years old
(average), approximately 2,5 years of experience in
IT and about 2 years working in the organization.
All the respondents had finished college graduation
in the area of IT, and 80% of the respondents were
post-graduated in specialization level.
The second dimension highlighted in this article,
aimed at characterizing the organization and also
aimed at identifying the organization's experience in
management of risk. In relation to the dimension of
characterization of the organization, the global unit
(head office) has over 500 employees and 16 years
of experience in the market, while the distributed
unit (branch) has between 10 and 50 employees and
more than 5 years old. Regarding the experience in
management of risk in the organization, 67% of
respondents reported that there is awareness about
the importance of management of risk in the
organization. Regarding the discussion on
management of risk in the organization, 100% of
respondents said that this is not encouraged and they
also indicated that there are no specific actions for
management of risk. Regarding the formalization of
management of risk in the organization, 100% of
respondents concluded that management of risk is
not formalized. Thus, regarding the level of
awareness about the management of risks in the
organization, we have found that the organization is
among those which have a level of awareness about
the importance of the topic, but do not put the
management of risk in their projects into practice, as
stated Audy (Audy, 2008).
The third dimension highlighted in this article,
aimed at evaluating the applicability of the
identification process and risk analysis of the global
GeRDDoS model, trying to measure the alignment
of management of risk with the strategic planning of
the organization, the activities of the actors involved,
the level of effort on its application and artifact basic
declaration of global risks. Among the respondents,
both at the strategic and tactical levels, 87% agreed
that the process facilitates the alignment of the
management of risk with strategic planning of the
organization. That is exactly what the authors
Prikladnicki (Prikladnicki; Yamaguti; 2004), Audy
(Audy, 2008) and Sangwan (Sangwan, 2007) say,
stating that the analysis and risk assessment carried
out in strategic and tactical levels must be integrated
with the risk analysis performed at the operational
level by project managers. Among the respondents,
both at strategic and tactical levels, 80% considered
that the factors, methods and techniques presented in
the process facilitated the identification and analysis
of global risks, and that the tasks assigned to each
actor are well defined and clear process. Among the
respondents, 47% considered that the level of effort
spent on the process is low, and 53% considered as
the average level of effort spent on the process.
Among the respondents, 80% agreed that the artifact
- basic declaration of global risks - is important in
the process, since it helps in the identification and
preliminary analysis of global risks. Thus we see
that the process of identification and analysis of the
global risks GeRDDoS model reached the goal of
facilitating the identification of risks at the global
level and allowing alignment between management
of risk and strategic planning organization.
The fourth dimension highlighted in this article,
aimed at evaluating the applicability of the process
of identification and analysis of local risks, trying to
measure the alignment of management of risk at the
distributed unit (branch) level with the strategic
planning of the organization, activities of the actors
involved, the level of effort on your application and
artifact basic declaration of local risks. Among the
respondents, both at the tactical and operational
levels, 67% agreed that the process facilitates the
alignment of management of risk with strategic
planning of the organization. This confirms the
proposition of the researchers Prikladnicki
(Prikladnicki; Yamaguti; 2004), Audy (Audy, 2008)
and Sangwan (Sangwan, 2007), about the
importance of aligning the actions of management of
risk between the global unit (head office) and
distributed unit (branch), and these with the
organization's strategic planning. Among the
respondents, both at tactical and operational levels,
67% considered that the factors that the methods and
techniques presented in the process facilitated the
identification and analysis of local risks, and that the
tasks assigned to each actor are well defined and
clear in the process. Among the respondents, 53%
evaluated as average the level of effort spent on the
MANAGEMENT OF RISK IN ENVIRONMENT OF DISTRIBUTED SOFTWARE DEVELOPMENT - Results of the
Evaluation of a Model for Management of Risk in Distributed Software Projects
395
process and 47% rated it as low stress level.
Concerning the artifact – basic declaration of local
risks - 73% of respondents agree that the artifact is
important in the process, since it helps in the
identification and preliminary analysis of local risks.
Thus, we find that the identification process and risk
analysis of local GeRDDoS model reached the goal
of facilitating the identification of risks at the local
level and of providing alignment of the management
of risk between the distributed unit (branch) and
global unit (head office), and also with the strategic
planning of the organization.
The fifth dimension highlighted in this article,
aimed at evaluating the applicability of the process
of categorization and treatment of risks, trying to
measure the actions recommended for the treatment,
mitigation strategies and if the process allows the
identification of new risks. Among the respondents,
both from the tactical and operational levels, 67%
agreed that the activities of categorization and
treatment described in the process help to mitigate
the risks and the same percentage of respondents
agree that the recommended actions contribute to the
categorization process. Regarding the strategies for
mitigating risks, the respondents, 67% consider them
sufficient. Regarding the identification of new risks,
53% disagreed that the process helps to identify new
risks, and 47% agree that the process helps to
identify new risks. The process also allowed the
generation of a plan for treatment of risks, which is
also what was proposed by Boehm (Boehem 1989),
SEI (Higuera, 1994), PMI (Project Management
Institute, 2004) and CMMI (Software Engineering
Institute, 2006), for management of risk where after
the qualitative and / or quantitative analysis phase,
the planning of risk response is prepared. Thus, we
find that, in general, the process of categorization
and treatment of risks GeRDDoS model, reached the
objective of facilitating the definition and
classification of risk treatment measures of risk,
allowing the generation of the plan for mitigating
risks.
5 FINAL CONSIDERATIONS
In the context where the organizations execute their
projects with dispersed teams, the research area on
the distributed software development (DSD) or
global software development (GSD), has been
several researchers' objective aiming at
understanding how this environment has been
affecting the software production in the last decades.
These researchers have reaffirmed the problems
inherent to the software development, considering
the width of those problems in the DSD or GSD
environment, as well as the new challenges of that
new scenery.
In that context, managing problems - risks - is a
recommendation to try to minimize the impact of an
unexpected event. If in the traditional environment,
co-located, to execute this discipline was already a
challenge, authors such as: Damian (Damian, 2006),
Sangwan (Sangwan, 2007), Audy (Audy, 2008) and
Ågerfalk (Ågerfalk, 2008), affirm that in the DSD or
GSD context this becomes more critical and they
recommend an adaptation in the classic model. This
way, in this article we tried to synthesize the results
of a case study of evaluation of GeRDDoS model for
identification and analysis of risks in distributed
software development environment. This model is
an extension of the approach management of risk of
the SEI, adapted to the environment DSD or GSD.
Thus, in this paper we summarize the results of a
case study of evaluation GeRDDoS model for
identification and risk analysis in distributed
software development environment. We believe that
this article contributes to the area of software
engineering in the sub areas management of risk in
software projects and distributed software
development, combining these two areas of
knowledge and drawing attention to management of
risk in distributed software projects, and further
expanding the publications involving these subareas.
It is also believed that this article contributes
towards the vision of the complementary area of
distributed software development, referencing a
specific model for management of risk.
5.1 Limitations of the Research and
Future Studies
As factors of limitation of the research, we
highlighted: the impossibility of its generalization,
for characterizing as a qualitative research; the
application of the model through the case study in
just one project of the selected organization; the
application of the model in just one organization; the
application of only three processes of GeRDDoS
model due to the factor: time for the research; and
also, the fact of the national coverage of the selected
organization, because it does not experience the
critical factors of success in a global way.
As opportunities of future studies, we identified:
the adaptation of the proposed model to other
methodologies management of risk; the
incorporation of new techniques, methods,
identification of risks in the processes of GeRDDoS
ICEIS 2010 - 12th International Conference on Enterprise Information Systems
396
model; the application of the model in more than a
project of dimensions superior to the project that
was object of the case study; the application of the
model accompanying the whole global and local
cycle in at least one project; the accomplishment of
multiple case studies, applying the model in
different organizations, allowing the degree of
generalization of the results to be enlarged; the
construction of a tool prototype which can be a
support to the application of the model; and the
analysis of the impact of the understanding of
analysis of risks, using semiotics concepts and
ontology.
REFERENCES
Ågerfalk, P. J.; Fitzgerald, B.; Olsson, H. H.; Conchúir, E.
Ó., 2008. Benefits of Global Software Development:
The Known and Unknown. In: Proceedings of the
International Conference on Software Process - ICSP,
pp.1-9.
Audy, J. L. N.; Prikladnicki R., 2008. Desenvolvimento
Distribuído de Software. Rio de Janeiro: Elsevier,
211p.
Boehm, B., 1989. Theory-W Software Project
Management: Principles and Examples. IEEE
Transactions on Software Engineering, vol. 15, 7p.
Campos, C. S. 2009. GeRDDoS: A Proposal for a Model
for Identification and Risk Analisys in Environment
Distributed Software Development (in Portuguese).
M.Sc. Dissertation, Catholic University of Rio Grande
do Sul (PUCRS), Porto Alegre, Brazil.
Damian, D.; Moitra, D., 2006. Global Software
Development: How Far Have We Come? IEEE
Software, Set-Out, pp. 17-19.
Freitas, A. V. P., 2005. APSEE-Global: Um Método de
Gerência de Processos Distribuídos de Software.
Dissertação de Mestrado. Universidade Federal do Rio
Grande do Sul (UFRGS). Porto Alegre, Brazil.
Gusmão, C. M. G.; Moura, H. P., 2004. Gerência de
Riscos em Processos de Qualidade de Software: uma
Análise Comparativa (in Portuguese). In: Anais do III
Simpósio Brasileiro de Qualidade de Software
SBQS, 14p.
Herbsleb, J. D.; Moitra, D., 2001. Global Software
Development. IEEE Software, vol. 18, No. 2, Mar-
Abr, pp. 16-20.
Higuera, R. P., Gluch, D. P., Dorofee, A. J., Murphy, R.
L., Walker, J. A., Willians, R. C., 1994. An
Introduction to Team Risk Management. Special
Report CMU/SEI-94-SR-1. SEI: Pittsburgh –
Pennsylvania.
Kliem, R., 2004. Managing the Risks of Offshore IT
Development Projects. Information Systems
Management Journal, vol. 21, Summer, pp. 22-27.
Knob, F. F., 2007. RiskFree4PPM: uma proposta de
processo para o gerenciamento de portifólios
distribuídos de software com o auxilio do
gerenciamento de riscos (in Portuguese). Dissertação
de Mestrado. Catholic University of Rio Grande do
Sul (PUCRS). Porto Alegre, Brazil.
Project Management Institute, 2004. A Guide to the
Project Management Body of Knowledge (PMBOK
Guide). Pennsylvania: PMI, 3ª Ed., 405p.
Prikladnicki, R.; Audy, J. L. N. 2004. MuNDDoS: Um
Modelo de Referência para o Desenvolvimento
Distribuído de Software (in Portuguese). In: Anais do
XVIII Simpósio Brasileiro de Engenharia de Software
– SBES, 16p.
Prikladnicki, R.; Yamaguti, M. H., 2004. Risk
Management in Distributed Software Development: A
Process Integration Proposal. In: 5th IFIP Working
Conference on Virtual Enterprises, pp. 517-526.
Sangwan, R.; Bass, M.; Mullick, N.; Paulish, D. J.;
Kazmeier, J., 2007. Global Software Development
Handbook
. Florida:Auerbach Publications.
Santos, A. R., 2000. Metodologia científica: a construção
do conhecimento. 3ª.ed. Rio de Janeiro: DP&A
editora.
Software Engineering Institute, 2006. CCMI for
Development Version 1.2. Technical Report, SEI,
CMU.
Yin, R. K., 2005. Estudo de caso: planejamento e
métodos; trad. Daniel Grassi. 3ª.ed. Porto Alegre:
Bookman.
MANAGEMENT OF RISK IN ENVIRONMENT OF DISTRIBUTED SOFTWARE DEVELOPMENT - Results of the
Evaluation of a Model for Management of Risk in Distributed Software Projects
397