Software Project Risk, Cohesion, and Code Review Processes

Posted on Apr 4, 2025 in Software Computer Engineering

Software Risk Management Explained

Risk Identification

  • The project manager needs to anticipate the risks in a project as early as possible.
  • As soon as a risk is identified, effective risk management plans should be made so that the possible impacts of the risks are minimized.
  • Example: A project manager might be worried about:
    • Risk 1: Vendors developing certain modules might not complete their work on time or might deliver poor quality work.
    • Risk 2: Some key personnel might leave the organization.
  • All such risks likely to affect a project must be identified and listed.
  • There are three main categories of risks which can affect a software project:
    • Project risks
    • Technical risks
    • Business risks

Risk Assessment

  • The objective of risk assessment is to rank the risks in terms of their potential to cause damage.
  • For risk assessment, each risk should first be rated in two ways:
    • The likelihood of a risk becoming real (r) [Risk Probability].
    • The consequence of the problems associated with that risk (s) [Impact].
  • The priority of each risk can be computed as follows: p = r * s
    • Where p is the priority with which the risk must be handled.
    • r is the probability of the risk becoming real.
    • s is the severity of damage caused if the risk becomes real.

Risk Mitigation

  • After all identified project risks have been assessed, plans are made to contain the most damaging and the most likely risks first.
  • There are three main strategies for risk containment:
    • Avoid the risk
    • Transfer the risk
    • Risk reduction

Seven Levels of Software Cohesion

1. Coincidental Cohesion

The worst degree of cohesion is coincidental, placed at the lowest level. It occurs when no meaningful relationship exists among the elements of a module. Such a module performs tasks that are loosely related or almost unrelated to each other.

2. Logical Cohesion

Logical cohesion is the next higher level, where several logically related functions or data elements are placed in the same component.

3. Temporal Cohesion

Temporal cohesion is similar to logical cohesion, except that the elements are related by timing and executed together. Time is the key concern here.

4. Procedural Cohesion

When elements are grouped together in a module merely to follow a sequential order of execution, the component is procedurally cohesive.

5. Communicational Cohesion

Communicational cohesion involves elements that are related by reference to the same input or output data.

6. Sequential Cohesion

If the output from one part of a module serves as input to the next part, the module exhibits sequential cohesion.

7. Functional Cohesion

In functional cohesion, every processing element is essential to the performance of a single function, and all essential components are contained within one module. This is the highest level of cohesion.

Code Review Process Explained

Review is a very effective technique for removing defects from source code. In fact, review has been acknowledged as more cost-effective in removing defects compared to testing. Code review does not target syntax errors (which are typically caught by the compiler) but is designed to detect logical, algorithmic, and programming errors.

Code review is a much more cost-effective strategy for eliminating errors from code compared to testing because reviews directly detect errors. Eliminating an error typically involves three main activities:

  1. Testing: To detect if the system fails to work satisfactorily.
  2. Debugging: To locate the error causing the failure and remove it.
  3. Correction: Implementing the fix for the error.

Two primary types of reviews are carried out on the code of a module:

  • Code inspection
  • Code walkthrough

Code Walkthrough

A code walkthrough is an informal code analysis technique. In this technique, a module is reviewed after it has been coded, successfully compiled, and all syntax errors have been eliminated. The main objective of a code walkthrough is to discover algorithmic and logical errors in the code.

Code Inspection

During code inspection, the code is examined for the presence of common programming errors. The aim of code inspection (CI) is to check for common types of errors that usually creep into code due to programmer mistakes and oversights, and to verify whether coding standards have been adhered to.

The following is a list of some classic programming errors that can be checked during code inspection:

  1. Use of uninitialized variables.
  2. Jumps into loops.
  3. Non-terminating loops.
  4. Incompatible assignments.
  5. Array indices out of bounds.
  6. Improper storage allocation and deallocation.
  7. Mismatch between actual and formal parameters in procedure calls.
  8. Use of incorrect logical operators or incorrect precedence among operators.
  9. Improper modification of loop variables.
  10. Comparison of equality for floating-point values.
  11. Dangling references caused when the referenced memory has not been allocated or has been deallocated.