I’m looking for risk management approaches that have been baked into other engineering disciplines to see how well they could apply to software engineering. If you have any experiences or stories to share on the above, I’d love to hear about it.
Here are a few links with more background on the ideas I’m trying to bring together:
FMEA – American Society for Quality
HAZOPS – Mike Lihou
Common-Cause Failure Analysis (Westinghouse, open information for the public on nuclear power station design)
http://tinyurl.com/3gu2f2 (Links to PDF)
It depends on your design/development methodology. But ultimately it will usually come down to integration into your test cases. Your business requirements break down into functional requirements (and possibly technical requirements). Your functional requirements break down into test cases with potential failure modes identified. FMEA/FMECA can be applied to formulate risks, impacts and responses.
The full analysis can feed into your design process to help improve your up-front quality and potentially reduce or eliminate the failures before they occur. As the product or process moves through testing, you’ll be able to add to or adjust your assumptions and decide whether to change the requirements, design or implementation. (or just determine the mitigation)
After implementation, any additional failure modes that are uncovered should be mapped back into requirements and test cases for the next iteration.