Offshore-Outsourced Software Development Risk Management Model Shareeful Islam, Siv Hilde Houmb, Daniel Mendez-Fernandez and Md. Mahbubul Alam Joarder Institut für Informatik, Technische Universität München, Germany Connected Objects Laboratory, Telenor R&I Service Platforms, Norway Institut für Informatik, Technische Universität München, Germany Institute of Information Technology, University of Dhaka, Bangladesh islam@in.tum.de, siv-hilde.houmb@telenor.com, mendezfe@in.tum.de, joarder@univdhaka.edu Abstract 1 Offshore-outsourced software development is gaining popularity because companies are continuously forced to reduce production costs while keeping sustainable competitive strength. However, this trend of software development increases projects’ complexity and brings up risks to the overall project environment. Therefore, risks of offshore software development require to be managed as early as possible for a successful project. This paper considers a risk management model from a holistic perspective to manage offshore software development risk, integrated into early stages of development. The approach effectively identifies and specifies the goals of a project and the related risk factors. This is done at the basis of selected software development components within the running project. We show how to trace and control these risks already during early requirements engineering activities. The model at hand is implemented into an on- going offshore software development project to (1) identify goals and risk factors from the local context and finally (2) to determine its applicability of the approach in offshore software development projects from a vendor’s perspective. Keywords: Software development risk, goal modeling language, offshore outsourced software development, requirement engineering. I. INTRODUCTION Offshore-outsourced software development (O-OSD) has become a highly favored topic for companies aiming at cost savings while achieving final product delivery within estimated time schedules. Still, this type of development has several challenges due to its inherent nature. For instance, decreased degrees of communication, lack of knowledge about customers’ business domains, disputes on legal issues [1, 6] may pose any potential risks to the project. A recent report [1] suggested that outsourcing magnifies existing risks and creates additional threats to The work is partly supported by the German Academic Exchange Service (DAAD), Germany and the Institute of Information Technology (IIT), University of Dhaka, Bangladesh. the offshore projects. These risk factors are not only given by technical issues, but also by non-technical issues. There is in general an observable tendency to over- manage the technical issues and underestimate the non- technical ones. Consequently, O-OSD has to emphasize particular goals, such as an effective co-ordination of project works between offshore customers/users with local development teams, building trust, attain security besides generic software development goals like schedule, cost and quality. This paper evaluates a goal-driven risk management model (GSRM) that is integrated into Requirement Engineering (RE) activities in order to manage risks of O- OSD. The approach explicitly defines the relations between the goals relating to project success from offshore environment and the risk factors that obstruct the goals respecting technical as well as non-technical development components. In addition, it defines the control actions that enable the satisfaction of the goals. Therefore, GSRM assesses and manages risk that relate to the challenges of the offshore context right from the beginning of a project. We claim that this integration contributes to a reduction of errors that arise from elicited user and / or detailed system requirements. This is in particular important to the offshore environment because our result showed that requirements errors are a common problem in offshore development projects [8, 12, 13]. We performed a field study within an on-going offshore software project in Bangladesh. The field study evaluates applicability of the model and compares the identified risk factors with our previously published survey results from the same local context [8] and with the other published risk factors [6, 14] of the offshore context. The study context is from a developing country where the offshore market in rapidly expanding by significantly increasing investments in the recent years [5]. The remainder of the work is as follows. We first give in Sect. 2 an overview on risk management approaches and related survey. In Sect. 3 we introduce the basic concepts of goal-based risk management and in Sect. 4 the O-OSD specific approach. It is evaluated in Sect. 4 before giving