Post Job Free
Sign in

Software Management

Location:
Joint Base Andrews Naval Air Facility, MD
Posted:
November 09, 2012

Contact this candidate

Resume:

A New Fuzzy Risk Assessment Approach

Huey-Ming Lee1 and Lily Lin2

1

Department of Information Management, Chinese Culture University

**, ***-**** ****, ****-Ming-San, Taipei (11114), Taiwan

2

Department of International Business, China University of Technology

56, Sec. 3, Hsing-Lung Road, Taipei (116), Taiwan

*****@*******.****.***.**, ****@****.***.**

Abstract. In this paper, we present computational rule inferences to tackle the

rate of aggregative risk in fuzzy circumstances. Because the proposed assess-

ment method directly uses the fuzzy numbers rather than the linguistic values to

evaluate, it can be executed faster than before. The proposed fuzzy assessment

method is easier, closer to evaluator real thinking and more useful than the ones

they have presented before.

Keywords: Risk assessment; fuzzy risk assessment.

1 Introduction

Generally, risk is the traditional manner of expressing uncertainty in the systems life

cycle. Risk assessment is a common first step and also the most important step in a

risk management process. Risk assessment is the determination of quantitative or

qualitative value of risk related to a concrete situation and a recognized threat. In a

quantitative sense, it is the probability at such a given point in a system's life cycle

that predicted goals can not be achieved with the available resources. Due to the com-

plexity of risk factors and the compounding uncertainty associated with future sources

of risk, risk is normally not treated with mathematical rigor during the early life cycle

phases [1]. Risks result in project problems such as schedule and cost overrun, so risk

minimization is a very important project management activity [11]. Up to now, there

are many papers investigating risk identification, risk analysis, risk priority, and risk

management planning [1-4, 6-7].

In evaluating the rate of risk factors, most decision-makers or project-managers, in

fact, viewed those factors as linguistic values (terms), e.g., very high, high, middle,

low, very low and etc. After fuzzy sets theory was introduced by Zadeh [12] to deal

with problem in which vagueness is present, linguistic value can be used for approxi-

mate reasoning within the framework of fuzzy sets theory [13] to effectively handle

the ambiguity involved in the data evaluation and the vague property of linguistic

expression, and normal triangular fuzzy numbers are used to characterize the fuzzy

values of quantitative data and linguistic terms used in approximate reasoning. Based

on [2-4, 6-7], Lee [9] classified the risk factors into six attributes, divided each attrib-

ute into some risk items, and built up the hierarchical structured model of aggregative

risk and the evaluating procedure of structured model, ranged the grade of risk for

each risk item into eleven ranks, and proposed the procedure to evaluate the rate of

I. Lovrek, R.J. Howlett, and L.C. Jain (Eds.): KES 2008, Part III, LNAI 5179, pp. 98 105, 2008.

Springer-Verlag Berlin Heidelberg 2008

A New Fuzzy Risk Assessment Approach 99

aggregative risk using two stages fuzzy assessment method. Chen [5] ranged the

grade of risk for each risk item into thirteen ranks, proposed the other arithmetic op-

erations instead of the two stages fuzzy assessment method, and defuzzified the trape-

zoid or triangular fuzzy numbers by the median.

In [5, 9], they used eleven or thirteen linguistic values for ranking the grades of risk

to each risk item, where the linguistic values were represented by the triangular fuzzy

numbers. But, it is very complicated to compute. Also, the evaluator only chooses one

grade from grades of risk for each risk item. It has difficulty in reflecting the evaluator s

incomplete and uncertain thought. Therefore, if we can use fuzzy sense of assessment to

express the degree of evaluator s feelings based on his/her own concepts, the results will

be closer to the evaluator s real thought. Therefore, Lin and Lee [10] proposed a new

fuzzy assessment method to tackle the rate of aggregative risk in fuzzy circumstances.

This method directly uses the fuzzy numbers rather than the linguistic values to evalu-

ate, it can be easier, and meet the evaluator real thinking. Based on Lin and Lee [10], we

apply computational rule inference to evaluate the aggregative risk in this study. The

proposed method is easier than they presented before.

2 The Proposed Fuzzy Risk Assessment Method

We present the fuzzy assessment method as follows;

Step 1: Assessment form for the risk items:

V1,

The criteria ratings of risk are linguistic variables with linguistic values

V2,, V7, where V1 = extra low, V2 = very low, V3 = low, V4 = middle, V5 = high,

V6 = very high, V7 = extra high. These linguistic values are treated as fuzzy numbers

with triangular membership functions as follows:

1

~

V1 = (0, 0, ),

6

(1)

k 2 k 1 k

~

Vk =, for k = 2, 3 6,

6 66

5

~

V7 = (, 1, 1)

6

In previous studies [5, 9], the evaluator only chooses one grade from grade of risk

for each risk item, it ignores the evaluator s incomplete and uncertain thinking. There-

fore, if we use fuzzy numbers of assessment in fuzzy sense to express the degree of

evaluator s feelings based on his own concepts, the computing results will be closer to

the evaluator s real thought.

The assessment for each risk item with fuzzy number can reduce the degree of sub-

jectivity of the evaluator, express the degree of evaluator s feelings based on his own

concepts. The results will be closer to the evaluator s real thought. Based on the struc-

tured model of aggregative risk proposed by Lin and Lee [10] and evaluating form of

100 H.-M. Lee and L. Lin

Table 1. Contents of the hierarchical structure model [10]

Linguistic variables

Attribute Risk item Weight-2 Weight-1 V1 V2 V3 V4 V5 V6 V7

X1: Personal W2(1)

X11: Personal shortfalls, W1(1,1) m11)

(1

m11 ) m11 ) m11 ) m11 ) m11 ) m11 )

(2 (4 (5 (6 (7

(3

key person(s) quit

X2: System W2(2)

requirement

X21: Requirement W1(2,1) m21)

(1

m 21 ) m21) m 21 ) m 21) m 21) m 21 )

(2 (4 (5 (6 (7

(3

ambiguity

X22: Developing the W1(2,2) m 22 ) m22) m 22 ) m 22) m 22) m 22 )

(3

(2 (4 (5 (6 (7

m22)

(1

wrong software function

X23: Developing the W1(2,3) m 23 ) m 23) m 23 ) m 23) m 23) m 23 )

(2 (4 (5 (6 (7

m 23)

(1 (3

wrong user interface

X24: Continuing stream W1(2,4) m 24 ) m24) m 24 ) m 24) m 24) m 24 )

(3

m24)

(1 (2 (4 (5 (6 (7

requirement changes

X3: Schedules W2(3)

and budgets

X31: Schedule not W1(3,1) m 31)

(1

m 31 ) m31) m 31 ) m 31) m 31 ) m31 )

(2 (4 (5 (6 (7

(3

accurate

X32: Budget not W1(3,2) m32)

(1

m 32 ) m32) m 32 ) m 32) m 32 ) m 32 )

(2 (4 (5 (6 (7

(3

sufficient

X4: W2(4)

Developing

technology

X41: Gold-plating W1(4,1) m 41 ) m41) m 41 ) m 41) m 41) m 41 )

(2 (4 (5 (6 (7

m 41)

(1 (3

X42: Skill levels W1(4,2) m 42)

(1

m 42 ) m42) m 42 ) m 42) m 42) m 42 )

(3

(2 (4 (5 (6 (7

inadequate

X43: Straining hardware W1(4,3) m 43 ) m 43) m 43 ) m 43) m 43) m 43 )

(2 (4 (5 (6 (7

m 43)

(1 (3

X44: Straining software W1(4,4) m 44 ) m44) m 44 ) m 44) m 44) m 44 )

(3

(2 (4 (5 (6 (7

m 44)

(1

X5: External W2(5)

resource

X51: Shortfalls in W1(5,1) m51)

(1

m51 ) m51) m51 ) m51) m51 ) m51 )

(2 (3 (4 (5 (6 (7

externally furnished

components

X52: Shortfalls in W1(5,2) m 52)

(1

m52 ) m52) m52 ) m52) m52 ) m52 )

(2 (3 (4 (5 (6 (7

externally performed

tasks

X6.: W2(6)

Performance

X61: Real-time W1(6,1) m 61 ) m61) m 61 ) m 61) m 61 ) m 61 )

(2 (4 (5 (6 (7

m 61)

(1 (3

performance shortfalls

structured model proposed by Lee [10], we propose the assessment form of the struc-

tured model as shown in Table 1 and propose a new assessment method using compu-

tational rule inference to tackle the rate of aggregative risk in software development.

In Table 1,

6

W2 (i ) = 1, 0 W2 (i ) 1 (2)

i =1

A New Fuzzy Risk Assessment Approach 101

for each i = 1, 2, ... 6.

nk

W (k, i) = 1, 0 W (k, i) 1 (3)

1 1

i =1

for k=1, 2 6; n1 = 1, n2 = 4, n3 = 2, n4 = 4, n5 = 2, n6 = 1. ; i = 1, 2 nk.

7

m (4)

= 1, 0 m ki ) 1

(l ) (l

ki

l =1

for l=1, 2, 7; k=1, 2, 6; i=1, 2,, nk.

(l )

From Table 1, we directly use the fuzzy numbers ( mki ) rather than the linguistic

values to evaluate. Also, we may express the risk item X ki as fuzzy discrete type

mki ) mki2) mki3) mki4) mki5) mki6) mki7)

(1 ( ( ( ( ( (

(5)

X ki =

V1 V2 V3 V4 V5 V6 V7

Step 2: Weighted triangular fuzzy numbers

For easy to express, we take some one attribute, saying X j, and the items, saying

X j1, X j 2,, X jn j in Table 1, and introduce the weighted triangular fuzzy numbers

as shown in Table 2, for j=1, 2,, 6, and n1 = 1, n2 = 4, n3 = 2, n4 = 4, n5 = 2, n6 = 1.

~~ ~

Let B = {V1,V2, V7 }. From Table 2, we can form the fuzzy relation on Xj and

B with weighted triangular fuzzy number elements as follows:

Table 2. Contents of the weighted triangular fuzzy number for item X jk

Linguistic variables

Risk

Attribute

item V1 V2 V3 V4 V5 V6 V7

Xj

m (j1) m (j2 ) m (j3) m (j1 )

4

m (j5) m (j6 ) m (j7 )

X j1

1 1 1 1 1 1

~ ~

~ ~ 4~ ~

~

Weighted triangular m (j5)V5 m (j6 )V6 m (j7 )V7

m (j1)V1 m (j2 )V2 m (j3)V3 m (j1 )V4 1

1 1

1 1

1

fuzzy number

m (j12) m (j2 ) m (j3) m (j4 ) m (j5) m (j6 ) m (j7 )

X j2

2 2 2 2 2 2

~ ~

~ ~

~ ~

~

Weighted triangular m (j5)V5 m (j6 )V6 m (j7 )V7

m (j12)V1 m (j2 )V2 m (j3)V3 m (j4 )V 4 2

2 2

2 2

2

fuzzy number

. . . . . . . .

. . . . . . . .

(7)

( 5)

( 2) ( 3) (6)

(1)

X jm j (4) m

m

m m m

m m jm j

jm j

jm j jm j jm j

jm j jm j

~ m (6) V 7~

~ m(2) V 4~

3~ ~

~

Weighted triangular m (1) V m (jm)j V3 m (jm)jV4 m (jm)j V5 jm 6 m (jm)jV7

5

jm 2

jm j 1 j j

fuzzy number

102 H.-M. Lee and L. Lin

~ ~ ~

m (j1)V1 m (j2 )V2 . . . m (j7 )V7

1 1 1

(1) ~ ~

~

m j 2 V1 m (j2 )V2 . . . m (j7 )V7

2 2

.

~

Rj = . (6)

.

(1) ~

2~ 7~

m jn jV1 m (jn )jV2 . . . m (jn )jV7

Step 3: The first stage computational rule of inference

We let

~~ ~ ~

(T j1, T j 2, T j 7 ) = ( w1 ( j,1), w1 ( j,2), w1 ( j, n j ) R j (7)

where

~ q~ ~ q~

Tjq = w ( j,1)m(j1)Vq w ( j,2)m(jq)Vq ... w ( j,nj )m(jn)jVq (8)

1 1 2 1

~

for j=1, 2,, 6; q=1, 2,, 7. We have that Tjq is a triangular fuzzy number.

Step 4: The second stage computational rule of inference

We let

~~ ~

( S1, S 2, S7 )

~~ ~

T11 T12 ... T17

~ ~ ~

T21 T22 ... T27

(9)

.

= ( w2 (1), w2 (2), w2 (6))

.

.

T T ... T

~~ ~

67

61 62

where

~ ~ ~ ~ (10)

S q = w2 (1)T1q w2 (2)T2 q ... w2 (6)T6 q

for q=1, 2,, 7.

Then we have the following Proposition 1.

~

Proposition 1 Let S jq be the centroid of Tjq, then, we have

(1) for the attribute Xj, and rating risk Vq, the rate of risk is S jq

7

S

(2) the rate of risk for the attribute Xj is Q( j) = jq .

q=1

A New Fuzzy Risk Assessment Approach 103

~

(3) let Tq be the centroid of S q, then, the aggregative rate of risk is

6

w ( j)Q

Rate_Aggregative_Risk = ( j)

2

j=1

4 Numerical Example

Example: Assume that we have the following attributes, weights, grade of risk for

each risk item as shown in Table 3 [10].

Table 3. Contents of the example [10]

Linguistic variables

Risk

Attribute Weight-2 Weight-1

item V1 V2 V3 V4 V5 V6 V7

0.3

X1

1 0 0.17 0.83 0 0 0 0

X 11

0.3

X2

0.4 0 0.53 0.47 0 0 0 0

X 21

0.4 0 0.89 0.11 0 0 0 0

X 22

0.1 0.25 0.75 0 0 0 0 0

X 23

0.1 0.61 0.39 0 0 0 0 0

X 24

0.1

X3

0.5 0 0.17 0.83 0 0 0 0

X 31

0.5 0 0.53 0.47 0 0 0 0

X 32

0.1

X4

0.3 0 0.89 0.11 0 0 0 0

X 41

0.1 0 0.17 0.83 0 0 0 0

X 42

0.3 0 0.17 0.83 0 0 0 0

X 43

0.3 0 0.53 0.47 0 0 0 0

X 44

0.1

X5

0.5 0 0 0.81 0.19 0 0 0

X 51

0.5 0 0 0.81 0.19 0 0 0

X 52

0.1

X6

1 0 0.17 0.83 0 0 0 0

X 61

(1) By the Proposition 1 shown in Section 2, we have

Q (1) = 0.304729 is the rate of risk of the attribute X1;

Q ( 2 ) = 0.195727 is the rate of risk of the attribute X2

Q ( 3) = 0.274795 is the rate of risk of the attribute X3;

Q ( 4 ) = 0.250848 is the rate of risk of the attribute X4

104 H.-M. Lee and L. Lin

Q ( 5) = 0.36473 is the rate of risk of the attribute X5;

Q ( 6 ) = 0.304729 is the rate of risk of the attribute X6

Rate_Aggregative_Risk =0.269647 is the rate of aggregative risk.

(2) Comparison with Lin and Lee [10]

a) In [10], the rate of aggregative risk is 0.26983. By the proposed method in this

study, the computed result is 0.269647. The relative error is (0.269647-

0.26983)/0.26983= -0.00068. It is very small. But, the proposed method is easier than

in [10].

b) We can tackle the risk rate of each attribute by the proposed method in this

study.

5 Conclusion

In general survey forces evaluator to assess one grade from the grade of risk to each

risk item, but it ignores the uncertainty of human thought. For instance, when the

evaluator need to choose the assessment from the survey which lists eleven choices

including definitely unimportant, extra unimportant, very unimportant, unim-

portant, slightly unimportant, middle, slightly important, important, very

important, extra important, and definitely important, the general survey becomes

quiet exclusive. The assessment of evaluation with fuzzy numbers can reduce the

degree of subjectivity of the evaluator. In this paper, we propose a new assessment

method to evaluate the rate of aggregative risk. Because the proposed method directly

uses the fuzzy numbers rather than the linguistic values to evaluate, it can be executed

much fast. Therefore, the evaluator can assess the risk grade by fuzzy numbers to

each risk item, which making evaluation process is also easier than the ones presented

before [6, 10-11].

Acknowledgments. The authors would like to express their gratitude to Professor

Jing-Shing Yao, an Emeritus Professor at the National Taiwan University, for his

helpful suggestions.

References

1. AFSC: Software Risk Abatement, U. S. Air Force Systems Command, AFSC/AFLC pam-

phlet 800-45, Andrews AFB, MD, September, pp. 1 28 (1988)

2. Boehm, B.W.: Software Risk Management. CS Press, Los Alamitos (1989)

3. Boehm, B.W.: Software Risk Management: Principles and Practices. IEEE Software 8,

32 41 (1991)

4. Charette, R.N.: Software Engineering Risk Analysis and Management. Mc Graw-Hill,

New York (1989)

5. Chen, S.M.: Evaluating the Rate of Aggregative Risk in Software Development Using

Fuzzy Set Theory. Cybernetics and Systems: International Journal 30, 57 75 (1999)

A New Fuzzy Risk Assessment Approach 105

6. Conger, S.A.: The New Software Engineering. Wadsworth Publishing Co., Belmont

(1994)

7. Gilb, T.: Principles of Software Engineering Management. Addison-Wesley Publishing

Co., New York (1988)

8. Kaufmann, A., Gupta, M.M.: Introduction to Fuzzy Arithmetic Theory and Applications

Van Nostrand Reinhold, New York (1991)

9. Lee, H.-M.: Applying fuzzy set theory to evaluate the rate of aggregative risk in software

development. Fuzzy sets and Systems 79, 323 336 (1996)

10. Lin, L., Lee, H.-M.: A Fuzzy Assessment Model for Evaluating the Rate of Aggregative

Risk in Software Development. International Journal of Computers 1(3), 43 47 (2007)

11. Sommerville, I.: Software Engineering, 6th edn. Pearson Education Limited, England

(2001)

12. Zadeh, L.A.: Fuzzy Sets. Information and Control 8, 338 353 (1965)

13. Zadeh, L.A.: The Concept of a Linguistic Variable and it s Application to Approximate

Reasoning. Information Sciences 8, 199 249 (I) (1975); 9, pp. 301 357 (II) (1976); pp.

43 58 (III)

14. Zimmermann, H.-J.: Fuzzy Set Theory and Its Applications, Second Revised Edition. Klu-

wer Academic Publishers, Dordrecht (1991)



Contact this candidate