Toward an effort estimation model for software projects integrating risk

According to a study of The Standish Group International, 44% of software projects cost more and last longer than expected. More accurate the effort estimation is; the better the enterprise gets organized and the more the software project respects the commitments on budget, time and quality. Enhancing the accuracy of effort estimation remains an ongoing challenge to software professionals. Several factors can influence the accuracy of effort estimation, namely the immaterial aspect of information system projects, new technologies and the lack of return on experience. However, the most important factor of cost and delay increase is software risks. A software risk is an uncertain event with a negative consequence on the software project. In this article, we propose a methodology to take into account risk exposure analysis in the effort estimation model. In the literature, this issue is little addressed and few approaches are investigated. In this research work, we first present an overview of these approaches and their limits. Then, we propose an effort estimation model that improves the accuracy of estimation by integrating software risks. We finally apply this model to a case study and compare its results to the results of a classic model.

💡 Research Summary

The paper addresses the persistent problem that a large proportion of software projects exceed budget and schedule, attributing a major cause to unmanaged risk. After reviewing conventional effort‑estimation techniques (function‑point based, parametric models such as COCOMO II, expert judgment, analogy, and machine‑learning approaches) and existing risk‑management frameworks (Boehm, SRE, SERIM, DoD, and the six‑dimensional risk taxonomy of Wallace et al.), the authors propose a systematic process that integrates risk assessment directly into effort estimation. The process consists of four stages: (1) risk identification using Wallace’s exhaustive list, (2) risk analysis to map risks to project phases, (3) risk assessment employing the Department of Defense method, which quantifies each risk by a probability scale and four impact dimensions (technical, schedule, cost, team), and (4) effort estimation where the total risk exposure (sum of probability × impact for all risks) is used as a multiplicative factor on the baseline effort derived from functional size and productivity. The resulting formula is Effort = Base Effort × (1 + α × TotalRiskExposure), with α calibrated from empirical data. A case study on twelve projects from a French software firm demonstrates that the risk‑integrated model reduces mean absolute error by roughly 15 % and improves RMSE compared with standard COCOMO II estimates, especially for projects with high risk exposure. Statistical analysis confirms a significant positive correlation between total risk exposure and actual effort. The authors acknowledge limitations such as the cost of gathering detailed risk data, the subjectivity inherent in expert‑based assessments, and the need to generalize the α coefficient. Future work is suggested to automate risk detection, expand the empirical database, and develop tool support that tightly couples risk management with effort estimation. Overall, the study shows that quantifying risk exposure and embedding it in effort‑estimation formulas can produce more realistic project plans and potentially lower failure rates in software development.