Risk Assessment

Risk Assessment

The risk in the process of Preliminary Analysis are misunderstandings because misunderstanding the user requirements can lead to incorrect design which can cause system instability and poor data integrity. It potentially interrupts the Business Process.

The iterative process of presenting one's understanding of the user requirements to the stakeholders and acquiring their feedback also serves the purpose of revealing misunderstandings to be able to resolve them before application development or procurement starts.

Misunderstandings can stem from a lack (or incorrectness) of information or the misinterpretation of acquired information. In the following, the different causes that can lead to either type of misunderstanding are described which need to be taken into consideration during the process of Preliminary Analysis:

Lack or Incorrectness of Domain Knowledge

Although all necessary information ideally should have been gathered, it is not unlikely that relevant information has been overlooked or is incorrect leading to a faulty understanding of the Business Process and User Requirements. A lack or incorrectness of domain knowledge can have different causes: Inadequate Source, Improper Documentation and Unconsidered System Dependency.

Inadequate Source

Inadequate Source refers to the wrong choice of source material, e.g. by deriving information from an outdated book or webpage (or in this context: outdated documents). Another common example is to ask the wrong person. To obtain a complete and accurate understanding of a domain one needs to ask an expert that is qualified to explain information about this specific domain, e.g. Information Security. However, when it comes to obtain a realistic understanding of user experience, it is more adequate to not choose an expert but to choose people who will use the application. A non-expert may not think of all relevant information whereas an expert may not be able to provide detailed information on a hands-on level.

So it needs to be checked which information is derived from which source and to validate if the source is fitting or sufficient to provide this information. If it is unfitting or insufficient, the information needs to be verified by adequate sources. Generally, the information recorded in existing documentation needs to be verified.

Improper Documentation

Improper Documentation refers to the lack of recorded information. For example, a specific information has been obtained during an interview with a user but it has not been written down. The information would rely on the memory of the interviewer and the interviewed who may forget the information or remember it incorrectly. That is why it is important to always note down relevant information and if possible, all information, so that any reference can be traced back to its original source. In the case of interviews, it is also possible to save a recording of the interview instead of noting everything down if both the interviewer and interviewed consent to it.

Improper documentation also includes the unsafe storage of information, e.g. information noted on a piece of paper that can be easily lost as opposed to digital notes. But also digital notes can be stored in an unsafe way, so one should make sure that relevant information is always stored on a platform that is sufficiently being backed up.

Unconsidered System Dependency

Unconsidered System Dependency refers to the impact a system has on other systems. In this case, it would be the Business Process (or the application to be utilized in the business process) affecting other processes within the organization or outside of it. It could be that the interdependency of the Business Process with another one has been overlooked. Or it could be that it was not relevant in the current Business Process but is relevant in the re-designed one. That is why it is important to identify all relevant entities that are directly or indirectly affected by the proposed Business Process and to seek feedback from people who are responsible for those entities.

Misinterpretation of Multi-source Information

Assuming that all relevant domain knowledge has been considered, obtained and stored, it could be the case that some of the information is misinterpreted. Even if all information that has been gathered is correct, it is not unlikely that they are connected in the wrong way, especially because the information is gathered from multiple sources.

Assumptions

The task of the System Analyst is to use the gathered information to conceptualize a solution that would improve the current Business Process in regards to the Business Goals. In other words, the task is to derive a relatively small set of requirements from a relatively big amount of information which necessitates the categorization of information, the summarizing of interrelated information, the omission of redundant information and the deduction of required information. These procedures, however, are not the same as obtaining factual information as it was done in the Information Analysis step. They are derived by means of abstraction and creativity, thus, rather than facts, they can be considered as theories or hypotheses. Theories and hypotheses are closely related to assumptions, with the only difference being that the first are based on facts and logic, which makes them harder to check for incorrectness than facts. Although the System Analyst tries to base their conclusions on facts and logic to the best of their ability, they still remain hypotheses and thus require a verification to be able to clearly distinguish them from baseless assumptions.

There is also a high risk that an assumption has been made subconsciously. For example, when it is assumed that a party agrees because every other party has agreed even though that party has never been asked directly. Assumptions can also come from a subconscious bias, e.g. the preference to use a certain software because one has a programming background even though the software may be problematic for people without programming background. Generally, assumptions can result from a known or unknown lack of knowledge.

Language

Another issue that can cause a misinterpretation of information is a misunderstanding on language level. The documented information may be correct in its content but the words used to describe that content may be interpreted differently by different people. For example, the System Analyst may use a word in a context that is also used in the Business User’s context but the same word has a different meaning in each context. So when a note from a user interview contains this word, the System Analyst may interpret it in the wrong context. It can also happen the other way around where the System Analyst is using the word in a question trying to obtain information about a certain concept but the Business User is describing a different phenomenon because the same word is used for both. That is why it is important to verify how everyone understands a specific term and if possible, document which terms have which meaning in a given context, e.g. in the form of definitions in the introduction or appendix of a document.