A Comprehensive Examination of Risk Management Practices Throughout the Software Development Life Cycle (SDLC): A Systematic Literature Review

Abstract

Risk management in the software development lifecycle (SDLC) is a continuous process that addresses risks throughout a system's lifecycle, including acquisition, development, maintenance, or operation. Despite its importance, ineffective risk management practices can lead to project failures, impacting organizations financially and reputationally. Therefore, there is a need for a systematic understanding of risk management practices in SDLC. This study conducts a Systematic Literature Review (SLR) related to risk management activities performed by previous research during the SDLC. The SLR method combines Kitchenham with the toll-gate method to select literature for use. This SLR aims to investigate activities in traditional waterfall and agile development processes, which will be mapped into risk management activities in SDLC according to ISO 16085:202. Additionally, the review highlights the challenges encountered in implementing risk management in the SDLC process, including project complexity, adherence to policies and standards, lack of communication, lack of resources, and organizational culture.