Risk management is an activity that spans all identify, conceptualize, optimize, and verify/validate Design for Six Sigma (ICOV DFSS) phases. Computers and, therefore, software are introduced into applications for the many advantages that they provide. It is what lets us get cash from an automated teller machine (ATM), make a phone call, and drive our cars. A typical cell phone now contains 2 million lines of software code; by 2010 it likely will have 10 times as many. General Motors Corporation (Detroit, MI) estimates that by then its cars will each have 100 million lines of code. But these advantages do not come without a price. The price is the risk that the computer system brings with it. In addition to providing several advantages, the increased risk has the potential for decreasing the reliability and, therefore, the quality of the overall system. This can be dangerous in safety-critical systems where incorrect computer operation can be catastrophic.

The average company spends about 4%–5% revenue on information technology (IT), with those that are highly IT dependent—such as financial and telecommunications companies—spending more than 10% on it. In other words, IT is now one of the largest corporate expenses outside labor costs. What are the risks involved, and how they can be mitigated?

Governments, too, are big consumers of software. The U.S. government cataloged 1,200 civilian IT projects ...