Waltzing With Bears: Managing Risk on Software Projects
Tom DeMarco and Timothy Lister
You’ve probably heard of this book, even if you haven’t read it. You’re probably already familiar with a lot of the ideas in this book, even if you haven’t read it. That’s because a lot of the advice in this book has become best practice for risk management.
DeMarco and Lister devote several chapters to convincing you that risk is bad and managing it is good (i.e. will help lead to a successful outcome). I was surprised that they spent so long on what I thought was obvious, but they point out how common ignoring risk is in our field. No one wants to give or receive bad news, and in some corporate cultures it’s not even possible without repercussions.
A good point that the authors spend quite a while on is that a delivery date should not consist of a single date, but rather a probability distribution. This date is at 50% confidence, this date is 80%, and so on. You can treat risk the same way; for example: this risk has a 50% chance of occurring and will have an impact of 2 weeks if it materializes. The book gives some specific examples how to determine reasonable curves for various parts of a project (risk included), and then how to combine curves into the probability for the delivery of the project as a whole.
That is all predicated on the ability to quantify risk and how it will impact the project, and the book offers guidance on how to do this. It also acknowledges that sometimes a company’s culture will prevent the application of these techniques. You have to make do with what you have.
Following from all of this is the interesting idea that you can express commitments as probability distributions. You can then help your stakeholders understand the most likely outcomes of the project, as well as what factors influence those outcomes.