Software Risk Management

Building and maintaining software is a risky business. Since software permeates and controls so much of the present-day enterprise (and its products), delay, cost excess, and failure to fulfill a command, can have far-reaching consequences. A common response to such risk is to ignore it completely. We justify this as "positive approach," the heart and soul of a Can-Do management philosophy. But when real risks turn into real problems and throw our projects down in flames, we can see that our past "positive approach" was little more than repudiation. There should be a better way. Planning the core activities, the must-be-dones of software development, is an essential but not sufficient beginning. Given that projects never run just exactly as the optimal plan, we need Risk Management as well. Risk Management is project management for adults. It keeps your attention focused constructively on the very characteristics that, if overlooked, could lead to disastrous collapse of the project. A policy of risk aversion guides us to become more and more efficient and to avoid things that are less and less worth doing. The projects that yield real benefit are destined to be full of risk. Running away from risk will not prove to be useful instead we need to school ourselves to run toward it, but very, very cautiously. As high benefit endeavors are always risky, we have to make ways to find out the lurking risks, estimate their effect, optimize our response, and keep an eye on the changes. These are the vital skills of Risk Management.