Andrew Sparks Blog on Oracle's site mentioned a book he just read, The Failure of Risk Management. I have not read this book, but the publisher's jacket description and the Amazon reviewers like the book. What struck me as interesting was a comment from a reviewer about the issues with how risk management is performed (as described by the author)
- Subjective scoring methods
- Independent events that create dependencies
- The famous "black swans"
- Empirical risk management
The appears to be a good description of the failings of risk management. My thought was the author and possibly the reviewers have not read other works on risk management. Works used by those accountable for managing engineering and programmatic risks.
Here's a few we use on the programs we work. These guide the "management of risk" in ways that are the source of failure described in the book.
- The DoD 2006 Risk Management Guidebook, 6th Edition (Version 4.0) 4 August 2006.
This site will prompt you to accept a certificate. Go ahead and accept it, it's the US Department of Defense. This is the guidebook for program managers on US DoD programs. Managing Cost, Schedule, and Technical risks is the critical activity for producing a credible Performance Measurement Baseline.
- "An Approach to Technical Risk Management," Richardo Valeridi and Ron Kohl, MIT Systems Engineering Division.
The MIT Systems Engineering Division is a source of guidance for many aspects of systems development. Risk management is a Systems Engineering discipline. This paper is just a sample of the materials available at MIT.
- The Software Engineering Institute has a Risk Management section.
New Directions in Risk: A Success Oriented Approach, Audrey Dorofee and Christopher Alberts, is a good starting point for the framework of how SEI views risk management.
- Mitre Corporation's Systems Engineering Program Office is a good resource for risk and system architecture. Mitre has a Risk Management Toolkit, that can be directly applied to any program. It has an Excel risk management model and a handbook.
- Edmund Conrow's book Effective Risk Management: Some Keys to Success, 2nd Edition, AIAA Press is the corner stone of our risk management approach. If you're going to buy one risk management book, but this one. It's expensive, but it's got everything you'll ever need to be a credible risk manager. This is not a survey book, or a book written for those entering the field. This is a heavy duty technical textbook.
- NASA's Risk Management
- The archive of risk management papers at NASA
- Bayesian Inference for NASA Probabilistic Risk and Reliability Analysis. This is the background material needed to avoid the errors in estimating the risk so commonly found in IT and general environment projects. This is how the "big boys" think about risk.
- Department of Energy Risk Management and the O 413.3-7 Risk Management Guide
- As an example here's guidance for "accelerated path to closure" and the Programmatic Risk processes. I was a participant in the programmatic risk planning for a small section of a Department of Energy Nuclear Weapons plant closure project.
- Aerospace Corporations Risk Management Quick Reference Guide
- "Understanding the Roots of Process Performance Failure," Laura Dwinnel, CrossTalk, April 2004. CrossTalk is a good source of software management information. The items mentioned here need risk mitigation plans.
- Probabilistic Risk Assessment, this is a core manual for anybody working in the technical risk management world.
- RiskWorld
- Risk Doctor
- The Genesis Project Case Study. This is a program I'm familiar with. I was in a briefing room, when the spacecraft crashed in the Utah desert. The colored chart at the end of the presentation is a unique approach to describing the "risk retirement" processes that must be present in any credible project management process.
This is just the tip of the iceberg regarding risk management.
The reviewed book is probably a good starting point for the uninitiated project manager. But there are valuable resources on the web for managing programmatic and technical risks as well.