A Tweet caught my eye this weekend
Before moving to risk let's look at what Agile is
Agile development is a phrase used in software development to describe methodologies for incremental software development. Agile development is an alternative to traditional project management where emphasis is placed on empowering people to collaborate and make team decisions in addition to continuous planning, continuous testing and continuous integration.
Next the notion that Agile is actually risk management is very misunderstood. Agile provides raw information for risk management, but risk management has little to do with what software development method is being used. The continuous nature of Agile provides more frequent feedback on the state of the project. That is advantageous to risk management. Since Agile mandates this feedback on fine grained boundaries - weeks not months - the actions in the risk management paradigm below are also fine grained.
Where Does Risk Come From?
All risk comes from uncertainty. Uncertainty comes in two types. (1) Aleatory (naturally occurring in the underlying process and therefore irreducible) and (2) Epistemic (a probability that something unfavorable will happen).
Risk results from uncertainty. To deal with the risk from Aleatory uncertainty we can only have margin, since the resulting risk is irreducible. This is schedule margin, cost margin, and product performance margin. This type of risk is just part of the world we live in. Natural variances in the work performed developing products needs margin. Natural variances in the performance is a server's throughput needed margin.
We can deal directly with the risk from Epistemic uncertainty by buying down the uncertainty. This is done with experiments, trials, incremental development and other risk reduction activities that lower the uncertainty in the processes.
By the way many use the notion that risk is both positive and negative. This is not true. It's a naive understanding of the mathematics of risk processes. PMI does this. It is not allowed in our domain(s).
Agile and Incremental Delivery
There is a popular myth in the agile community that they have a lock on the notion of incremental delivery. This is again not true. Many product development lifecycles use incremental and iterative processes to produce products. Spiral development, Integrated Master Plan/Integrated Master Schedule, Incremental Commitment. All applicable to Software Intensive Systems and System of Systems domains, like Enterprise ERP.
Managing in the Presence of Uncertainty and the Resulting Risk
Here's how we manage SIS and SoS in the presence of uncertainty.
Without that connection it just ain't true.
- DOD Risk Management Guide V7
- Software Engineering Risk Management
- Risk Happens
- Making Hard Decisions
- Effective Opportunity Management for Projects
- Effective Risk Management: Some Keys to Success
- Technical Risk Management
- Project Risk Management: Process, techniques and Insights
- Managing Risk: Methods for Software Systems Development
- SEI: Continuous Risk Management
And a short white paper on Risk Management in Enterprise IT