Risk and Uncertainty are an integral part of all decision-making processes for non-trivial work. The decision-making process involves a set of actions and outcomes, each of which associated with them a probability or a statistical process. All risk comes from uncertainty. Uncertainty comes in two forms.
- Epistemic uncertainty that creates reducible risk. Epistemic risk is handled with risk buy down activities.
- Aleatory uncertainty that creates irreducible risk. Aleatory risk is handled with margin.
The magnitude of the risk is determined by its character (reducible or irreducible), the extent of the risk (size and impact) and the timing (period of exposure).
In all cases of Risk Management, estimates are needed of the attributes, impacts, and outcomes, since uncertainty creates risk, and uncertainty is not certain but probabilistic or statistical - NOT deterministic.
Risk Management is How Adults Manage Projects - Tim Lister
Risk management means making Estimates. If you're not estimating, then you're not managing risk. And if you're not managing risk, you're not managing your customer's money as an Adult.
As I was told by the Business Manager of a multi-billion space flight program when I was on the Internal Surveillance Team (a nice term for Audit),
What's the difference between our current program and the Boy Scouts?
The Boy Scouts have adult supervision.
So when you don't estimate - in some way - you've ignored the basic principles of business management, managerial finance, probabilistic decision-making and microeconomics of software development AND the basic principles of Scouting.
