Tom DeMarco & Timothy Lister
Dorset House 2003
ISBN 0932633609 (boards)
Buy it from Amazon.com (commission paid)
Buy it from Amazon.co.uk (commission paid)
This interesting little book addresses the important and little-covered (at least, in practical books for industry) topic of managing risk. It is more or less an axiom among requirements people that the main reason for writing requirements is to reduce risk; of course the same justification is given by systems people for the whole systems engineering enterprise. Can everyone be right?
DeMarco and Lister at once identify common risks: schedule flaws, requirements inflation, turnover, specification breakdown, and under-performance. Clearly this isn't a comprehensive list -- such a thing is impossible.
One of the key ideas in the book is the risk or uncertainty diagram: more or less, a histogram showing the relative probability of each of a list of possible outcomes. As the authors explain: "When the thing you're uncertain about has financial significance to your project, its diagram is called a risk diagram." If your project has a 40% chance of being late, it should by rights have a 60% chance of being early (or by some miracle, exactly on time). Yet there are strong prejudices in industry against delivering early - managers are accused of playing the system to make life easy for themselves! To a mathematician, that is obvious madness, as the book makes clear. For if you insist that 99.9% of the distribution is on the late side, well guess what, your project is going to be late. The same goes for any other risk, like being over budget or not delivering the required functionality.
This may seem pretty basic stuff - the proposition that you ought to manage risk seems self-evident to consultants and systems engineers, and indeed when I showed the book to colleagues they groaned and rolled their eyes. But DeMarco and Lister know there is a significant audience out there that doesn't find the message obvious at all.
The book wins the prize for most engaging business book cover and title. Any manager who doesn't think that managing risk on software projects is essential should read this book at once.
The published text is supported by a website that provides various tools and materials referenced in the book, including an Excel-based tool called Riskology. It's at http://www.systemsguild.com/riskology.
© Ian Alexander 2004
You may also like: