References on Software Risk Management
• “Managing Risk”, Risk is the theme for entire issue of IEEE Software, May/June 1997.
• “The New Risk Management”, Robert Charette, Cutter Consortium, Executive Report, Business-IT Strategies Advisory Service, Vol. 3, 2000. A 35-page treatise by the Father of RM for software.
• “Risk Management for Software Projects”, Richard Fairley, IEEE Software, May 1994. The best 10 page introduction to the topic.
• “Information Systems and Organizational Change”, Peter Keen, Communications of the ACM, January 1981. For those of you wanting to focus only on technical risk, a primer on customer/organizational risk. For every implementation, expect at least one counter-implementation. An oldie, but a goodie!
• Software Engineering Risk Analysis and Management, Robert Charette, McGraw-Hill, 1989. Not the easiest read, but the most detailed treatment. Really interesting stuff, once you get going.
• Assessment and Control of Software Risks, Capers Jones, Prentice Hall, 1994. Interesting coverage of the most common risks by system type. Stun your boss with amazing statistics!
• Practical Risk Assessment for Project
Management, Stephen Grey, John Wiley & Sons, 1995. A Brit on RM; he is from ICL in
• Rapid Development, Steve McConnell, Microsoft Press, 1996. 650 pages of readable, sensible advice on “taming wild software schedules.” Includes an entire chapter on risk management, and ties it cleanly into his rapid development theme.
• The Deadline, Tom DeMarco,
• Managing Risk, Elaine Hall, Addison Wesley, 1998. Another solid primer on software risk. This also describes in detail the stages of organizational maturity towards risk.
• Critical Chain, Eliyahu Goldratt, The
• Project and Program Risk Management: A Guide to Managing Project Risks and Opportunities, Max Wideman, editor, Project Management Institute, 2001. The folks at PMI have integrated RM into their PMBOK. This is the risk guide in their 9 volume series.
Books on Incrementalism
• Extreme Programming Explained: Embrace
• Planning Extreme
• Principles of
Software Engineering Management, Tom Gilb, Addison-Wesley, Wokingham
• To Engineer is Human: The Role of Failure in Successful Design, Henry Petroski, Barnes & Noble Books, 1982, 1994. Petroski is a professor of civil engineering at Duke. This book is about how real engineers deal to great advantage with real risk. A classic.
• Against the Gods: The Remarkable Story of Risk, Peter L. Bernstein, John Wiley & Sons, 1996. “The revolutionary idea that defines the boundary between modern times and the past is the mastery of risk: the notion that the future is more than a whim of the gods and that men and women are not passive before nature.”
• Total Risk: Nick Leeson and the Fall of Barings Bank, Judith H. Rawnsley, Harper Business, 1995. How does a 28 year old take down a mighty financial institution? One bad bet after another, and nobody bothering to watch! A tangible result of the absence of RM. You just can’t make this stuff up.
• Managing Transitions: Making the Most of Change, William Bridges, Addison Wesley, 1991. Why getting people to change their ways is so darn hard (hint: it is always emotional), and what you can do to help the change happen.
• Warfighting: The
• The Challenger
Launch Decision, Karen Vaughan, U. of
Other Valuable Sources
• IEEE Standard for Software Life Cycle Processes – Risk Management, IEEE Std 1540-2001, www.ieee.org. The accepted process standard from the IEEE.
• Taxonomy Based Risk Identification, Report No. SEI.93-TR-006, www.sei.cmu.edu/publications/documents/93.reports/93.tr.006.html This report includes the SEI risk taxonomy; a risk identification starter kit of some 194 questions.
• Guidelines for Successful Acquisition and Management of Software Intensive Systems, Version 3.0, May 2000, www.stsc.hill.af.mil/resources/tech_docs/gsam2/chap_6.doc
Much more than
just risk management, but a very good job on this topic. Risk management is Chapter 6 of 14. The whole or part set is free for the
• Reports citing Risk Management from DoD Software Acquisition Best Practices Initiative, Software Program Managers Network Website:
We have been active in this initiative being run for the DoD by the Navy. Many interesting (free) handouts covering risk management among others. Risk Radar, a RM tool is free for the download, too.
• Cutter Consortium’s Risk Management Intelligence Network
http://www.cutter.com/risk/index.html Directed by Robert Charette, this pay site has articles, Q&A, and on-going discussion groups.
• Information from B. Boehm at:
• “Identifying Quality-Requirements Conflicts,” Boehm and In, IEEE Software, Vol. 13 No.2, March 1996.
Planning Research Report, published by: Goal/QPC,
• A New American
TQM, Shiba, Graham, and
Walden, Productivity Press,
• Apollo Root Cause Analysis: A New Way of Thinking, Gano et. al., Apollonian Publications, 1999.
• Root Cause Analysis: Simplified Tools and Techniques, Andersen (editor) American Society for Quality, 1999.
• Lateral Thinking: Creativity Step by Step, de Bono, Harper Collins, re-issued 1990.
• Six Thinking Hats, de Bono, Little Brown & Co., paperback, 1999.
• A Whack on the Side of the Head: How You Cab Be More Creative, Von Oech, Warner Books, revised, 1998.
• “A Defined Process for Project Postmortem Review,” Collier, DeMarco, and Fearey, IEEE Software, Vol.13 No. 4, July 1996.
• Project Retrospectives: A Handbook for Team
Reviews, N. Kerth,