So I got around to reading Waltzing with Bears: Managing Risk On Software Projects by Tom DeMarco and Timothy Lister. They wrote Peopleware, my favorite software-related book ever, so I was bound to get around to it eventually.

They’ve got a whole chapter dedicated to risk discovery - the process whereby you turn your project upset down and shake until all of the risks are on the table. This process can get off to a (good?) start with a group session where participants imagine catastrophic outcomes for the project. You have to get into your nightmare frame of mind. If you’d wake up in a pool of sweat thinking about your project, what the hell would the dream have been about? Once you’ve got a catastrophic outcome, think of scenarios that could make it materialize. The root causes of these scenarios are great inputs into your project’s risk list. Additionally, DeMarco and Lister posit that the following risks belong in the risk list of every new project:

  • Problems that have arisen on past projects
  • The five fundamental risks of all software projects - schedule flaws, requirements inflation, turnover, specification breakdown and under-performance

And best of all, the authors push the blame for late software projects slightly away from developers and just a bit closer to the project managers who feel like the schedule (read deadline) should be based on the most optimistic release date. They call out project managers for keeping good tabs on the small risks - those risks that are easily managed - and neglecting completely the unfortuitous oncoming train. If “It’s okay to to be wrong, but not okay to be uncertain” sounds like the way your shop deals with schedules, you’d do well to pass around some copies of the book .

See also their cutesy uncertainty graphing tool.