How We Approach Risk
Everyone involved in software development, acquisition, or management talks about “risk”— trouble is, everyone means something different by it. Many kinds of risk—and not all of them are negative—can affect your project, program, or business. With so many questions and variables, how do you make sense of it all?
Start by understanding that risk may include not only obstacles to success, but also goals, business or success drivers, opportunities, assurance, and security. Risk can relate to situations with people, tools and techniques, and processes.
The types of risk you face may differ depending on your role in the software process. Management risks—at the project, program, or organizational level—may be related to cost, schedule, quality, scope, capability, operational effectiveness, interoperability, integration, or technical readiness levels. Acquisition risks may relate to buying software (adopt-before-we-buy or buy-before-we-create situations) or buying services (distributed teams, virtual organizations, or supply chain risks). Development risks may relate to any point in the lifecycle—new development, migration, evolution, or technology insertion—or to the type of system being engineered.
Development approaches also carry their own potential risks, which may be mitigated by using proven methods in architecture, reuse, systems of systems (SoS), or model-based engineering.
There are also a number of ways to address risk. One way is to define a risk process: identify risks; mitigate their impact; create a contingency plan; measure using leading indicators, red-yellow-green stoplights, or dashboards; monitor and manage; escalate; and audit. Another way is to create a risk culture through workforce development, policy, and governance. Approaches may be either broad or deep—to diagnose the situation or to recommend specialty treatment.
By partnering with the SEI, you will have the opportunity to
