风险管理:软件开发的当前和未来发展

时间:2023-01-17 11:19:23

Am new to Software Project Management and currently doing some research on Risk Management in S'ware Development. Just interested in knowing what are the current methods applied and any future trends to come. Thnx

是软件项目管理的新手,目前正在进行一些关于S'ware开发风险管理的研究。只是想知道当前采用的方法是什么以及未来的趋势。日Thnx

3 个解决方案

#1


There are so many Risks associated with the average software project that any "risk management strategy" is at best window dressing and at worse gives a false sense of well being.

与普通软件项目相关的风险太多了,任何“风险管理策略”最好是装饰窗户,更糟糕的是给人一种虚假的幸福感。

For some time now I have been convinced that (as there are relatively much fewer of them!) its much better to concentrate on the factors that will make a project a success.

一段时间以来,我一直相信(因为它们相对少得多!)更好地专注于使项目成功的因素。

  • Does the business really want/need it -- is your project sponser sane?
  • 企业是否真的需要/需要它 - 您的项目是否合理?

  • The right people -- do you have good developers with the right attitude?
  • 合适的人 - 你是否拥有正确态度的优秀开发人员?

  • Clear and sensible requirments -- does the project brief make sense to you?
  • 明确而明智的要求 - 项目简介对您有意义吗?

  • Tight Schedules -- is the project due for delivery in the next twelve months?
  • 紧急时间表 - 该项目是否将在未来12个月内交付?

  • Acheivable Schedules -- is it possible to deliver within the next twelve months?
  • 可行的时间表 - 是否可以在未来十二个月内交付?

  • Is it based on standard proven technoligy -- not just the latest buzzwordware?
  • 它是基于标准的经过验证的技术 - 而不仅仅是最新的buzzwordware?

If the answer to any of the above questions in "no" then you may as well can the project now and save everybodys time and money.

如果上述任何一个问题的答案都是“否”,那么你现在也可以进行项目,并节省每个人的时间和金钱。

They are all equally important, but the timescale one is often neglected. Most projects which take longer than 18 months will be cancelled before completion, regardless of the excellence of the team or the implementation. The requirments will change, the business will run out of money, the management strategy will change, you will be taken over by a competitor etc. etc. a lot can happen in eighteen months.

它们都同样重要,但时间尺度通常被忽略。大多数需要超过18个月的项目将在完成之前取消,无论团队的卓越性或实施情况如何。要求将会改变,业务将耗尽资金,管理策略将发生变化,您将被竞争对手等接管。很多事情可能会在18个月内发生。

#2


A popular method used by many project managers of my acquaintance is to ensure that every risk is written down as accurately and fully as possible in a RISK LOG and then stored in a sharepoint document library never to be seen again except perhaps briefly as they float out of the effluent pipe and drift on out to sea.

我认识的许多项目经理使用的一种流行方法是确保在风险日志中尽可能准确,完整地记录每个风险,然后将其存储在一个永远不会被再次看到的sharepoint文档库中,除非它们浮出水面出水管和漂流到海上。

#3


We use risk management fairly heavily. For us, it's a way to document communication up the internal food chain, mostly about external difficulties. We have a formal in-house, self-made web tool that lets us:

我们相当大地使用风险管理。对我们来说,这是记录内部食物链沟通的一种方式,主要是关于外部困难。我们有一个正式的内部自制网络工具,可以让我们:

  • document the risk as an if/then statement
  • 将风险记录为if / then语句

  • note the anticipated impact in terms of cost, schedule and quality
  • 注意成本,进度和质量方面的预期影响

  • create mitigations - general strategies for coping with the risk. Ignoring is an acceptable strategy if the anticipated impact and probability are low enough.
  • 制定缓解措施 - 应对风险的一般策略。如果预期的影响和概率足够低,忽略是一种可接受的策略。

  • create actions - documentation of concrete action to prevent the risk that have already been taken
  • 创造行动 - 具体行动的文件,以防止已经采取的风险

The risks, mitigations and actions are then updated and reviewed at Engineering Status Meetings (ESR) every other month. If something goes really off the rails on the project, the ESRs get more frequent as management "helps".

然后每隔一个月在工程状态会议(ESR)更新和审查风险,缓解和行动。如果项目真的脱离了轨道,那么随着管理“帮助”,ESR会变得更加频繁。

The risks are proposed by the front-line managers - in our project, that's me - the software task manager. We're the ones who see something that could potentially derail our ability to complete on time. Then our project management and engineering management see it.

风险由一线经理提出 - 在我们的项目中,就是我 - 软件任务经理。我们是那些看到可能会破坏我们按时完成的能力的人。然后我们的项目管理和工程管理人员看到它。

I found it was a pretty good venue for getting management help for external factors. Risks have included:

我发现这是获得外部因素管理帮助的好地方。风险包括:

  • Critical problems with tools supported by our IT department that aren't getting addressed in a timely manner
  • 我们的IT部门支持的工具的关键问题没有得到及时解决

  • Problems with other components on other contracts with which we integrate
  • 与我们整合的其他合同中的其他组件的问题

  • Problems with not getting a key deliverable from our customer
  • 无法从我们的客户获得关键交付的问题

  • Areas of profound technical uncertainty - they can't always be fixed, but at least management knows that there's some stuff we're dealing with.
  • 技术不确定性很大的领域 - 它们不能总是被修复,但至少管理层知道我们正在处理的是一些东西。

Risks stay in the database forever, so they serve as a historical documentation that something was brought to managements attention. At the very least, they are a CYA (cover your a**) procedure - but with our management, they are also a tool for working together to fix a problem. - often with the assistance of upper management leverage. Several of the attendees at ESRs are people with some vast experience at managing technical teams, who tend to be able to offer good suggestions.

风险永远存在于数据库中,因此它们可以作为历史文档,将某些内容引入管理层的注意力。至少,它们是一个CYA(涵盖你的**)程序 - 但在我们的管理层,它们也是一起工作来解决问题的工具。 - 经常在高层管理人员的帮助下。 ESR的一些与会者是在管理技术团队方面具有丰富经验的人,他们往往能够提供好的建议。

There is definitely some political savvy required. For us, it has to be technical - but you don't want to highlight problems with individual people. Unless you want to highlight a lack of people or a lack of people with sufficient experience/knowledge. My preference is to keep it externally focused most of the time, and manage the team problems personally and quietly with limited help from my managment.

肯定需要一些政治头脑。对我们来说,它必须是技术性的 - 但你不想强调个别人的问题。除非你想强调缺乏人或缺乏足够经验/知识的人。我的偏好是在大多数时间保持外部关注,并在我的管理有限的帮助下亲自和安静地管理团队问题。

#1


There are so many Risks associated with the average software project that any "risk management strategy" is at best window dressing and at worse gives a false sense of well being.

与普通软件项目相关的风险太多了,任何“风险管理策略”最好是装饰窗户,更糟糕的是给人一种虚假的幸福感。

For some time now I have been convinced that (as there are relatively much fewer of them!) its much better to concentrate on the factors that will make a project a success.

一段时间以来,我一直相信(因为它们相对少得多!)更好地专注于使项目成功的因素。

  • Does the business really want/need it -- is your project sponser sane?
  • 企业是否真的需要/需要它 - 您的项目是否合理?

  • The right people -- do you have good developers with the right attitude?
  • 合适的人 - 你是否拥有正确态度的优秀开发人员?

  • Clear and sensible requirments -- does the project brief make sense to you?
  • 明确而明智的要求 - 项目简介对您有意义吗?

  • Tight Schedules -- is the project due for delivery in the next twelve months?
  • 紧急时间表 - 该项目是否将在未来12个月内交付?

  • Acheivable Schedules -- is it possible to deliver within the next twelve months?
  • 可行的时间表 - 是否可以在未来十二个月内交付?

  • Is it based on standard proven technoligy -- not just the latest buzzwordware?
  • 它是基于标准的经过验证的技术 - 而不仅仅是最新的buzzwordware?

If the answer to any of the above questions in "no" then you may as well can the project now and save everybodys time and money.

如果上述任何一个问题的答案都是“否”,那么你现在也可以进行项目,并节省每个人的时间和金钱。

They are all equally important, but the timescale one is often neglected. Most projects which take longer than 18 months will be cancelled before completion, regardless of the excellence of the team or the implementation. The requirments will change, the business will run out of money, the management strategy will change, you will be taken over by a competitor etc. etc. a lot can happen in eighteen months.

它们都同样重要,但时间尺度通常被忽略。大多数需要超过18个月的项目将在完成之前取消,无论团队的卓越性或实施情况如何。要求将会改变,业务将耗尽资金,管理策略将发生变化,您将被竞争对手等接管。很多事情可能会在18个月内发生。

#2


A popular method used by many project managers of my acquaintance is to ensure that every risk is written down as accurately and fully as possible in a RISK LOG and then stored in a sharepoint document library never to be seen again except perhaps briefly as they float out of the effluent pipe and drift on out to sea.

我认识的许多项目经理使用的一种流行方法是确保在风险日志中尽可能准确,完整地记录每个风险,然后将其存储在一个永远不会被再次看到的sharepoint文档库中,除非它们浮出水面出水管和漂流到海上。

#3


We use risk management fairly heavily. For us, it's a way to document communication up the internal food chain, mostly about external difficulties. We have a formal in-house, self-made web tool that lets us:

我们相当大地使用风险管理。对我们来说,这是记录内部食物链沟通的一种方式,主要是关于外部困难。我们有一个正式的内部自制网络工具,可以让我们:

  • document the risk as an if/then statement
  • 将风险记录为if / then语句

  • note the anticipated impact in terms of cost, schedule and quality
  • 注意成本,进度和质量方面的预期影响

  • create mitigations - general strategies for coping with the risk. Ignoring is an acceptable strategy if the anticipated impact and probability are low enough.
  • 制定缓解措施 - 应对风险的一般策略。如果预期的影响和概率足够低,忽略是一种可接受的策略。

  • create actions - documentation of concrete action to prevent the risk that have already been taken
  • 创造行动 - 具体行动的文件,以防止已经采取的风险

The risks, mitigations and actions are then updated and reviewed at Engineering Status Meetings (ESR) every other month. If something goes really off the rails on the project, the ESRs get more frequent as management "helps".

然后每隔一个月在工程状态会议(ESR)更新和审查风险,缓解和行动。如果项目真的脱离了轨道,那么随着管理“帮助”,ESR会变得更加频繁。

The risks are proposed by the front-line managers - in our project, that's me - the software task manager. We're the ones who see something that could potentially derail our ability to complete on time. Then our project management and engineering management see it.

风险由一线经理提出 - 在我们的项目中,就是我 - 软件任务经理。我们是那些看到可能会破坏我们按时完成的能力的人。然后我们的项目管理和工程管理人员看到它。

I found it was a pretty good venue for getting management help for external factors. Risks have included:

我发现这是获得外部因素管理帮助的好地方。风险包括:

  • Critical problems with tools supported by our IT department that aren't getting addressed in a timely manner
  • 我们的IT部门支持的工具的关键问题没有得到及时解决

  • Problems with other components on other contracts with which we integrate
  • 与我们整合的其他合同中的其他组件的问题

  • Problems with not getting a key deliverable from our customer
  • 无法从我们的客户获得关键交付的问题

  • Areas of profound technical uncertainty - they can't always be fixed, but at least management knows that there's some stuff we're dealing with.
  • 技术不确定性很大的领域 - 它们不能总是被修复,但至少管理层知道我们正在处理的是一些东西。

Risks stay in the database forever, so they serve as a historical documentation that something was brought to managements attention. At the very least, they are a CYA (cover your a**) procedure - but with our management, they are also a tool for working together to fix a problem. - often with the assistance of upper management leverage. Several of the attendees at ESRs are people with some vast experience at managing technical teams, who tend to be able to offer good suggestions.

风险永远存在于数据库中,因此它们可以作为历史文档,将某些内容引入管理层的注意力。至少,它们是一个CYA(涵盖你的**)程序 - 但在我们的管理层,它们也是一起工作来解决问题的工具。 - 经常在高层管理人员的帮助下。 ESR的一些与会者是在管理技术团队方面具有丰富经验的人,他们往往能够提供好的建议。

There is definitely some political savvy required. For us, it has to be technical - but you don't want to highlight problems with individual people. Unless you want to highlight a lack of people or a lack of people with sufficient experience/knowledge. My preference is to keep it externally focused most of the time, and manage the team problems personally and quietly with limited help from my managment.

肯定需要一些政治头脑。对我们来说,它必须是技术性的 - 但你不想强调个别人的问题。除非你想强调缺乏人或缺乏足够经验/知识的人。我的偏好是在大多数时间保持外部关注,并在我的管理有限的帮助下亲自和安静地管理团队问题。