Waltzing With Bears: Managing Risk on Software Projects

by Tom DeMarco, Timothy Lister

Any software project that's worth starting will be vulnerable to risk. Since greater risks bring greater rewards, a company that runs away from risk will soon find itself lagging behind its more adventurous competition. By ignoring the threat of negative outcomes—in the name of positive thinking or a Can-Do attitude—software managers drive their organizations into the ground. In Waltzing with Bears, Tom DeMarco and Timothy Lister—the best-selling authors of Peopleware—show readers how to identify and embrace worthwhile risks. Developers are then set free to push the limits. You'll find that risk management * makes aggressive risk-taking possible
* protects management from getting blindsided
* provides minimum-cost downside protection
* reveals invisible transfers of responsibility
* isolates the failure of a subproject. Readers are taught to identify the most common risks faced by software projects: * schedule flaws
* requirements inflation
* turnover
* specification breakdown
* and under-performance. Packed with provocative insights, real-world examples, and project-saving tips, Waltzing with Bears is your guide to mitigating the risks—before they turn into problems.

Genres: Management, Business, Software, Nonfiction, Programming, Computer Science, Leadership

196 pages, Paperback

First published January 1, 2003

About the author

Tom DeMarco is the author of fifteen books, including five novels, a collection of short stories and the rest business books. His most recent work is a seemingly jinxed love story, The One-Way Time Traveler.



Before that he wrote Dark Harbor House, and before that Slack and Peopleware and The Deadline.

Reviews

[Denis Vasilev · Rating 5 out of 5]

Отличное введение в управление рисками в разработке ПО. Пересмотрел свои взгляды на многое в оценке сроков проектов. Рекомендую.

[Jean Tessier · Rating 4 out of 5]

The guys from Peopleware are at it again. This time, they tackle the management attitude that plays the ostrich and keeps its head in the sand, denying reality instead of facing it. They are making a case for knowing what risks lie ahead, how to notice them, and how to prepare for their possible occurrence.

In their usual style, the authors keep things light and simple, yet offer quick and easy rules to get you going. The book is peppered with anecdotes taken from their professional experience. You can start applying the advice from the book immediately and get results right away.

Their approach to quantifying risk through simulation has its detractors (see reader comments on Amazon), but I think the very simple act of listings the risks and their associated contingencies (what to do when a risk manifests itself) and mediation (preparation ahead of time) are already a big step forward from mere wishful thinking. It helped me keep some of these risks in mind and stay on the lookout for their manifestation. I, too, would question a proposition that says: the math for this is too complicated for you, but trust our handy little Excel spreadsheet. But the book is still very much worth the read and contains a lot of fair advice.

[Paolo Bizzarri · Rating 4 out of 5]

Very good book. Lots of interesting advices on risk management for software projects.
A bit outdated, since now many of the practices are part of the standard for software industry, but very good otherwise.

[Alexey · Rating 5 out of 5]

Добротная книжка. Доступно изложено и полезно.

[Richard Wu · Rating 3 out of 5]

Found this book lying around the office. Picked it up - quick read, clear language. The theory (first half) is more interesting than the suggested praxis (second half).

A major weakness of the book is its complete failure to address Parkinson's Law, which was proposed in 1955, is a legitimate phenomenon, and undermines large swathes of the proposals laid here. I find it hard to believe that the authors, being seasoned experts in management science, were unaware of its existence, and thus charge them with the sin of avoidance, described on page 63: "You avoid a risk when you don't do the project or the part of the project that entails the risk."

That being said, even if you're not a software project manager, I think risk management is a useful framework for your personal life as its principles make intuitive sense. It might not be a bad idea to give the first half a whirl.

P.S. William Kingdon Clifford's essay, The Ethics of Belief, in Appendix A was quite good. Here it is, in its entirety.

Quotes
"A risk is a problem that has yet to occur, and a problem is a risk that has already materialized.” [p.17]

“The opposite of risk management is reckless management. It makes your organization all offense and no defense. Your only winning strategy with that combination is to catch every conceivable lucky break. When luck becomes an integral part of your strategy, you know you’re in trouble.” [p.34]

[Tomas Urbonaitis · Rating 5 out of 5]

Great book on project risk management - I wish more managers would read it AND use ideas expressed here in practice. The only issue, that I have, is that it relies quite heavily on upfront planning (although it stresses the importance of incremental delivery) - but I guess it is a necessity, if you want to manage risks, as opposed to "just do it and see how it goes".

[Michał Węgrzyn · Rating 5 out of 5]

I usually devour books like that, but this title made me change my tactics. I was deliberate in reading only a few pages since this book is full of great insights and I wanted to spend more time and meditate on the most important topics. Great read.

[John · Rating 2 out of 5]

I was hopeful after Peopleware, but they lost me pretty early with "get a copy of our project management spreadsheet". Consultants and optimists!

[Maurice · Rating 4 out of 5]

Ein unterhaltsam und lehrreiches Buch, das das Thema des Risikomanagements spielerisch aus der Ecke der "Fachidiotie" entfernt und in praktische jedoch professionelle Alltagspraxis für Beruf und Privatleben übersiedelt.

Das hintere Drittel des Buches ist auf das Teilgebiet der Softwareentwicklung spezialisiert, das für mich keine Verwendung hatte, aber dennoch gut geschrieben ist.

Herzliche Empfehlung an alle die Risiken in ihrem Leben und Projekten ein wenig systematischer angehen wollen - anstatt sie z.B. zu ignorieren.

[Christoph Kappel · Rating 3 out of 5]

This is a tough one to rate. The whole topic is kind of interesting with lots of funny anecdotes and real world stories, but there is a BUT:

There are lots if diagrams (which took me a bit time to understand) and many formal rules how to do risk management, mitigation and so on, but still I'd like to see a real world example. Just to keep funds and people at the ready is a weird approach.

So I enjoy examples how to make an unrelated diagram about running like any of you, but something real-worldy would be nice.

[Sergey Kuntsevich · Rating 5 out of 5]

Простым доступным языком объясняется суть довольно сложной темы - управления рисками. Автор предлагает метод и инструменты, а также список литературы для более глубокого изучения вопросов. Как сказал один уважаемый мною руководитель проектов:"Это настольная книга по управлению рисками, которая должна быть у каждого руководителя проектов". Целиком и полностью согласен с данным утверждением.

[Askorbinka · Rating 4 out of 5]

вдарим по классике. чувствуется, что написано в эпоху глубокого вотерфолла

[Edward · Rating 5 out of 5]

Interesting materials on the first half of the book

[Aleksey Abramov · Rating 4 out of 5]

Classic

[Waldemar Neto · Rating 3 out of 5]

Good read with great real-life examples but seems like most of the concerns have been addressed by the Agile era.

[Sant · Rating 3 out of 5]

Учимся находить и управлять рисками

[André · Rating 3 out of 5]

EINFÜHRENDES RISIKO-MANAGEMENT-BUCH

...mit interessanten Ideen, z.B. Fertigungstermine als Wahrscheinlichkeitskurve (Risikodiagramm) statt als Datum mitzuteilen.

1. Das Buch ist DeMarco-typisch runtergeschrieben, seine Leser hätten nur "Zeit für ein flott geschriebenes Buch, das sie im Flugzeug lesen können". Trotzdem sind die Inhalte nicht beliebig, im Wesentlichen läuft alles auf die 'Monte-Carlo-Risikosimulation' als numerisches Verfahren zur 'Risikoaggregation' zu (Gesamtrisiko und relative Bedeutungen von Einzelrisiken).

2. Nicht finden wird man eine systematische Unterteilung & Erklärung von Risiken - beispielsweise in Geschäfts- bzw. Projekt-, Prozess- und Produktrisiken analog zur (nicht-erwähnten) Einflusskette: Geschäftsqualität -++-> Prozessqualität -++-> Produktqualität.

3. Dünn sind demnach praktische Infos zur Risiko-Identifizierung, bei der man die oben genannten Risikobereiche weiter aufschlüsseln und zum Beispiel nach Trends untersuchen könnte, um Hinweise auf flexiblere Systemteile zu erhalten, SPoFs sucht, Annahmen umdreht usw.

4. DeMarcos Buch enthält allerdings Formularvorlagen für die Risiko-Dokumentation, die mir für die Alltagspraxis zu bürokratisch sind – jedenfalls bei kleinen und mittleren Projekten. Unabhängig von der Projektgröße sind Überlegungen zu möglichen Problemen und deren Vermeidung zwar immer sinnvoll: eine große Risikomatrix mit Post-Its oder geeignete Software find ich dafür aber brauchbarer als 40+ Formulare, die sich keiner mehr anguckt.

[Dario · Rating 3 out of 5]

Basic risk management introduction for IT projects, that challenges the delusionary optimistic can do mantra of so many companies. It is very useful to become aware of technical risks and the importance to raise them early and manage them, along with a number of approaches to minimise those risks. Also acquiring the basic risk management vocabulary helps understand the problems from the business perspective and helps us technical people be better aligned with the company objectives (i.e. financial success, sustainable growth).
By uncovering the reasons why people choose more or less consciously to NOT manage risks, the author sheds a light onto some of the dysfunction of a typical IT organisation.
The prescriptive part (a risk management process) is more useful to managers, however, it was interesting to note that no such process was used at all in any of the companies I worked for in the past.

[Wendy · Rating 3 out of 5]

Has some interesting observations about why nearly all software projects run late, and why most organizations do a terrible job at managing risk. It also presents a model for estimating risks and their probable impact to your project schedule - which seems like it ought to be very useful, but I haven't figured out how to put it into any sort of practice in my own projects. Part of the issue is that the model assumes that you have a pretty good method in place for estimating how long things ought to take in the best case scenario, and just getting those basic estimates is still something I have a great deal of trouble with.

I'm going to come back to this book and read it again after I've brushed up on some more basic project management and schedule estimating skills. I expect that then I might get more out of it.

[Chris · Rating 4 out of 5]

Good but not as good as Peopleware, this book talks frankly about managing risk in intellectual projects with unflinching honesty, and does a lot to attack various corporate cultures where downplaying and minimizing risks takes hold, putting blinders on everyone and often leading to disaster.

A lot of this stuff is intuitive and can basically be boiled down to saying "Oh for heaven's sake, just use your brain and apply real world thought to business decisions" which sadly, often needs saying. And repeating.

[Evan Leybourn · Rating 4 out of 5]

Too many organisations to not understand how to identify, treat and mitigate risks. And those that do, often overcompensate. Waltzing with Bears takes readers on a journey of risk and risk management in a very entertaining and enlightening way. My only criticism of the book; in many places Tom doesn't support his statements with sufficient evidence. Any much of the evidence that is put forward in anecdotal, qualitative or statistically insignificant.

That being said, I would recommend this book to any new software or project manager.

[Andriy · Rating 3 out of 5]

I've read this book in connection with work-related stuff (pushing my little project at work) - I found this book more honest on dirty-laundry of software projects than usual books on project management. But here and there it was not enough for my needs, hence if you are new to software/systems project management and looking for more information - READ this book BUT don't stop on it, look for other books too.

[Bjørn Taranger · Rating 3 out of 5]

The book argues the case that software projects need to address the risks associated with the project in a structured an methodical manner. Risks are always present, and those that you ignore will occasionally hit you hard.

I find the basic premise of the book quite convincing and relevant. I also believe that some of the practical steps recommended in the book have been superseded by the agile methodologies that are dominating the field nowadays.

[Johnny · Rating 5 out of 5]

A quick read on managing risks you should not miss. Tom DeMarco and Timothy Lister put the important aspects in a little book that is not going to bore you with much theory. If you want to go deeper in the theoretical fundaments, then you find all the references you need. If you don’t want to go down that rabbit hole, you can follow along and get a well written explanation on what you should look out for, how to gather risks and what your job is to manage them.

[Marcin · Rating 5 out of 5]

Wow! This book talks so perfectly well about risk and uncertainty and exposes why we don't do it on IT projects and what are the repercussions. DeMarco and Lister really understand how and why agile works and this was in 2003. Most organisation as still way behind their thinking.

[Oleksandr · Rating 1 out of 5]

Книга хорошо раскрывает беспорядки в управлении (и не только управлении) при создании программного обеспечения. Дает хорошее описание и резонные практические советы по управлению рисками. Начиная с основ "что вообще такое, этот ваш риск?" до эффективных способов их устранения.

Рекомендую.

[Sergey Zubov · Rating 4 out of 5]

The first half of the book that contains common information about risk management is great. But the second one that teaches how risk management should be performed seems a bit outdated. If you aren't a big fan of waterfall-like processes, you'd better skip the second part.

[Bobby Ratliff · Rating 3 out of 5]

Intersection of corporate culture and project management. In your company is it safe to talk about risks in a realistic way? DeMarco and Lister examine failed projects and techniques to manage risk better.

[Lachlan · Rating 5 out of 5]

An amazing book on software risk management.

[Sean]

NULL