Managing Risk in Process Evolution

Process Evolution in a Mad World is the title of a paper by James Bach, staff metrics engineer in language quality assurance at Borland, Scotts Valley, CA. In it, he asserts that processes can change and evolve without the aid of a process control authority, through individual action. "Even if we can't get help from management, as long as the environment isn't actively hostile, each of us can individually work toward a better organization," Bach says. "For a dedicated process engineer like me, it's always nice if the organization both desires improvement and commits to working on it. Still, if one or both of these elements is weak or missing, as they usually are, then a risk-based, guerrilla method of evolution can be employed."

Bach asserts that a strategy of risk management can be the most successful in making changes, and that it can occur within a leadership framework, without the need for process control. The usual formula for success in software development is to create the right environment, get the right people, determine the right course of action, and make everyone do it. However, risk management "seeks to optimize resources and maximize flexibility by identifying and prioritizing potential failures and deploying processes, whether controlled or uncontrolled, to the extent necessary to avoid the important failures.

"Think of risk management as the art of protecting the project from failure," Bach says. "At each level, there is a dialog that goes on between risk thinking and success thinking. This often corresponds to an actual conversation between Development and Quality Assurance."

Back can be contacted at (408) 431-1476 or via e-mail at