Sep 19, 2009

Conrow and Opportunity Management

There are two kinds of risk managers.  There is the kind who think that risk management is about managing ‘negative’ risks.  Then there are those who think that risk management should include managing ‘positive’ risks.

Briefly, a negative risk is a situation that has undesired impacts on our objectives, while a positive risk is a situation that could potentially have desirable impacts on our objectives.  For the most part, risk management has been about managing negative risks.  People buy fire insurance just in case their house burns down.  Nobody buys insurance just in case their house doesn’t burn down.

Edmund Conrow and Robert Charette has an article in Defense AT&L critical of ‘Opportunity Management’ (PDF link) .  The authors argue that Opportunity Management, or OM, is unnecessary, and will only bring in more trouble than benefits.  The main argument Conrow & Charette make is that the standard processes of project management, risk management, and systems engineering, are enough to ensure that the project takes care of opportunities that present themselves in the course of the execution of the project. Therefore there is no need for a distinct OM.

Before I came across this article, I’ve already come across literature endorsing the inclusion into risk management the management of ‘upside risks’ (opportunities),  but I’ve not come across any literature that purports to advance OM as aggresively as that suggested by Conrow and Charette’s article.   The authors worry about OM IPT’s (Integrated Project Teams) running about looking for opportunities in a projects, and enveloping the whole project team with scope creep.

The Australia Risk Management Standard ANZ 4360:2004 indeed recommends management of positive risks.  Chapman and Ward have also been proponents of this view for many years.  But from what I understand of at least these two sources, the main idea is, as part of risk management, to be prepared in case it is the positive event, rather than the negative event that occurs.  That is, to be prepared to take advantage of the situation. 

Requirements

Craig has posted a taxonomy of requirements on his blog (the taxonomy is Don Firesmith’s not Craig’s). 

I haven’t seen the discussion mentioned in the post, so I don’t know  whether it had any influence on the illustration or is independent of it.  But the nomenclature shown in the illustration, having the format of ‘X requirements’ where X can be anything from ‘Functiona'l’ requirements, ‘Documentation’ requirements, etc. got me thinking. 

A ‘requirement’ is something that someone needs from someone else.  A bit more formally, some entity needs (‘requires’) something from another entity.  When you say ‘maintenance requirements’, ou have to be clear, who is needing these requirements?

Without a clear understanding of who or what that requiree is, you can be assured that the ‘requirement’ will be muddled. 

The diagram shows ‘Documentation Requirement’ in a box.  There is an arrow from that box pointing to a box labeled ‘Product Requirements’.  What does that arrow mean?  Does it mean that documentation requirements are a subset of product requirements? And that as part of delivering the product, documentation should be delivered as well? 

If that is how to interpret the arrow, what does the arrow from ‘Business Requirements’ to ‘Product Requirements’ mean? 

Sep 13, 2009

Concatenation of Risk

Currently reading J. Davidson Frame’s “Managing Risk in Organizations”.  Great example of a seemingly insignificant event cascading into a major headache.  A printing press experiences a fire and will not be able to deliver brochures expected to be that were supposed to come today.  These brochures are needed for a client’s conference in two weeks time. All the arranged plans to sort, label, and send them out have to be replanned.