Glossary
acceptable risk When you can live with the risk consequence.
anticipation stage The fourth stage of the Risk Management Map, which describes the shift from subjective to quantitative risk management through the use of measures to anticipate predictable risks.
Bayes theorem Determines the probability of event B given new evidence A by the following equation, which reads, “The probability of B given A equals the probability of A given B times the probability of B divided by the probability of A.”
benchmark A reference point or standard by which products, practices, or performance may be judged.
best practice A routine activity that enables excellent performance.
causal analysis Determination of the relation between an effect and its possible causes to get to the root cause of risk.
chaos theory The theory that chaos and uncertainty are a source of market opportunities with competitive advantage.
collaboration Dialogue in working with others to develop a shared understanding.
concern Anxiety, uneasiness, or worry related to a possible bad outcome.
condition The component of a risk scenario that describes the circumstance that enables a future event.
consensus The decision-making process of a mature team that ensures everyone can live with the decision.
consequence The loss of risk occurrence; the effect of an unsatisfactory outcome.
continuous improvement Betterment of an existing product or service.
corrective action Activities required to solve a problem.
cost The cost of risk management is the total investment in resources for risk assessment and risk control. Resources include time spent in risk management meetings, the cost of reporting risk information, and the staff to develop a risk action plan.
cost-benefit analysis Evaluation of the costs and benefits to determine whether the return was worth the investment.
cost avoidance A technique for cost savings that decreases the anticipated cost growth. Cost avoidance is the difference between possible cost without risk resolution and the actual cost with risk resolution.
cost reduction A technique for cost savings that decreases the estimated planned cost. Cost reduction is the difference between planned and actual costs.
cost savings Money or other resources not spent. Cost avoidance and cost reduction are techniques for cost savings.
creative process The transformations required to generate new ideas.
creativity Inventiveness in originating ideas.
creativity theory A theory for generating opportunities that uses knowledge and imagination to develop ideas that are either original (previously unknown) or novel (extensions of known).
crisis management Ad hoc and reactive management that wastes resources, increases cost, and decreases customer satisfaction.
decision The passing of judgment on an issue under consideration.
decision analysis Use of influence diagrams, decision trees, and other techniques to characterize options by their possible outcomes in terms of risk exposure.
decision theory A theory for decision making under conditions of uncertainty that uses probabilities to determine outcomes.
decision tree A risk analysis technique useful in structuring a decision model and showing the details.
discipline A body of theory and technique that must be studied and put into practice to be mastered.
disciplined risk management An approach to assessing and controlling risk by developing the skills to master six disciplines: Envision, Plan, Work, Measure, Improve, and Discover.
Discover A discipline for seeking to know the unknown, identifying uncertainty in the plan and the work, assessing risk and opportunity, understanding the possibilities, and becoming aware of the future.
diversification A policy for risk resolution that reduces risk by distribution of resources.
empowerment Maximizing power and opportunity for success by enabling people.
enigma Information that does not make sense. The information may be mysterious, ambiguous, puzzling, paradoxical, or obscure.
Envision A discipline for transforming ideas into goals and objectives.
estimation An appraisal of the risk probability and consequence.
evaluation An assessment of the options using defined evaluation criteria.
event The component of a risk scenario that describes what must happen for the risk to occur.
evolution A process of gradual growth and change.
external view The part of a process definition that describes the process controls, inputs, outputs, and mechanisms.
force field analysis A technique to understand the positive and negative aspects of change.
formal risk management A practice of assessing and controlling risk throughout the life cycle. Practices include developing a risk management plan, establishing a risk database, defining triggers for metrics-based tracking, allocating resources for risk resolution, and reporting risk status at management reviews.
future awareness To reason about possibilities, both positive (e.g., opportunities) and negative (e.g., risk).
game theory A theory for decision making that uses heuristics to determine which alternatives to explore in large search spaces.
gap analysis Analysis that shows the difference between two variables. Results can be sorted by magnitude of the difference.
gauge A graphic display of a status indicator, a quantitative target, and a threshold warning level.
goal The success criteria, purpose, or aim to be achieved; the criteria for completion, achievement, and success.
IDEF0 A standard process definition notation.
implementation The project methodology and plan used to perform risk management.
Improve A discipline for learning from past experience.
indicator Implies a value without specifying the quantity directly (e.g., the number of complaints is a quality measure that indicates customer satisfaction; the number of function points is a size measure that indicates software complexity). A composite of measurement data that provides information (e.g., planned versus actual cost). Groups of indicators provide visibility into project status.
influence diagram A risk analysis technique useful in structuring a decision model and hiding the details.
infrastructure The organization policy and standards that require the use of risk management on projects.
innovation style An approach to the creative process that is based on individual preferences for thinking; to think of new ideas by envisioning, experimenting, modifying, and exploring.
integrated risk management Performing routine risk management by distribution into regular project activities.
internal view The part of a process definition that describes the activities that transform inputs to outputs.
issue An unresolved matter with possible negative effects.
L2 A notation for risk exposure that measures the risk by multiplying likelihood times loss.
leading indicator An indicator that has predictive capability (e.g., requirements growth may be a leading indicator for software size).
Living Lifecycle Model A tool that predicts project completion using actual measures to update the project cost model.
loss Something lost; a missed opportunity.
Measure A discipline for comparing expected and actual results.
measure A standard unit of measurement to determine the dimensions, quantity, or capacity. Lines of code is a measure of software size. Note that a measure is a standard unit (e.g., lines of code), whereas a metric is a historical composite measurement (e.g., 20 lines of code per day).
measurement process The activities to define, collect, analyze, report, and interpret measurement data and metrics.
methodology A set of methods and underlying principles particular to a branch of knowledge.
metric A historical norm used in planning and scheduling. Metrics are guidelines or rules of thumb that are a composite of measurement data taken over time that are used as standards to measure against. The software productivity metric was 20 lines of code per day. Note that a metric is a historical composite measurement (e.g., 20 lines of code per day), whereas a measure is a standard unit (e.g., lines of code).
mitigation plan An action plan to reduce the probability and/or consequence of a risk.
mitigation stage The second stage of the Risk Management Map, which details the shift from crisis management to risk management.
net income The difference between revenues and expenses that determines the profit, loss, or break-even point.
nominal group technique A consensus-based prioritization scheme used to rank risks.
opportunity The chance of a good outcome.
opportunity cost The loss of a missed opportunity.
opportunity stage The fifth stage of the Risk Management Map, which is a positive vision of risk management that is used to innovate and shape the future.
P2I2 Success Formula The major factors that affect risk management capability: people, process, infrastructure, and implementation.
paradigm shift A change in a pattern of thinking.
Pareto analysis Analysis based on the Pareto principle that 20 percent of the sources cause 80 percent of any problem. The result of Pareto analysis is a Pareto chart that provides focus on key risk areas by showing their relative frequency or risk exposure in a descending bar graph.
Personal Risk Management Matrix Describes an individual’s behavior (with respect to risk) for each discipline in the 6-D Model as an individual progresses through the five stages of the Risk Management Map.
Plan A discipline for mapping available resources to requirements derived from project goals and objectives.
policy An administrative procedure or guiding principle designed to influence people to a particular course of action.
portfolio theory A theory that diversification reduces risk.
prevention stage The third stage of the Risk Management Map, which is a transitional stage where the approach changes from avoidance of risk symptoms to identification and elimination of the root cause of risk.
proactive For action, not reaction; favorably causing action or change.
proactive quality assurance A quality philosophy for problem prevention through use of risk management methods.
proactive risk management Attacking risks; acting to identify, assess, and manage risks to prevent problems and create opportunities.
probability The likelihood of risk occurrence.
probability theory Defines probability as a degree of certainty and uses a quantifiable probability to forecast an outcome.
problem prevention Avoidance of problems to eliminate their result: problem detection cost, rework cost, and opportunity cost.
problem stage The first stage of the Risk Management Map, when risk identification is not seen as positive, and crisis management is used to address existing problems.
project management The management team responsible for the execution of the project; the process of planning, organizing, staffing, monitoring, and controlling a project.
project profile The characteristics of a project that make it unique.
prototyping A technique for reducing risk by buying information (i.e., risk research). Knowledge is gained through creating a physical model without adding the implementation details.
quality assurance The practice of ensuring that quality standards are met.
quality control Methods by which quality is measured, reported, and improved.
quantitative process improvement Numeric perceptions of practice performance and importance that yield objective measures through statistical analysis.
quantitative targets Best-in-class metrics; success criteria expressed quantitatively.
return on investment A ratio of savings to cost used to evaluate the effectiveness of management.
rework The cost of not doing something right the first time.
risk A measure of the probability and consequence of an unsatisfactory outcome.
risk abatement The process of reducing the amount of risk. See risk reduction.
risk acceptance A strategy for risk resolution to choose to live with the risk consequence.
risk action plan The objectives, constraints, and alternatives for risk resolution. The risk action plan documents the selected approach, triggering mechanisms, resources required, approval authority, and resolution results.
risk analysis Estimation and evaluation of risk with respect to its probability of occurrence and consequence at occurrence.
risk assessment A process that identifies, estimates, and evaluates risk based on established criteria and prioritizes the set of risks.
risk attributes Characteristics of probability and consequence that describe a risk.
risk averse A conservative risk attitude with a preference for secure payoffs.
risk avoidance A strategy for risk resolution to eliminate the risk altogether (e.g., no-bid a proposal for a risky fixed-cost project).
risk checklist A list of risk areas that relate to the checklist topic (e.g., a list of items on the critical path can be used to identify schedule risk).
risk context The collateral information that further describes a risk. Supplements the risk statement by describing additional detail surrounding a risk.
risk control The process of developing risk action plans, monitoring risk status, implementing risk action plans, and correcting for deviations from the plan.
risk database The repository of identified risks and associated information.
risk database schema The design of the fields for the risk database.
risk drivers Those variables that cause risk exposure to increase significantly.
risk ethic The rules of conduct that characterize a proper risk management philosophy.
risk exposure The product of risk probability and consequence. See L2.
risk forecast A projection of risk exposure for all risks whose time frames for action are short.
risk identification The process of communicating known risk and sources of risk.
risk index See risk management index.
risk leverage A rule for risk resolution that reduces risk by decreasing the risk exposure. Risk leverage = (Risk exposure(before) – risk exposure(after))/risk resolution cost.
risk list An inventory of active risks.
risk management A general procedure for resolving risk.
risk management capability The range of expected results that can be achieved by implementing a risk management process within an organization.
risk management champion An individual who acts as a change agent to facilitate transfer of risk management technology.
risk management committee A group of people with responsibility for directing risk management activities.
risk management form A mechanism for addressing risk systematically through a fill-in-the-blank template.
risk management index The summation of risk exposure values as a percentage of planned project cost.
Risk Management Map A practical guide to understanding how the major factors of the P2I2 success formula evolve, thereby increasing the ability to manage risk by transitions through five stages: Problem, Mitigation, Prevention, Anticipation, and Opportunity.
risk management plan The documented goals, strategy, and methods for performing risk management.
risk management process A systematic and structured way to manage risks that includes the activities and mechanisms used to transform project knowledge into decision-making information.
risk manager A person with responsibility for coordinating risk management activities.
risk neutral An impartial risk attitude with a preference for future payoffs.
risk planning The process of determining and evaluating alternative approaches to resolving risk and documenting the selection in a risk action plan.
risk practices survey An appraisal method to obtain perceptions of risk management activities.
risk preference Attitude toward risk, categorized as risk averse, risk seeking, or risk neutral.
risk protection A strategy for risk resolution to employ redundancy to mitigate risk (e.g., incorporating a fault-tolerant disk in the system design).
risk reduction A strategy for risk resolution to decrease risk through mitigation, prevention, or anticipation.
risk research A strategy for risk resolution to obtain more information through investigation.
risk reserves A strategy for risk resolution to use contingency funds and built-in schedule slack.
risk resolution Resolving a risk by one or more of the following strategies: acceptance, avoidance, protection, reduction, research, reserves, and transfer.
risk resolution alternatives The set of options that may resolve risk if implemented.
risk resolution cost The cost of implementing the risk action plan.
risk resolution strategy The approach to using acceptance, avoidance, protection, reduction, research, reserves, and/or transfer to resolve risk.
risk scenario The projection of events and conditions that can lead to risk occurrence.
risk seeking A liberal risk attitude with a preference for speculative payoffs.
risk severity Determines relative risk priority by mapping categories of risk exposure against the criteria of time frame for action.
risk statement A concise declaration of risk in a standard notation: Issue • probability • consequence. For example, “Requirements instability • will likely • delay the design review.”
risk status Progress made against a risk action plan.
risk taxonomy A hierarchical classification scheme used as a structured checklist to identify and understand risks.
risk tolerance An input parameter used in sensitivity analysis that determines how risk averse a utility function is. Larger values of risk tolerance mean that an individual can tolerate more risk.
risk tracking The process of monitoring and maintaining risk status.
risk transfer A strategy for risk resolution to shift the risk to another person, group, or organization.
ROI(RM) Risk management return on investment is the ratio of savings to cost that indicates the value of performing risk management.
savings The return for each managed risk. See cost savings.
selection criteria Documented rules for choosing among a set of alternatives.
sensitivity analysis To identify the most critical factors in a decision model. This analysis changes an uncertain variable to its extreme values, while keeping all other variables constant. Tornado diagrams are a graphic representation of sensitivity analysis.
silver bullet A panacea for the software crisis.
simulation A technique for reducing risk by buying information (i.e., risk research). Performance capabilities and limitations are determined through development of an analytic model of system behavior.
Six-Discipline Model A management model based on a requisite set of disciplines required to manage product development successfully. PM-WIDE is an acronym for the six disciplines of Plan, Measure, Work, Improve, Discover, and Envision.
software crisis Problems in the software community that have led to late and over-budget software systems that do not satisfy the intended user community.
software engineering Establishment and use of sound engineering principles in order to obtain an economical, reliable, and efficient computing system.
software measures A dimension, attribute, or amount of some aspect of software; a measured quantity such as earned value.
software process risk A major category of software risk that describes risk associated with the practices used to develop and maintain software.
software product risk A major category of software risk that describes risk associated with the intermediate and final software work products.
software project risk A major category of software risk that describes risk associated with the project constraints.
software risk A measure of the likelihood and loss of an unsatisfactory outcome affecting a software project, process, or product.
software risk management A practice of assessing and controlling risk that affects the software project, process, or product.
Spiral Model A risk-driven life cycle model of software development and maintenance.
standard process A minimum set of procedures defined and approved for use by an organization.
systematic risk management An approach to assess and control risk methodically using a system of checks and balances that perpetuate the process.
tailoring To modify a process, standard, or procedure to match process or product requirements better.
technical performance measures A class of system engineering metrics that describe the quantitative targets for system performance.
Ten-Point Game Plan A procedure that uses a metaphor for playing golf to illustrate how to increase your skill level at managing risk.
threshold A value that defines the inception of risk occurrence. Predefined thresholds act as a warning level to indicate the need for action.
time frame How soon action is required to prevent the risk from occurring.
Top-N Risk List The most significant risks to the software development effort.
trend A time series of metrics data (e.g., the trend in productivity is up from last quarter).
trigger A device to activate, deactivate, or suspend activity (e.g., the trigger activated the risk action plan).
uncertainty That which we do not know; potential outcomes with unknown probabilities of occurrence.
uncertainty theory A theory for decision making that uses probability to model unknown, uncertain, or subjective decision problems.
utility A measure of the consequences of an outcome in valuing risk.
utility function Captures a decision maker’s risk preference.
utility theory A theory for decision making that incorporates risk preference as a decision criterion.
watch items Issues (or risks) that tend to be long term and may be resolved by the normal engineering process.
weighted multivoting A consensusbased prioritization scheme used to rate risks.
Work A discipline for implementing a plan to produce a product.
work breakdown structure A structured hierarchy that organizes project activity (requirements analysis, product design, etc.) down to the level necessary for cost reporting and control.