Index

acceptable risk, 5, 9–10, 30, 39, 48, 68, 137, 185, 359

action matrix, 139–140

Adams, Scott, 271

Air Force Institute of Technology (AFIT), 171

Air Force Systems Command (AFSC), 11

Allen, Louis A., 121

American National Standards Institute (ANSI), 44, 199

American Society for Quality Control (ASQC), 199

Apple Computer, 13

Arrow, Kenneth, 343

Augustine, Norman, 209

awareness

future, 15–20, 23, 209, 239, 361

past, 16–19

personal, 18–20

Bayes, Thomas, 5

benchmark, 14–15, 112, 264, 358, 359

Bernoulli, Daniel, 4

Bernstein, Peter, 4, 135

Boehm, Barry, 10

Bryan, William Jennings, 211

business process reengineering (BPR), 5

Carson, Johnny, 183

Charette, Robert, 53

continuous improvement, 12, 15–17, 51, 56, 273–274, 276, 286, 360

corrective action, 15, 44, 62, 68, 95, 136–137, 139, 141, 144–145, 185, 196–198, 265–266, 327, 334, 339–341, 360

cost-benefit analysis, 45, 185, 360

cost model, 90, 126, 156, 216, 334, 341

COCOMO, 328, 336–339

Covey, Stephen R., 51

creativity, 141, 185, 211, 258, 360

crisis management, 58, 185, 269, 360

Crosby, Phil, 51, 215

Quality Management Maturity Grid, 51

Davis, Wynn, 29, 165

Defense Logistics Agency (DLA), 195–196

Defense Systems Management College (DSMC), 10–11

DeMarco, Tom, 327

Deming, W. Edwards, 12–15, 18, 24, 193

chain reaction, 13

PDCA cycle, 13, 357

Department of Defense (DoD), 10–11, 43, 112, 128, 197, 199

Descartes, René, 343

discipline, 3, 13–20, 22, 24, 47, 59, 325, 341, 357, 360

diversification, 6, 47, 108, 115–116, 152, 185, 361

Eastwood, Clint, 151

Einstein, Albert, 3

Electronic Industries Association (EIA), 43

empowerment, 42, 168, 352–354, 361

estimation, 6, 33, 87, 92, 103, 185, 247, 361

evaluation, 81, 87, 103, 185, 247, 258, 305, 361

criteria, 68, 81, 89–91, 93, 100–102, 222, 247, 258, 296, 313, 315

Federal Aviation Administration (FAA), 113

Feigenbaum, A. V., 193

Gates, Bill, 15–16

General Electric, 116, 142

Gilb, Tom, 307

Goal/Question Metric (GQM), 128–129

Gorsuch, Tom, 19

Hall, Edward, 142

Harris Corporation, 29

Herrmann, Ned, 19

Herrmann Brain Dominance Instrument, 19

whole brain theory, 19

high-performance team, 166–169, 180

Hill, Napoleon, 201

Howard, Vernon, 69

Humphrey, Watts, 18, 51, 231

indicator, 16, 82, 121–122, 124, 126–129, 131–132, 137, 145, 340, 351, 362

leading, 121, 126, 362

innovation, 16, 141, 145, 157–158, 362

Institute of Electrical and Electronics Engineers (IEEE), 43–44, 174

integrated product team (IPT), 41, 43, 107, 157, 318, 323

International Council on Systems Engineering (INCOSE), 43, 128, 174

International Standards Organization (ISO), 43–44, 195–199, 274, 309

interview script, 80–81

Jobs, Steven, 13

Kennedy, John F., 141

Kodak, 277

L², 4, 23, 362 (see risk exposure)

Level 6 Software, 335

learning, 183

individual, 47, 186–187, 190–191

organizational, 47, 153

Living Lifecycle Model, 126, 327, 334–336, 338–339, 341, 362

Lockheed Martin, 126

McKain, Robert J., 221

measure, 14–16, 20–21, 23, 58, 68, 108–109, 121–126, 128–129, 132, 140, 190, 196, 201–202, 232–233, 236, 262–263, 327, 331, 341, 358, 362

measurement, 112, 128, 185, 262

limitations of, 262

measurement process, 128, 262, 327, 333, 340–341, 362

metric, 14–15, 59, 68, 108–109, 112, 122–126, 128–129, 132, 140, 183, 185, 187–188, 196, 205, 207, 213, 232, 262, 327, 331, 333–334, 341, 358, 362

risk forecast, 185, 263, 365

risk index, 125, 129, 185, 263–264, 333–334, 365

ROI_(RM), 45, 129, 143, 185, 263–265, 351, 355, 358, 367

Microsoft, 15–16

mitigation plan, 318–319, 324, 363 (see risk action plan)

Mosemann, Lloyd K., 69

Motorola, 272

Six Sigma, 272, 274

Napoleon, 1

National Aeronautics and Space Administration (NASA), 113, 160

Nightingale, Earl, 107

opportunity, 3–4, 9–10, 13–16, 18, 22–24, 36, 57, 59, 67, 140, 177, 185, 215, 270, 343, 348, 349–350, 357–358, 363

opportunity cost, 9, 57, 59, 138, 185, 363

P²I² Success Formula, 1, 29–31, 47, 55, 57, 357, 363

implementation, 30–32, 45–48, 55–57, 63, 150, 209–267, 357, 361

infrastructure, 30–31, 42–45, 47–48, 55–56, 63, 149–208, 357, 362

people, 30–38, 47–48, 55, 57, 63, 269–355, 357

process, 30–31, 39–41, 47–48, 55–56, 63, 67–147, 357

paradigm shift, 57, 59, 363

Pascal, Blaise, 4

Personal Risk Management Matrix, 59–60, 64, 363

Personal Software Process, 18, 186

Peters, Tom, 269

policy, 30, 32, 42–43, 48, 56, 63, 91, 107, 149, 151–163, 212, 214, 216, 223, 363

Practical Software Measurement (PSM), 128–129

prioritization scheme

nominal group technique (NGT), 102, 258, 299, 310, 363

weighted multivoting, 102, 368

proactive quality assurance, 194, 198, 363

problem prevention, 10, 68, 137–138, 185, 259, 325, 364

process definition notation, 70, 88, 108, 122, 136, 166, 172–173, 180

3R’s, 173–174, 180

ETVX, 173, 180

IDEF, 70, 88, 108, 122, 136, 172–173, 180, 215, 361

process improvement, 12, 51, 102, 165, 178, 196, 263, 277–279, 286, 324, 332, 354

project management, 11, 33, 44, 126, 156, 174, 194, 213–214, 216, 221–222, 225, 240, 265, 294–295, 297, 318–320, 324, 331, 344–345, 364

project profile, 78–79, 241, 293, 364

prototyping, 114, 135, 138, 328–329, 346, 364

quality, 11, 13, 15, 33, 41, 43, 54, 59, 61, 70, 88, 108, 115, 122, 128, 136, 166, 179, 184, 193–195, 199, 215, 257, 271, 277, 282, 286, 309, 324, 332, 344

quality assurance, 7, 33, 43, 193–195, 197–199, 217, 236, 271, 282, 284, 303, 364

quality control, 193, 252, 364

quality management techniques

affinity diagram, 278

brainstorming, 74, 171, 309, 348

consensus process, 159, 166–168, 171, 175, 240, 309, 360

Delphi process, 309

problem-solving process, 167, 310

purpose hierarchy, 171, 175, 180

quantitative process improvement (QPI), 202, 364

quantitative targets, 68, 82, 109–110, 112, 124, 126, 130–131, 185, 222, 364

reengineering, 13, 17

return on investment (ROI), 16, 42, 45, 129, 143–145, 215, 263, 332, 339–341, 364

cost, 45, 82, 129, 143–144, 264, 351, 360

savings, 45, 82, 129, 137–138, 143–144, 264, 347, 351, 354, 360, 367

avoidance, 143–144, 348, 351, 353, 360

reduction, 143–144, 348–349, 351, 353, 360

risk, 1, 3–16, 20–24, 34, 36, 40–42, 44, 48, 51, 55, 57, 59, 62, 74–75, 82, 92, 100, 121, 128–129, 142, 144, 156–159, 174–175, 180, 183–185, 211, 214–215, 231, 239, 245, 253, 257, 315, 343, 348, 357, 364

consequence (loss), 4, 7, 8–10, 20–23, 40–41, 44, 55, 58, 63, 72–75, 82, 87, 89–90, 92, 100–101, 112–114, 125, 129, 137–138, 145, 185–186, 205, 212, 214, 239, 245–247, 259, 262–263, 295, 318, 351, 360, 362

probability (likelihood), 4, 6–7, 9–10, 21, 23, 35, 40, 55, 58, 72–74, 82, 87, 89–90, 92, 100–101, 114, 122, 124–125, 129, 144, 156, 185, 212, 214, 239, 245–247, 262–263, 295, 318, 351, 363

risk abatement, 11, 364

risk action plan, 9, 40, 44, 55, 67–68, 82, 107, 109–111, 115–117, 121, 123–126, 129–130, 132, 136–141, 144–145, 185, 232–233, 236, 240, 260–262, 265–266, 299, 305, 329, 332, 353, 364

risk analysis techniques, 87, 90–91, 93, 102–103, 364

causal analysis, 95, 103, 185, 309, 359

fishbone diagram, 31, 95

five whys, 91, 95

decision analysis, 95, 103, 360

decision tree, 6, 37, 91–92, 96, 360

influence diagram, 91–92, 95–96, 362

force field analysis, 35–36, 48, 361

gap analysis, 96–97, 103, 361

radar chart, 97–98

Pareto analysis, 97–98, 103, 363

bar chart, 99, 316

sensitivity analysis, 98–100, 103, 367

tornado diagram, 99–100

risk appraisal survey, 73–74, 233, 240–241

risk attributes, 73–74, 84, 92, 245, 254, 364

risk category, 82, 89, 98, 129, 246–248, 251, 253, 263

risk checklist, 68, 71–73, 75, 78, 84, 185, 223–224, 226, 243, 365

risk context, 68, 71–72, 75, 82, 87–91, 93, 108, 185, 248, 251, 365

risk database, 47, 68, 71–72, 81–82, 89–90, 109–110, 123, 129, 137–138, 159, 162, 185, 196, 223–224, 226–228, 232–233, 236, 241–242, 247, 330, 332

schema, 82, 84, 365

risk drivers, 90–91, 102, 185, 246, 365

risk ethic, 59, 149, 151–152, 161, 365

risk exposure, 4, 23, 41–42, 57, 67, 87–90, 92–93, 98, 103, 115, 124–125, 128–129, 144, 185, 247, 263, 265, 334, 341, 365

risk leverage, 58, 108, 114–117, 129, 185, 215, 218, 260–261, 263–264, 365

risk list, 68, 89–90, 108–110, 185, 232, 236, 244, 248, 254, 365

candidate list, 243–244, 254

watch list, 196, 319, 321, 324, 368

risk management approach, 46, 224, 228, 365

disciplined, 46–47, 224, 228, 361

integrated, 46, 224, 228, 362

proactive, 46, 184–185, 224, 228, 328, 363

systematic, 46, 224, 228, 367

risk management capability, 1, 30–31, 47–48, 52–56, 62–64, 186, 202, 357, 365

advanced, 61

beginner, 61

expert, 61, 185, 217, 224, 269

intermediate, 61

novice, 61, 185, 224, 269

risk management form, 47, 68, 71–73, 82–83, 84, 223–224, 226–227, 233, 240, 247, 319, 324, 332, 365

Risk Management Map, 1, 51–55, 57, 62–63, 206, 357, 365

Anticipation, 53, 57–59, 63, 270, 327–341, 357, 359

Mitigation, 53, 57–58, 63, 269, 289–305, 357, 363

Opportunity, 53, 57, 59, 63, 270, 343–354, 357, 363

Prevention, 53, 57–58, 63, 269, 307–326, 357, 363

Problem, 53, 57–58, 63, 269, 271–287, 357, 364

stage transition, 53, 54, 57

risk management organization, 42, 330

risk management champion, 29, 317, 324, 341

risk management committee, 329, 332–333, 341, 365

risk manager, 62, 217, 317, 320, 324–325, 366

risk review board, 329, 341

risk management plan, 30, 32, 43, 45–47, 52, 56, 68, 70–71, 88–89, 107–109, 122–123, 136–137, 149, 159, 162, 185, 193–194, 196, 198–199, 209–210, 213, 215–217, 221–228, 239, 258, 365

risk management process, 5, 11–12, 30, 32, 35, 39–41, 45, 47–48, 56, 67–69, 78, 144, 149, 166, 169, 171, 178, 180, 184, 190, 206, 214, 222–223, 226, 231–232, 234–235, 260, 262, 299, 317, 319, 321, 324–325, 327, 329, 358, 365

analyze risk, 40, 55, 63, 67–68, 87–105, 223, 233, 263

identify risk, 39–40, 55, 63, 67–86, 223, 233, 263

plan risk, 40, 56, 63, 67–68, 107–119, 223, 233, 263

resolve risk, 40, 56, 63, 67–68, 135–147, 223, 233, 263

track risk, 40, 56, 63, 67–68, 121–133, 223, 233, 263

risk mitigation, 308

contingency, 58, 310

risk practices survey, 201–206, 321–324, 366

risk preference, 32, 36–39, 91, 100, 185, 366

averse, 7, 38, 99–100, 131, 364

neutral, 7, 38–39, 366

seeking, 7, 38, 366

risk resolution alternatives, 110–111, 117, 258, 266, 366

risk resolution cost, 115, 129, 351, 366

risk resolution strategy, 10, 82, 108–112, 116–117, 135, 159, 259–261, 264, 266, 276, 366

acceptance, 110–112, 117, 261, 364

avoidance, 110–111, 113, 117, 261, 364

protection, 110–111, 113, 117, 261, 366

reduction, 110–111, 114, 117, 261, 366

research, 110–111, 114, 117, 135, 260–261, 366

reserves, 110–111, 114, 117, 261, 366

transfer, 110–111, 114, 117, 261, 366

risk scenario, 68, 107, 109–111, 116–118, 122–124, 132, 185, 258–259, 366

risk severity, 93, 108, 129, 247, 265, 366

risk statement, 68–69, 71–73, 75, 81–82, 84, 88–89, 93, 185, 232, 236, 240–242, 246–248, 251, 366

risk status, 5, 40, 55, 67–68, 121–124, 132, 137, 140, 196, 262, 266, 366

risk tolerance, 22, 99–100, 366

Rockefeller, John D., 67

Roosevelt, Theodore, 257

Schrage, Michael, 142

Schwartz, David Joseph, 149

selection criteria, 68, 108–111, 115–117, 260, 367

silver bullet, 51, 116, 367

simulation, 6, 74, 135, 138, 156, 261, 265, 367

Six-Discipline (6-D) Model, 1, 3, 12–20, 22, 24, 47, 59, 357, 367

Discover, 13–18, 20, 22, 24, 47, 224, 239, 244, 347, 361

Envision, 13–14, 16–20, 24, 47, 224, 361

Improve, 13–15, 17–18, 20, 24, 47, 224, 362

Measure, 13–15, 17–20, 24, 47, 224, 362

Plan, 13–14, 16–20, 24, 47, 224, 363

Work, 13–20, 24, 47, 224, 368

Socrates, 183

software crisis, 3, 367

Software Engineering Institute (SEI), 8, 11, 33–34, 75–79, 81, 98, 129, 152, 156, 165, 240, 246, 264, 272, 274, 277, 281, 292, 298, 300

Capability Maturity Model (CMM), 12–15, 29, 32, 51–52, 129, 142, 174, 195, 197–199, 272, 275, 277, 283, 285, 310

Continuous Risk Management (CRM), 77

risk management paradigm, 11, 293

Software Risk Evaluation (SRE), 77, 293

software risk taxonomy, 8, 11, 75–77, 80–81, 98, 240, 246, 293–295, 297, 313–314

Taxonomy Based Questionnaire (TBQ), 11, 79, 240

Team Risk Management (TRM), 77

Software Program Manager’s Network (SPMN), 11

Airlie Software Council, 11

formal risk management, 11, 361

Project Control Panel, 126–128

software risk, 3, 7–8, 20–21, 23, 29, 30, 33, 36, 41, 47, 52–53, 56, 72, 136, 217, 239, 253, 266, 367

software risk management, 1, 3, 8–10, 23–24, 29, 155–156, 158, 253, 266, 300, 347, 350, 353, 357, 367

risk assessment, 5, 7, 11, 33–35, 40, 44, 46–47, 67–68, 71–73, 78–82, 84, 99, 111, 159–160, 162, 184–185, 190, 196, 212, 214–215, 233, 239–256, 258, 264, 289, 291–299, 301–302, 305, 307, 313–314, 324, 328, 330–331, 364

risk control, 5, 40–41, 46–47, 67, 96, 185, 212, 255, 257–267, 302, 305, 307

Spiral Model, 10, 23, 308, 320, 367

Win Win, 320

standard process, 40–41, 56–57, 63, 149, 165–182, 209, 226, 231–237, 367

tailoring, 40, 56–57, 209, 226, 231–237, 305, 358, 368

waiver form, 235

statement of work (SOW), 212–213, 216, 272, 275–276, 286

Tandem, 113

Taylor, David, 173

technical performance measures (TPM), 125, 157, 368

Ten-Point Game Plan, 61–62, 368

Texas Instruments (TI), 126 theory

Bayes theorem, 5, 7, 359

chaos theory, 5, 7, 359

creativity theory, 5–7, 360

decision theory, 6–7, 360

game theory, 6–7, 361

portfolio theory, 6–7, 363

probability theory, 4, 6–7, 363

uncertainty theory, 6–7, 368

utility theory, 4, 6–7, 22, 368

threshold, 40, 67–68, 82, 107, 109–112, 117, 122–126, 129, 131–132, 185, 196, 368

time frame, 73, 82, 88, 90, 93, 100–101, 111, 129, 138, 247, 260–261, 263, 306, 368

Top-N Risk List, 93–94, 110, 243, 253, 263, 368

government, 244, 248–250, 254

industry, 244, 250–252, 254

total quality management (TQM), 5, 272, 309, 350

train risk technology, 56, 63, 149, 183–191

delivery, 188–190

evaluation, 189

feedback, 189–190

material, 184–185, 187, 190

metrics, 187–190

preparation, 184, 190

techniques, 187

trigger, 67–68, 82, 108–109, 112, 121–126, 130–132, 137–138, 145, 185, 261, 327, 331, 334, 368

elapsed time, 125, 130, 132

periodic event, 125, 130, 132

relative variance, 125, 130, 132

threshold value, 125, 131–132

Turing, Alan, 19

Turing machine, 19, 357

utility function, 7, 99, 185, 368

Van Doren, Charles, 289, 327

Van Scoy, Roger, 87

work breakdown structure (WBS), 75, 77–78, 84, 216, 243, 247, 368