acceptable risk, 5, 9–10, 30, 39, 48, 68, 137, 185, 359
action matrix, 139–140
Adams, Scott, 271
Air Force Institute of Technology (AFIT), 171
Air Force Systems Command (AFSC), 11
Allen, Louis A., 121
American National Standards Institute (ANSI), 44, 199
American Society for Quality Control (ASQC), 199
Apple Computer, 13
Arrow, Kenneth, 343
Augustine, Norman, 209
awareness
future, 15–20, 23, 209, 239, 361
past, 16–19
personal, 18–20
Bayes, Thomas, 5
benchmark, 14–15, 112, 264, 358, 359
Bernoulli, Daniel, 4
Boehm, Barry, 10
Bryan, William Jennings, 211
business process reengineering (BPR), 5
Carson, Johnny, 183
Charette, Robert, 53
continuous improvement, 12, 15–17, 51, 56, 273–274, 276, 286, 360
corrective action, 15, 44, 62, 68, 95, 136–137, 139, 141, 144–145, 185, 196–198, 265–266, 327, 334, 339–341, 360
cost-benefit analysis, 45, 185, 360
cost model, 90, 126, 156, 216, 334, 341
Covey, Stephen R., 51
creativity, 141, 185, 211, 258, 360
crisis management, 58, 185, 269, 360
Quality Management Maturity Grid, 51
Defense Logistics Agency (DLA), 195–196
Defense Systems Management College (DSMC), 10–11
DeMarco, Tom, 327
Deming, W. Edwards, 12–15, 18, 24, 193
chain reaction, 13
Department of Defense (DoD), 10–11, 43, 112, 128, 197, 199
Descartes, René, 343
discipline, 3, 13–20, 22, 24, 47, 59, 325, 341, 357, 360
diversification, 6, 47, 108, 115–116, 152, 185, 361
Eastwood, Clint, 151
Einstein, Albert, 3
Electronic Industries Association (EIA), 43
empowerment, 42, 168, 352–354, 361
estimation, 6, 33, 87, 92, 103, 185, 247, 361
evaluation, 81, 87, 103, 185, 247, 258, 305, 361
criteria, 68, 81, 89–91, 93, 100–102, 222, 247, 258, 296, 313, 315
Federal Aviation Administration (FAA), 113
Feigenbaum, A. V., 193
Gates, Bill, 15–16
Gilb, Tom, 307
Goal/Question Metric (GQM), 128–129
Gorsuch, Tom, 19
Hall, Edward, 142
Harris Corporation, 29
Herrmann, Ned, 19
Herrmann Brain Dominance Instrument, 19
whole brain theory, 19
high-performance team, 166–169, 180
Hill, Napoleon, 201
Howard, Vernon, 69
indicator, 16, 82, 121–122, 124, 126–129, 131–132, 137, 145, 340, 351, 362
innovation, 16, 141, 145, 157–158, 362
Institute of Electrical and Electronics Engineers (IEEE), 43–44, 174
integrated product team (IPT), 41, 43, 107, 157, 318, 323
International Council on Systems Engineering (INCOSE), 43, 128, 174
International Standards Organization (ISO), 43–44, 195–199, 274, 309
interview script, 80–81
Jobs, Steven, 13
Kennedy, John F., 141
Kodak, 277
L2, 4, 23, 362 (see risk exposure)
Level 6 Software, 335
learning, 183
individual, 47, 186–187, 190–191
Living Lifecycle Model, 126, 327, 334–336, 338–339, 341, 362
Lockheed Martin, 126
McKain, Robert J., 221
measure, 14–16, 20–21, 23, 58, 68, 108–109, 121–126, 128–129, 132, 140, 190, 196, 201–202, 232–233, 236, 262–263, 327, 331, 341, 358, 362
measurement, 112, 128, 185, 262
limitations of, 262
measurement process, 128, 262, 327, 333, 340–341, 362
metric, 14–15, 59, 68, 108–109, 112, 122–126, 128–129, 132, 140, 183, 185, 187–188, 196, 205, 207, 213, 232, 262, 327, 331, 333–334, 341, 358, 362
risk index, 125, 129, 185, 263–264, 333–334, 365
ROI(RM), 45, 129, 143, 185, 263–265, 351, 355, 358, 367
Microsoft, 15–16
mitigation plan, 318–319, 324, 363 (see risk action plan)
Mosemann, Lloyd K., 69
Motorola, 272
Napoleon, 1
National Aeronautics and Space Administration (NASA), 113, 160
Nightingale, Earl, 107
opportunity, 3–4, 9–10, 13–16, 18, 22–24, 36, 57, 59, 67, 140, 177, 185, 215, 270, 343, 348, 349–350, 357–358, 363
opportunity cost, 9, 57, 59, 138, 185, 363
P2I2 Success Formula, 1, 29–31, 47, 55, 57, 357, 363
implementation, 30–32, 45–48, 55–57, 63, 150, 209–267, 357, 361
infrastructure, 30–31, 42–45, 47–48, 55–56, 63, 149–208, 357, 362
people, 30–38, 47–48, 55, 57, 63, 269–355, 357
process, 30–31, 39–41, 47–48, 55–56, 63, 67–147, 357
Pascal, Blaise, 4
Personal Risk Management Matrix, 59–60, 64, 363
Personal Software Process, 18, 186
Peters, Tom, 269
policy, 30, 32, 42–43, 48, 56, 63, 91, 107, 149, 151–163, 212, 214, 216, 223, 363
Practical Software Measurement (PSM), 128–129
prioritization scheme
nominal group technique (NGT), 102, 258, 299, 310, 363
weighted multivoting, 102, 368
proactive quality assurance, 194, 198, 363
problem prevention, 10, 68, 137–138, 185, 259, 325, 364
process definition notation, 70, 88, 108, 122, 136, 166, 172–173, 180
IDEF, 70, 88, 108, 122, 136, 172–173, 180, 215, 361
process improvement, 12, 51, 102, 165, 178, 196, 263, 277–279, 286, 324, 332, 354
project management, 11, 33, 44, 126, 156, 174, 194, 213–214, 216, 221–222, 225, 240, 265, 294–295, 297, 318–320, 324, 331, 344–345, 364
project profile, 78–79, 241, 293, 364
prototyping, 114, 135, 138, 328–329, 346, 364
quality, 11, 13, 15, 33, 41, 43, 54, 59, 61, 70, 88, 108, 115, 122, 128, 136, 166, 179, 184, 193–195, 199, 215, 257, 271, 277, 282, 286, 309, 324, 332, 344
quality assurance, 7, 33, 43, 193–195, 197–199, 217, 236, 271, 282, 284, 303, 364
quality control, 193, 252, 364
quality management techniques
affinity diagram, 278
brainstorming, 74, 171, 309, 348
consensus process, 159, 166–168, 171, 175, 240, 309, 360
Delphi process, 309
problem-solving process, 167, 310
purpose hierarchy, 171, 175, 180
quantitative process improvement (QPI), 202, 364
quantitative targets, 68, 82, 109–110, 112, 124, 126, 130–131, 185, 222, 364
return on investment (ROI), 16, 42, 45, 129, 143–145, 215, 263, 332, 339–341, 364
cost, 45, 82, 129, 143–144, 264, 351, 360
savings, 45, 82, 129, 137–138, 143–144, 264, 347, 351, 354, 360, 367
avoidance, 143–144, 348, 351, 353, 360
reduction, 143–144, 348–349, 351, 353, 360
risk, 1, 3–16, 20–24, 34, 36, 40–42, 44, 48, 51, 55, 57, 59, 62, 74–75, 82, 92, 100, 121, 128–129, 142, 144, 156–159, 174–175, 180, 183–185, 211, 214–215, 231, 239, 245, 253, 257, 315, 343, 348, 357, 364
consequence (loss), 4, 7, 8–10, 20–23, 40–41, 44, 55, 58, 63, 72–75, 82, 87, 89–90, 92, 100–101, 112–114, 125, 129, 137–138, 145, 185–186, 205, 212, 214, 239, 245–247, 259, 262–263, 295, 318, 351, 360, 362
probability (likelihood), 4, 6–7, 9–10, 21, 23, 35, 40, 55, 58, 72–74, 82, 87, 89–90, 92, 100–101, 114, 122, 124–125, 129, 144, 156, 185, 212, 214, 239, 245–247, 262–263, 295, 318, 351, 363
risk action plan, 9, 40, 44, 55, 67–68, 82, 107, 109–111, 115–117, 121, 123–126, 129–130, 132, 136–141, 144–145, 185, 232–233, 236, 240, 260–262, 265–266, 299, 305, 329, 332, 353, 364
risk analysis techniques, 87, 90–91, 93, 102–103, 364
causal analysis, 95, 103, 185, 309, 359
decision analysis, 95, 103, 360
decision tree, 6, 37, 91–92, 96, 360
influence diagram, 91–92, 95–96, 362
force field analysis, 35–36, 48, 361
radar chart, 97–98
Pareto analysis, 97–98, 103, 363
sensitivity analysis, 98–100, 103, 367
tornado diagram, 99–100
risk appraisal survey, 73–74, 233, 240–241
risk attributes, 73–74, 84, 92, 245, 254, 364
risk category, 82, 89, 98, 129, 246–248, 251, 253, 263
risk checklist, 68, 71–73, 75, 78, 84, 185, 223–224, 226, 243, 365
risk context, 68, 71–72, 75, 82, 87–91, 93, 108, 185, 248, 251, 365
risk database, 47, 68, 71–72, 81–82, 89–90, 109–110, 123, 129, 137–138, 159, 162, 185, 196, 223–224, 226–228, 232–233, 236, 241–242, 247, 330, 332
risk drivers, 90–91, 102, 185, 246, 365
risk ethic, 59, 149, 151–152, 161, 365
risk exposure, 4, 23, 41–42, 57, 67, 87–90, 92–93, 98, 103, 115, 124–125, 128–129, 144, 185, 247, 263, 265, 334, 341, 365
risk leverage, 58, 108, 114–117, 129, 185, 215, 218, 260–261, 263–264, 365
risk list, 68, 89–90, 108–110, 185, 232, 236, 244, 248, 254, 365
watch list, 196, 319, 321, 324, 368
risk management approach, 46, 224, 228, 365
disciplined, 46–47, 224, 228, 361
proactive, 46, 184–185, 224, 228, 328, 363
risk management capability, 1, 30–31, 47–48, 52–56, 62–64, 186, 202, 357, 365
advanced, 61
beginner, 61
expert, 61, 185, 217, 224, 269
intermediate, 61
risk management form, 47, 68, 71–73, 82–83, 84, 223–224, 226–227, 233, 240, 247, 319, 324, 332, 365
Risk Management Map, 1, 51–55, 57, 62–63, 206, 357, 365
Anticipation, 53, 57–59, 63, 270, 327–341, 357, 359
Mitigation, 53, 57–58, 63, 269, 289–305, 357, 363
Opportunity, 53, 57, 59, 63, 270, 343–354, 357, 363
Prevention, 53, 57–58, 63, 269, 307–326, 357, 363
Problem, 53, 57–58, 63, 269, 271–287, 357, 364
risk management organization, 42, 330
risk management champion, 29, 317, 324, 341
risk management committee, 329, 332–333, 341, 365
risk manager, 62, 217, 317, 320, 324–325, 366
risk management plan, 30, 32, 43, 45–47, 52, 56, 68, 70–71, 88–89, 107–109, 122–123, 136–137, 149, 159, 162, 185, 193–194, 196, 198–199, 209–210, 213, 215–217, 221–228, 239, 258, 365
risk management process, 5, 11–12, 30, 32, 35, 39–41, 45, 47–48, 56, 67–69, 78, 144, 149, 166, 169, 171, 178, 180, 184, 190, 206, 214, 222–223, 226, 231–232, 234–235, 260, 262, 299, 317, 319, 321, 324–325, 327, 329, 358, 365
analyze risk, 40, 55, 63, 67–68, 87–105, 223, 233, 263
identify risk, 39–40, 55, 63, 67–86, 223, 233, 263
plan risk, 40, 56, 63, 67–68, 107–119, 223, 233, 263
resolve risk, 40, 56, 63, 67–68, 135–147, 223, 233, 263
track risk, 40, 56, 63, 67–68, 121–133, 223, 233, 263
risk mitigation, 308
risk practices survey, 201–206, 321–324, 366
risk preference, 32, 36–39, 91, 100, 185, 366
averse, 7, 38, 99–100, 131, 364
risk resolution alternatives, 110–111, 117, 258, 266, 366
risk resolution cost, 115, 129, 351, 366
risk resolution strategy, 10, 82, 108–112, 116–117, 135, 159, 259–261, 264, 266, 276, 366
acceptance, 110–112, 117, 261, 364
avoidance, 110–111, 113, 117, 261, 364
protection, 110–111, 113, 117, 261, 366
reduction, 110–111, 114, 117, 261, 366
research, 110–111, 114, 117, 135, 260–261, 366
reserves, 110–111, 114, 117, 261, 366
transfer, 110–111, 114, 117, 261, 366
risk scenario, 68, 107, 109–111, 116–118, 122–124, 132, 185, 258–259, 366
risk severity, 93, 108, 129, 247, 265, 366
risk statement, 68–69, 71–73, 75, 81–82, 84, 88–89, 93, 185, 232, 236, 240–242, 246–248, 251, 366
risk status, 5, 40, 55, 67–68, 121–124, 132, 137, 140, 196, 262, 266, 366
risk tolerance, 22, 99–100, 366
Rockefeller, John D., 67
Roosevelt, Theodore, 257
Schrage, Michael, 142
Schwartz, David Joseph, 149
selection criteria, 68, 108–111, 115–117, 260, 367
simulation, 6, 74, 135, 138, 156, 261, 265, 367
Six-Discipline (6-D) Model, 1, 3, 12–20, 22, 24, 47, 59, 357, 367
Discover, 13–18, 20, 22, 24, 47, 224, 239, 244, 347, 361
Envision, 13–14, 16–20, 24, 47, 224, 361
Improve, 13–15, 17–18, 20, 24, 47, 224, 362
Measure, 13–15, 17–20, 24, 47, 224, 362
Plan, 13–14, 16–20, 24, 47, 224, 363
Socrates, 183
Software Engineering Institute (SEI), 8, 11, 33–34, 75–79, 81, 98, 129, 152, 156, 165, 240, 246, 264, 272, 274, 277, 281, 292, 298, 300
Capability Maturity Model (CMM), 12–15, 29, 32, 51–52, 129, 142, 174, 195, 197–199, 272, 275, 277, 283, 285, 310
Continuous Risk Management (CRM), 77
risk management paradigm, 11, 293
Software Risk Evaluation (SRE), 77, 293
software risk taxonomy, 8, 11, 75–77, 80–81, 98, 240, 246, 293–295, 297, 313–314
Taxonomy Based Questionnaire (TBQ), 11, 79, 240
Team Risk Management (TRM), 77
Software Program Manager’s Network (SPMN), 11
Airlie Software Council, 11
formal risk management, 11, 361
Project Control Panel, 126–128
software risk, 3, 7–8, 20–21, 23, 29, 30, 33, 36, 41, 47, 52–53, 56, 72, 136, 217, 239, 253, 266, 367
software risk management, 1, 3, 8–10, 23–24, 29, 155–156, 158, 253, 266, 300, 347, 350, 353, 357, 367
risk assessment, 5, 7, 11, 33–35, 40, 44, 46–47, 67–68, 71–73, 78–82, 84, 99, 111, 159–160, 162, 184–185, 190, 196, 212, 214–215, 233, 239–256, 258, 264, 289, 291–299, 301–302, 305, 307, 313–314, 324, 328, 330–331, 364
risk control, 5, 40–41, 46–47, 67, 96, 185, 212, 255, 257–267, 302, 305, 307
Spiral Model, 10, 23, 308, 320, 367
Win Win, 320
standard process, 40–41, 56–57, 63, 149, 165–182, 209, 226, 231–237, 367
tailoring, 40, 56–57, 209, 226, 231–237, 305, 358, 368
waiver form, 235
statement of work (SOW), 212–213, 216, 272, 275–276, 286
Tandem, 113
Taylor, David, 173
technical performance measures (TPM), 125, 157, 368
Ten-Point Game Plan, 61–62, 368
Texas Instruments (TI), 126 theory
probability theory, 4, 6–7, 363
utility theory, 4, 6–7, 22, 368
threshold, 40, 67–68, 82, 107, 109–112, 117, 122–126, 129, 131–132, 185, 196, 368
time frame, 73, 82, 88, 90, 93, 100–101, 111, 129, 138, 247, 260–261, 263, 306, 368
Top-N Risk List, 93–94, 110, 243, 253, 263, 368
total quality management (TQM), 5, 272, 309, 350
train risk technology, 56, 63, 149, 183–191
delivery, 188–190
evaluation, 189
feedback, 189–190
metrics, 187–190
techniques, 187
trigger, 67–68, 82, 108–109, 112, 121–126, 130–132, 137–138, 145, 185, 261, 327, 331, 334, 368
relative variance, 125, 130, 132
Turing, Alan, 19
utility function, 7, 99, 185, 368
Van Scoy, Roger, 87
work breakdown structure (WBS), 75, 77–78, 84, 216, 243, 247, 368
18.191.62.122