Risk management and voodoo charms

From CitconWiki
Jump to navigationJump to search

Moderated by: Jtf

Voodoo charm - "Lets keep an eye on it!", but ignoring the actual responsibility

Lets monitor it in production! How do we actually do that? You should have a plan. How? When? Where? It seems like we often identify problems, agreeing that it is a problem and that we need to monitor it, but nothing is done. How do we prevent this? "Should" or "I intend to" are dangerous words. You get immediate gratification and feel you really do not have to act on what you intended to do. We need tools and formal techniques to actually do what we are thinking about doing. It's all about the definition of done. A programmers version of "done" probably means "the happy case works and the first iteration of tests are green", which does not mean that the feature actually Works. You have to look at the whole system, _including_ the non functional requirements. The non-functional requirements needs to be tested/monitored as well. But how do we find out what tests/monitoring specs we need to have/add? Draw a map of the entire system, the ENTIRE system. Think about the dependencies (arrows) between components and go through all of them. "What if this part goes down, how do we know?" Will an email be sent? What if the email server is down? This is called failure analysis. From this you have to think about the impact of these failures; Impact Analysis. When you have identified the impact you have to think about the risk; risk analysis. From the risk analysis you can identify actual business cases which can amount to use cases/stories.

Failure Analysis -> Impact Analysis -> Risk Analysis -> Business Case

Usually we are not good at thinking about the whole system and thinking about risks outside of the code base.

Do you want to be proactive or reactive with this? Going through a failure analysis BEFORE you have a problem will help you avoid problems.

Detection Mitigation Prevention

SPIN Selling - how to sell change; Situation Problem Implications Needs analysis

Why does it work? Because you need to talk to people about specific cases and collaborate.

Retrieved from "http://citconf.com/wiki/index.php?title=Risk_management_and_voodoo_charms&oldid=14719"