Software Engineering Solutions for Business Challenges
They Always Cost More and Take Longer
Risk is taken for granted and seldom managed. It comes in many types. There’s performance risk, functionality risk, security risk, and endurance risk. These are all closely related to each other, and all lead to increased cost, delayed schedules, and/or failure to produce a return on investment. You can’t eliminate risk; you can only manage and mitigate it.
To manage risk you must identify it. This is obvious, but it takes practice to accurately identify salient risks to the project. You have to learn to recognize risk coming from the technology you are using, the business environment, and your own changing requirements. Some risks are obvious; others are only recognized after years of experience. After identifying the risks to your project, you have to determine the cost associated with each risk and, based upon this evaluation, how to mitigate each one.
Some risk mitigation is just plain common sense. At Auburn SeeWolf we use an automated backup system. Each time we compile a project or save a file it is backed up on a separate server. The backup server provides complete rollback, encrypts the data, and stores it at a secure, off-site location. We don’t lose work if a development system goes down, and our customers don’t lose their investment. Any good software developer should already have systems and process to mitigate problems that can happen during implementation of an off-the-shelf application or development of a custom application.
Performance risk is usually tied to the system architecture. To be effective, a system must be able to respond to the user within a reasonable time. In some cases waiting a couple of seconds may be acceptable. But in other cases, system performance can be a competitive advantage. For example, if you are running a call center or a help line, and your system is too slow, you’ll have to hire extra people. Choosing the correct system architecture can make the difference between success and failure of the application. Additionally, the architecture should have sufficient flexibility to allow for growth and changing business requirements.
Functionality risk is best mitigated by designing the system for change. Simple problems are easy to define, but most real-life problems are complex and difficult to pin down. In a perfect world, you would know all your requirements before selecting an off-the-shelf system or developing a custom application. In the real world, this almost never happens. With off-the-shelf applications you are stuck with the requirements the developers believed were important (often the requirements of their first customer). The only risk mitigation is to see a demonstration of the application working in your environment with your business rules and processes. This usually isn’t possible.
We use Extreme Programming techniques to mitigate functionality risk. At Auburn SeeWolf we have adapted various techniques that assume, up front, that you don’t know all the requirements for an application. This forces our architectures to be flexible and changeable, and allows us to incrementally develop an application. Incremental development identifies and exposes real-world requirements and provides a cost-effective path to successful software development.
Security must be designed into the system, not added on as an afterthought. This is easy to say, but with cost and schedule pressures security usually is the first thing to go. Unfortunately, losing all your customer’s credit card, medical, or other sensitive information is very expensive. With off-the-shelf applications you must rely on the developer to build security into the system. As we all know, even the biggest software companies with huge resources have trouble here. At Auburn SeeWolf security mitigation begins with the system architecture. It is also key in the selection of off-the-shelf applications and components. Finally, our software environment and coding standards enforce best practices for glueware and custom applications. Together, this emphasis on security minimizes security risk.
Endurance is vital to see a return on investment. Endurance is the result of a system implementation that is both reliable and maintainable over the entire life of the application. Software systems that work are usually in use far beyond their initial life estimate. Few organizations have the luxury of replacing working systems. In a technology environment that evolves as quickly as our software environment, it is becoming increasing difficult to get vendor support and/or the staff needed to maintain older systems. At Auburn SeeWolf, we mitigate this risk by staying with mainstream software environments. We recommend that applications use Oracle, Microsoft, or IBM platforms. While there are no guarantees, we believe using these environments significantly reduces the risk of losing out year support (either from the original developers of from third parties).
Managing risk and risk mitigation are far more important than most companies realize. We can’t tell you how many companies believe that project management and risk management are too expensive and shortchange these tasks. Many of them call Auburn SeeWolf for help saving a failed project. Without effective project management it is difficult to ensure a return on investment, which is discussed in our next topic: they never pay for themselves.
Copyright © Auburn SeeWolf 2009-2015