"We have to fix it!" Carlos leaned forward
in his seat, hands griping the table.
Decaf, man, decaf, I thought. "We're a week from
launch. Making changes to the code now is absolutely impossible."
As Carlos turned beat red and began to splutter, I
wondered if it was a common trait of Customer Service people or something they
learned on the job. I'd lost track of the number of frothing support folks I'd
dealt with in my time.
Carlos managed to keep his voice calm. "It's a
severity one issue. Complete and irrecoverable data loss. They get taken to
bare metal. Support can't approve this release."
"Carlos," I said, putting on my best
"teacher" voice. "It would have to be a blue moon, in Australia
for this bug to happen. It's such a fringe case it makes the guy on the street
corner with 'The world will end tomorrow' sign seem like a sure thing." I
closed the lid of my laptop and began to stand up. "I think we can put a
pin in this one and move on, don't you?"
I left Carlos spluttering at the table. He was saying
something about stopping the release. I didn't really pay attention. After all,
he was in support, no one was going to stop the release over something customer
support said.
I was opening the door to my office, when I heard a
voice from within yell, "Duck!"
The paper airplane smacked me right in the eye,
before I could even register what was happening.
"Ow! Hogarth!" I never realized how well
those two words went together.
Through tear streaked eyes I saw my gorilla lumber
towards me. "Hey, sorry about that. What are the odds of that happening,
eh? I mean, here you are, back from your meeting ten minutes early. That never
happens. Who would think you'd open the door just as I tried to hit it with a
paper airplane."
I shouldered past Hogarth (okay I bounced off
Hogarth, into the door jam and then into the room. He is an 800 pound gorilla
after all) and strode to my desk. "Well you should have thought! You could
have put my eye out. Anytime you're dealing with possible life and limb you
should be planning for it."
Hogarth turned to follow me. I could feel his eyes on
me and I just knew I'd been set up. It always happened this way. "Here's a
question for you," he said. "What are the odds a rain storm will
cause a mud slide on Devil's Slide
this winter?"
"Close to 100%, there is always mud coming down
off the hills."
Hogarth nodded, "Okay and what's the impact to
your commute?"
I rubbed my chin, trying to see where he was going.
"An hour, maybe and just one time. They have crews on standby just for
that contingency."
Hogarth smiled, "And what's the probability of
an 8.0 or greater earthquake hitting the region?"
I shrugged, "Who knows, once in every fifty
years, maybe."
"I see," Hogarth picked something from his
fur and popped it into his mouth. "And what would the impact be?"
"Ugh! An
8.0 would be huge. It took years to recover from the Loma Prieta.
It was only a six nine and look what it did."
Hogarth's eyes twinkled, "So which one do you
want to build a survival kit for? The one hour traffic delay, or the life
changing earthquake?"
"Huh…"
Damn it! He'd done it again.
PROBABILITY versus IMPACT
Tell me if you've
heard this before, "It's a fringe case," "There's a low
probability of it occurring," "What are the odds of that
happening?"
I was once poor
Carlos. When I worked in global support organizations I faced risk all the
time. I learned a lot about risk management, how to plan for it, how to
communicate it, how to mitigate it and most of all, I learned that most of the
time the focus wasn't on the "What" it was focused on the
"If."
"If
that happens, we'll have issues."
"If
the user pushes that button, sure it will crash."
"If
they are using Windows NT, who uses that anymore?"
Taking this approach
is like lumping a $500 payout lottery scratcher ticket with winning the $500
Million Powerball lottery. The odds of both are slim indeed. Only if you win
the $500 Million lottery, the impact of the win is going to be MUCH different.
To often we focus on
"If" something will happen, when we really need to start with
"What will happen." If the odds of a database crash are only 15%,
that might seem like it is fairly minor. If the database crash will cause a
cascading network failure that brings the entire eBay auction site to its
knees, eBay isn't going to care if the risk only happens 15% of the time. It
happened to them.
In my years I've
come up with two tools to help with properly addressing Risk Impact.
LIKELIHOOD CHART: The first is more visual and
is designed to get agreement and understanding from the team (see the image,
below. Click to zoom in). The Likelihood Chart was something I came up with while still working
in support. It mapped customer Severity to the Likelihood of the problem
occurring. Then cells then had what the action item was for each combination of
four severities and four Likelihoods.
This
snapshot is an example of one use of the chart. The Likelihood meters can be
adjusted up or down depending on the companies risk tolerance, Severity can be
replaced by any impact scale the team agrees on and the action plan for each
cell can be changed to suit the project and team agreement. What shouldn't be
flexible, is when you set this up. This should be agreed to as part of the
project charter/kick off. Get everyone to agree before you have show stopping
bugs.
RISK REGISTER WEIGHTING: The second was a
simple bit of math I applied to my risk tracking spreadsheet.
On
the surface, this looks like an ordinary risk register. Impact and Probability
are both a ten point scale with 0 being the highest impact/probability (unknown
being riskier than any known because you don't know) and 10 being no
impact/mitigated. The magic is in the Total Risk Score. Here's the
"math."
As
you can see in this next image, Impact gets a higher weighting score than
Probability. This means you can have a 100% risk even with a probability score
of 4-Med. (For those doing the math, I have an excel formula that limits the
maximum number in the Total Risk Score column to 100).
These are not silver
bullets. I keep telling you, there are no silver bullets. Besides the one day
you actually find the silver bullet will be the day you end up facing a vampire
(you need wooden bullets for vampires). What they are, are two tools I've used
in helping to make sure Impact (Severity) is the first thing the team focuses
on.
Remember, if their data center is an oozing puddle of
goo, eBay doesn't care if it was only a 15% chance edge case
Joel
Bancroft-Connors
The Gorilla Talker
Want me to talk to
your gorilla? Send me an email,
jbancroftconnors@gmail.com
You can follow me on
twitter, @JBC_PMP
Who is Hogarth? Read
Blog 001 to find out all about my personal gorilla.
Posts
