Three Kinds of Business Risk

by

C.K. Chesterton wrote, “The word ‘good’ has many meanings. For example, if a man were to shoot his mother at a range of five hundred yards, I should call him a good shot, but not necessarily a good man."

“It’s the qualifier ‘necessarily’ that shows Chesterton possessed a truly philosophical mind", write Thomas Cathcart and Daniel Klein, in their book Plato and a Platypus Walk into a Bar (p.81).

Yes indeed.

There’s something so neat-o about making distinctions. Good distinctions don't simply classify -- they illuminate and clarify.

Lev Lesokhin at Forrester in Dallas
Lev at the Forrester Office in Dallas

I was reminded of that during a recent visit to Dallas to spend some time with Forrester analyst Mary Gerush. (That’s my colleague Lev Lesokhin, breaking into an off-the-charts-spinal-tap-volume-11 smile because he’s finally out of the Dallas heat and inside the cool Forrester digs.)

Let’s distinguish three kinds of business risk :

  • Delivery Derailment Risk – risks that add IT cost or stop business revenue due to delayed launch or cancellation.
  • Business Case Risk -- risks that affect the quality of a delivered application; even though the application works, it doesn't work as well as it should.  The number of successful transactions per unit time cannot be completed to fulfill the benefits articulated in the business case.
  • Business Opportunity Risk -- risks that make the application hard to maintain and change in the face of pressing business demand. The resulting loss of agility damages future business revenue.

You lie awake at night worrying about project derailment risk and pay scant attention to the other two.

Watch out!

Filed in: Technical Debt
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|