In a recent exchange in social media, it was clear the notion of risk and the sources of risk, the consequences or risks and managing in the presence of risk was in very unclear, when it was conjectured, we can simply slice the work into small bits and REDUCE risk.
First, the only risk that can be reduced is the risk created by Epistemic Uncertainty. The term Epistemic comes from Epistemology, the study of knowledge. In other words, we can Buy more knowledge. Making things small does not reduce the risk it may make the uncertainty smaller. But that smaller uncertainty may create the same risk. That can't be determined a priori without a model of the uncertainty and the resulting risk.
Research shows that for projects, especially software projects Aleatory uncertainty is the predominant source of risk. Aleatory comes for the Greek term Alea which is a single Die. The risk that comes for aleatory uncertainty is Irreducible. Only margin can be used to handle this risk. So making things smaller does little if anything for the risks produced by Aleatory uncertainty. All making things smaller dos is show that you're late, over budget, and what you're building (Technical Performance Measures) doesn't work faster. This is good, but it doesn't reduce risk. It just closed the loop faster.
From the conversation, it was clear the speaker didn't actually have an understanding of uncertainty and the resulting risk.
So here are some books, handbooks, and guides that sit on my shelf that are used pretty much all the time on the Software Intensive System of Systems we work on. I'm not expecting anyone to read all these books. or the many 100's of papers on risk management we use as well. But when some statement is made about risk, estimating, performance modeling, or the like - always ask for references. No References? Then it's likely just an anecdotal opinion. Which mathematically is a sample of one, from an unknown population and as such should be ignored. All these books are in print. Many can be found online for free.
- Decisions with Multiple Objectives: Preferences and Value Tradeoffs. Cambridge, Keeney, R., and Raiffa, H., UK: Cambridge University Press, 1993.
- Uncertainty: A Guide to Dealing with Uncertainty in Quantitative Risk and Policy Analysis, Morgan, M., and Henrion, M., Cambridge Press, 1990.
- Probabilistic Risk Analysis: Foundations and Methods, Tim Bedford and Roger Cooke, Cambridge University Press, 2009.
- Probability for Risk Management, Matthew J. Hassett and Donald G. Stewart, ACTEX Publications, 2006.
- Bayesian Inference for NASA Probabilistic Risk and Reliability Analysis Risk and Reliability Analysis," NASA/SP-2009-569
- Risk-Informed Decision Making, NASA/SP-2010-576 Version 1.0 April 2010
- Software Risk Management, Barry W. Boehm, IEEE Computer Society Press 1989.
- Strategic Risk Taking: A Framework for Risk Management, FT Press, August 12, 2007.
- Strategic Project Risk Appraisal and Management, Elaine Harris, Gower, 2009.
- Risk, Uncertainty and Profit, Frank Knight, Reprints of Economic Classics, 1964.
- Risk Analysis in Theory and Practice, Jean‒Paul Chavas, Elsevier Academic Press, 2004.
- Complete Guide to the Basics of Project Risk Management: Improve Your Chances for Success, Dmitry Nizhebetskiy, Project Management Basics, 2017.
- Managing Complex, High Risk Projects: A Guide to Basic and Advanced Project Management, Franck Marle and Ludovic‒Alexandre Vidal, Springer‒Verlag, 2016.
- Misconceptions of Risk, Terje Aven, John Wiley & Sons, 2010.
- Fundamentals of Risk Analysis and Risk Management, Vlasta Molak, CRC Press, 1997.
- Failure of Risk Management: Why It’s Broken and How to Fix It, Douglas Hubbard, 2009.
- Risk Analysis in Project Management, John Raftery, E & FN SPON, an imprint of Routledge, 1994.
- Applied Software Risk Management: A Guide for Software Project Managers, C. Ravindranath Pandian, Auerbach Publications, 2007.
- Critical Code, Software Producibility for Defense, Committee for Advancing Software-Intensive Systems Producibility, Computer Science and Telecommunications Board Division on Engineering and Physical Sciences, National Research Council of the National Academies, 2010
- Quantitative Risk Analysis – A Guide to Monte Carlo Simulation Modeling, David Vose, John Wiley & Sons, 1996.
- Risk Analysis – A Quantitative Guide, Third Edition, David Vose, John Wiley & Sons April 2008.
- PM Sourcebook Integrated Project Management Sourcebook A Technical Guide to Project Scheduling, Risk and Control, Mario Vanhoucke, Springer
- Project Risk Management Guidelines, Managing Risk in Large Projects and Complex Procurements, Dale F. Cooper, Stephen Grey, Geoffrey Raymond, and Phil Walker, John Wiley & Sons, 2005
- The Silver Lining of Project Uncertainties, Thomas G. Lechler, Ting Gao, and Barbara Edington, Project Management Institute, 2013.
- Risk Analysis: A Quantitative Guide, David Vose, John Wiley & Sons 2008.
- Project Risk Quantification: A Practitioner’s Guide to Realistic Cost and Schedule Risk Management, John Hollmann, Probabilistic Publishing 2016.
- Foundations of Risk Management: A Knowledge and Decision-Oriented Perspective, 1st Edition, Terje Aven, John Wiley & Sons, 2003.
- Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project, 3rd Edition, Tom Kendrick, AMACOM, March 25, 2015.
- Perspectives on Thinking, Judging & Decision Making, Wibecke Brun (Editor), Gideon Keren (Editor), Geir Kirkeboen (Editor), Henry Montgomery (Editor), Universitetsforlaget; UK Edition, November 28, 2011.
- Probabilistic Risk Assessment Procedure Guide for NASA Managers and Practitioners, NASA/SP‒2011‒3421, Second Edition, December 2011.
- The Economic Foundations of Risk Management: Theory, Practice, and Applications 1st Edition, Robert Jarrod, World Scientific, 2016.
- Foundations of Risk Management, 2nd Edition, Terje Aven, John Wiley & Sons, 2012.
- Quantitative Risk Analysis: Guide to Monte Carlo Simulation Modeling, David Vose, John Wiley & Sons, 1996.
- Risk Analysis: A Quantitative Guide, David Vose, John Wiley & Sons, 2000.
- Agile Risk Management and DSDM Pocketbook, Alan Moran, IARM
- Probabilistic Risk Assessment and Management for Engineers and Scientist 2nd Edition, Ernest J. Henley and Hiromitsu Kumamoto, IEEE Press, 2000.
- Agile Risk Management and Scrum, Alan Moran, Institute for Agile Risk Management, 2014.
- Managing the Unknown: A New Approach to Managing High Uncertainty and Risk in Projects 1st Edition, Christoph H. Loch, Arnoud DeMeyer, and Michael Pich, Wiley, 2006.
- Integrated Cost and Schedule Control in Project Management, 2nd Edition, Ursula Kuehn, Management Concepts, 2010.
- Effective Risk Management, 2nd Edition, Edmund Conrow, AIAA, 2003.
- Effective Opportunity Management for Project: Exploiting Positive Risk, David Hillson, Taylor & Francis, 2004.
- Project Risk Management: Process, Techniques, and Insights, 2nd Edition, Chris Chapman and Stephen Ward, John Wiley & Sons, 2003.
- Managing Project Risk and Uncertainty: A Constructively Simple Approach to Decision Making, Chris Chapman and Stephen Ward, John Wiley & Sons, 2002
- Technical Risk Management, Jack Michaels, Prentice Hall, 1996.
- Software Engineering Risk Management: Finding your Path Through the Jungle, Version 1.0, Dale Karolak, IEEE Computer Society, 1998.
- Risk Happens: Managing Risk and Avoiding Failure in Business Projects, Mike Clayton, Marshall Cavendish, 2011.
- Waltzing with Bears: Managing Risk on Software Projects, Tom Demarco and Timothy Lister, Dorset House, 2003.
- Practical Spreadsheet Risk Modeling for Management, Dale Lehman, Huybert Groenendaal, and Greg Nolder, CRC Press, 2012.
- Software Engineering Risk Management, Dale Karolak, IEEE Computer Society Press, 1996.
- Practical Project Risk Management: The ATOM Methodology, David Hillson, Management Concepts Press, 2012.
- Risk Management in Software Development Projects, John McManus, Routledge, 2003.
- Department of Defense Risk, Issue, and Opportunity Management Guide for Defense Acquisition Programs, June 2015, Office of the Deputy Assistant Secretary of Defense for Systems Engineering Washington, D.C.
- Technical Risk Management, Jack Michaels, Prentice Hall, 1996.
- Software Engineering Risk Management, Dale Walter Karolak, IEEE Computer Society, 1996.
- Software Engineering Risk Management: Finding Your Path Through the Jungle, Version 1.0, Dale Walter Karolak, IEEE Computer Society, 1998.
- Managing Risk: Methods for Software Systems Development, Elaine Hall, Addison Wesley, 1998.
- Probability Methods for Cost Uncertainty Analysis: A Systems Engineering Perspective, Paul Garvey, CRC Press, 2000.
- A Beginners Guide to Uncertainty of Measurement, Stephanie Bell, National Physics Laboratory, 1999.
- Practical Risk Assessment for Project Management, Stephen Grey, John Wiley & Sons, 1995.
- Assessment and Control of Software Risks, Capers Jones, Prentice Hall, 1993.
- Software Project Survival Guide: How to Be Sure Your First Important Project Isn’t Your Last, Steve McConnell, Microsoft Press, 1998.
- ISO 31000 Risk Management Standard
Along with these textbook resources, here are some tools for managing risk
- ModelRisk, a spreadsheet add-in for Monte Carlo modeling for quantitative risk analysis