15. Risk–Opportunity Assessment and Control
“If you don’t actively attack the risks, they will actively attack you.”
—Tom Gilb, Principles of Software Engineering Management, Addison-Wesley, 1988
In Chapter 4, we noted that when we use the term “risk,” we include not only the negative uncertainties normally associated with risks, but also the positive uncertainties associated with opportunities. Thus, the ICSM is really risk and opportunity driven, in that whenever resources are expended in identifying and dealing with risks, they can also be expended in identifying and dealing with opportunities. In this chapter, we address both possibilities.
15.1 The Duality of Risks and Opportunities
As discussed in Chapter 4, the generally accepted quantity ...