Black Swans make managing development risks impossible

As a project manager I've been doing risk managment in software projects for years and as an event manager in private too. And I've been to several workshops about project and risk management. It basically boils down to rating the impact and the probability of risks and then plan actions to prevent, solve or mitigate them. The simpliest form is to rate the probability A,B and C (high to low) and the impact A,B and C (high to low) and rank the risks depending on impact and probability (A,A first and so on).

Black Swans

After reading about black swans which are very high impact with very low probabilities risks I no longer think you can manage risks. Just be aware of and live with them. Like a stock market crash or the crumbiling of the Berlin wall. Could you manage those? In the framework from above they would rate as AAA/ E or above risks. What do they look like in software development? Your team decides to found a startup, your client goes bankrupt, two developers in your team quiet, the feds raid your company, your client gets a new CEO which reprioritizes projects and so on. Can you manage those risks? Some think they can.

Ignoring Black Swans

Whenever I've asked in workshops or in talks with peers what to do about AAA impact risks people said well, we don't manage them, they are too unlikely. And I might add, you can't do anything about them as a project manager. Most of them are out of your sphere of influence. Can you hire people on standby? Can you protect your client from bankrupcy ? Can you influence job decisions at your client? Can you influence the Feds? What do project managers instead? They rate minor impact risks like not delivered hardware (which can easily solved by ordering last minute from Dell) or wrong requirements to the top (A) and "manage" them. But real risks are ignored. With some time people grow blind spots for real risks, happily manage small impact risks and feel save. Untill your team outsources itself or your client goes bankrupt.

Thanks for listening.


I found an excellent quote in a risk book about hedge funds, A demon of our own design (as always no partner link) which reflects my black swan post. Richard Bookstaber writes about risk management for financial instruments:

“The types of risk that could be readily measured were better controlled, but those were not the risks that mattered. The real risk is the on you can’t see.”

Exactly what I said about software development. Risk people can’t see or have trained themselves blind spots for.

Stephan Schmidt Administrator
CTO Coach , svese
Stephan is a CTO coach. He has been a coder since the early 80s, has founded several startups and worked in small and large companies as CTO. After he sold his latest startup he took up CTO coaching. He can be found on LinkedIn or follow him in Twitter.
follow me