Used with care, software development estimates can help you manage project risks. They let you peer into the future, though only as well as your current understanding allows. Estimating based on what you know is easy. Estimating based on what you know you don’t know is possible. Allowing for what you don’t know you don’t know is prudent.
Managing risk is a dynamic process. I’ve seen people document a risk in a “Risk Register” document and promptly ignore it. That’s not management. Instead, consider different ways a risk might be reduced in likelihood or consequence. When time or cost is of the essence, think about how you’ll determine what you can afford, and when you need to take a second-choice approach.
I once worked on a project where we had to remove the requirement to log in for viewing certain documents, such as a Form 10K. The system had been built with the assumption that the user would always be logged in, though they could create a login that would give them immediate access to such open documents. A change in SEC ruling meant that the organization would be liable for expensive daily fines if new behavior was not deployed by December 31.
The existing code checked the access rights in numerous places. In some places, a user would be permitted or denied access to the document. In other places, a user might or might not be able to see the existence of a document when they...read more