Who Owns the Risk?

This content is syndicated from LeadingAgile by Mike Cottmeyer. To view the original post in full, click here.

Back in my late 20′s I was a project manager in a pretty good sized IT shop. I worked under a great VP that put me in situations that were really beyond my abilities.  He fundamentally believed that I’d do a good job for him. He trusted that I’d learn what I needed to learn and use good judgement about when to ask for help. There was a point in my career where everything interesting on my resume was a direct result of some project this guy had me lead. One of those projects was a pretty significant identity and access management initiative where we were building out a corporate LDAP infrastructure. The goal was to establish an integrated authentication engine so clients could basically sign-on to any of our web properties with a single login ID and password. Our company didn’t have any expertise in this area, so I ended up with about a quarter of a million dollars to spend to bring in some consulting expertise. We ended up bringing in a large, well known consulting firm to help… they were really, really good but as you might expect, very expensive. I decided to negotiate a fixed scope, fixed price contract under the assumption that it would mitigate my risk. My goal was to shift all the delivery risk to the consulting firm so that I would be assured of delivering my project on time and and on budget. Had we had perfect knowledge of what was required, that might have been a good strategy. As you might have guessed, these guys knew way more about contracts, and way more about delivering LDAP solutions than I did. I imagine they anticipated we would need services not specified in the contract, but they also knew I had a not-to-exceed budget, and I’m sure they wanted the business. When the inevitable happened, and we realized that we needed services not specified in the original agreement, they created a change request document… actually several of them… and I had to go round up additional funding if I wanted the additional work. While I was unsuccessfully trying to mitigate my risk with a fixed price, fixed scope, fixed time contract; they were successfully mitigating their risk by aggressive contract management and holding me accountable for everything that wasn’t explicitly called out in our original agreement. At the end of the day, who really absorbed the risk? It was me and my company, I just didn’t know it at the time because I was certain that I had asked for everything I needed up front. It wasn’t until we started building the solution that I realized I was wrong. Now… let’s tie this back to my previous post on estimating. When customers ask you for an estimate, they are most likely, either directly or indirectly, trying to shift the delivery risk onto the development team. They want to tell you everything they want, or at least what they think they want now, have the development team tell them what it will take to deliver it… and provided they can meet your time and cost demands… make development 100% responsible for delivery. Since we know that the customer doesn’t know everything they need up front, we aggressively manage scope to protect ourselves from the risk. Based on the feedback on my estimating post… we all seem to agree that estimates are generally poor indicators of what it will take to actually deliver the product.  We all agree there is a pretty good chance any estimate we provide will be misused by management.  We know that making commitments based on bad estimates leads to an unacceptable level of risk for the development team. In response, we suggest that we shouldn’t even attempt to estimate. If we go this route, we are basically asking our customers to assume all the risk associated with the delivery.  We are asking for unlimited time and money and maybe the customer will get what they need. We assume that as long as the developers ‘do the best they can do, and deliver as much value as possible’ the customer should just take a chance they’ll get what they need, but if they don’t… and quite often thats their reality, they are left with no options because all the time and money ran out. Just because the development team delivered the highest-value-potentially-shippable-product-as-possible… doesn’t mean that your customer has something they can sell to get a reasonable return on their investment.  Aside from the fact this conversation is a non-starter with most business leaders I work with… it doesn’t feel like a very good way to run a business. To me the answers lies not in the either-or proposition of fixed scope, time, and cost… or alternatively establishing no estimates and making no commitments. Both approaches put all the risk on the other party, shifting risk fully to one side or the other. To me, the answer lies in creating a culture of shared risk between the customer and the team. Both sides have to have skin in the game. Both sides have to realize the constraints the other is operating under. Both sides have to realized that estimates are just that… estimates.  Both sides need to be partners in the delivery process. The estimating process establishes the shared understanding we just talked about, and the numbers we come up with give us a planning baseline to measure the progress we are making (or aren’t making).  The development team estimates, but customers realize that estimates have to be managed, assumptions have to be validated, issues have to be dealt with, risks have to be mitigated, and yes… sometimes requirements have to be descoped, or dates have to change, or costs have to go up.  In an environment of shared understanding, shared accountability, and shared risk; everyone is on the hook for managing the delivery process. Sharing risk means that we trust in the other’s abilities and intentions, we deal with reality when it doesn’t meet with our preconceived notions about what should be… or should be possible. This is not currently the default place in most organizations… our default place seems to be to shift as much risk as possible to our counterparts in the other parts of the business. Creating a culture of shared risk, and having the tools in place to manage that risk, is really the key to make all this stuff work. Insisting someone else assume all the risk doesn’t encourage the behavior we want, or the behavior we need between people that should operate as partners. If we don’t estimate, we don’t have any way to know how far we’ve come and how far we’ve got left to go.  It’s that simple to me… I suspect some of you guys out there might disagree.  Looking forward to the conversation.

One Response to “Who Owns the Risk?”

Leave a Reply

What is 9 + 8 ?
Please leave these two fields as-is:
Please do this simple sum so I know you are human:)

There are 101 ways to approach anything.
To find the best way, sometimes you need expert help

What People Say

“Kelly revolutionised the way our digital department operated. A true advocate of agile principles, he quickly improved internal communication within our teams and our internal clients by aligning our business and creating a much enhanced sense of transparency in the decisions the business was making. Kelly also introduced a higher sense of empowerment to the development teams...”


“Kelly’s a leading program director with the ability to take charge from day one and keep strong momentum at both a program and project level driving prioritisation, resourcing and budgeting agendas. Kelly operates with an easy-going style and possesses a strong facilitation skill set. From my 5 months experience working with Kelly, I would recommend Kelly to program manage large scale, complex, cross company change programs both from a business and IT perspective.”


“Kelly is an extremely talented and visionary leader. As such he manages to inspire all around him to achieve their best. He is passionate about agile and has a wealth of experience to bring to bear in this area. If you're 'lucky' he might even tell you all about his agile blog. Above all this, Kelly is great fun to work with. He is always relaxed and never gets stressed - and trust me, he had plenty of opportunity here! If you get the chance to work with Kelly, don't pass it up.”


“Kelly is an Agile heavy-weight. He came in to assess my multi-million $ Agile development program which wasn’t delivering the right throughput. He interviewed most of the team and made some key recommendations that, when implemented, showed immediate results. I couldn’t ask for more than that except he’s a really nice guy as well.”


“Kelly and I worked together on a very large project trying to secure a new Insurer client. Kelly had fantastic commercial awareness as well as his technical expertise. Without him I would never had secured this client so I owe a lot to him. He is also a really great guy!”


“Kelly came to the department and has really made a huge impact on how the department communicates, collaborates and generally gets things done. We were already developing in an agile way, but Kelly has brought us even more into alignment with agile and scrum best practices, being eager to share information and willing to work with us to change our processes rather than dictate how things must be done. He is highly knowledgable about agile development (as his active blog proves) but his blog won't show what a friendly and knowledgeable guy he is. I highly recommend Kelly to anyone looking for a CTO or a seminar on agile/scrum practices - you won't be disappointed!”


“Kelly was a great colleague to work with - highly competent, trustworthy and generally a nice bloke.”


“Kelly was engaged as a Program Director on a complex business and technology transformation program for Suncorp Commercial Insurance. Kelly drew on his key capabilities and depth of experience to bring together disparate parties in a harmonised way, ensuring the initiate and concept phases of the program were understood and well formulated. Excellent outcome in a very short time frame. ”


“I worked with Kelly on many projects at IPC and I was always impressed with his approach to all of them, always ensuring the most commercially viable route was taken. He is great at managing relationships and it was always a pleasure working with him.”


“I worked with Kelly whilst at Thoughtworks and found him to be a most inspiring individual, his common-sense approach coupled with a deep understanding of Agile and business makes him an invaluable asset to any organisation. I can't recommend Kelly enough.”


“Kelly was a brilliant CTO and a great support to me in the time we worked together. I owe Kelly a great deal in terms of direction and how to get things done under sometimes difficult circumstances. Thanks Kelly.”