People work very hard to reduce risk. But while YouCanManageRisk, you can't ever eliminate it completely. Many people have gotten sold a bill of goods because they thought they found a way to completely eliminate risk. For example, in the early 80s, a lot of retirement plans pushed something called "guaranteed investment contracts" which promised ludicrously high rates of return. Of course, the way the insurance companies could offer these returns was by investing your money in the stock market, which would hopefully pay even higher rates of return. When this stopped happening, insurance companies couldn't guarantee those high rates of return anymore. In fact some insurance companies went bankrupt. Eliminating risk was a sucker bet, because if things went well you could have done better playing the stock market directly, and if things went poorly, you were potentially out more money than if you were in the market yourself. It seems to me that most fixed price software development contracts could be thought of as "guaranteed development contracts". If the developer underestimated the time it takes, he gets to pocket the difference. If he overestimated, the customer is still hosed, although maybe he can sue the developer, if the developer hasn't filed for bankruptcy. Maybe people try to do things this way because it is AnAcceptableWayOfFailing. --JohnBrewer ---- On my current project, I have great frustration with this. The people handling "ProjectManagement" decided to put together a RiskDatabase to document all of the risks on the project. We were all asked to suggest things that we thought potentially posed a risk for the project. So far, so good. But along with the risk, we were also required to say what could be done to mitigate the risk -- it'd be nice to know this, but it shouldn't be "required"... what if you don't know how to mitigate the risk that concerns you? But it was the next step that really kills me. We went through and put a "mitigant" next to each risk, then a date by which each "mitigant" had to be performed. As each date passed, the "risks" were taken out of the RiskDatabase. I suppose that in the end we must have wound up with a project with no risk! By the way, the project's VERY HARD DUE DATE was 2 weeks ago. Yesterday, the first piece of code on the project was finally delivered and passed code review. I don't even want to talk about it. -- MichaelChermside ---- See also: TypesOfProjects