Risky Business


While tidying up for the weekend, I got pulled into an interesting twitversation with John Allspaw and Dmitriy Samovskiy on the topic of risk.

Allspaw had linked to Johan Bergström‘s article titled “What is the risk That Amazon Will Go Down (Again)?

It’s an interesting read for those in the [web]ops space. But don’t let the title deceive you: Bergtröm was really opining on what the valid definition of risk is in our industry, and comparing it with other industries’ definitions.

The answer is a little murky (and the topic of his Velocity keynote?), but what I find more interesting is that the definition of risk is a topic of discussion.

This may at first seem a bit weird (bordering on absurd, even?), but a colleague relayed a story to me about her experience on differing definitions of risk and how it affected the work she was doing.

She’d been working for a few months developing an internal tool for a financial services company. The project hadn’t gone great: (underwhelming) specifications had been delivered halfway through the (original) project schedule, the “Agile” project leader refused to let the final customers see the tool until the last week of the (original) project schedule1, and when she asked about feature priorities, the answer was always “They’re all P1.”

The project ended up going about as well as you’d imagine: schedule and budget started creeping which, in turn, caused feature scope to creep (because “Hey, the developer is still working on the project; why not throw this feature in?”)

She brought up the standard project management risk-mitigation techniques—prioritize features/schedule appropriately, reduce feedback turnaround, etc.—but the suggestions fell on deaf ears.


It took a couple of weeks after the project completed2 for her to realize that her definition of “risk” was not the same as the managers’—all ex-day traders—definition. In their world, risk could be offset by various methods (mostly complex financial instruments, like CDOs/CDSs and such or technology like high-frequency trading), so they could still obtain the outcome they wanted while (theoretically) eliminating the risk.

(It probably goes without saying that that particular risk assessment and management strategy worked out for this project about as well as it did for the world economy.)

But, it certainly goes to show: when the question “What is risk as it applies to this organization/industry/situation?” is posed, it probably isn’t as absurd as it may at first sound.

1 For “political reasons”
2 For some value of that word