Hitchhiker's Guide to Software Architecture and Everything Else - by Michael Stal

Saturday, July 18, 2009


In addition to requirements and business expectations, risks represent an important driver of architecture design activities. Not addressing risks appropriately is a major reason for project failure. But what exactly is a risk and how can I identify potential risks as an architect.

On a very coarse grained level, risk might be considered as not knowing the outcome of an event or activity. It is the threat or propability that “an action or event will adversely or beneficially affect an organisation's ability to achieve its objectives” [Wikipedia].

There are as many different types of risks in a  software development project as there are influential factors.

For example:

  • Technical risk: Is EJB the right technology for achieving 100000 transactions per hour in our Web store?
  • Organizational risk: Is the organization appropriate for this kind of development project?
  • Political risk: Does this product manager follow her/his hidden agenda? Is this supplier really trying to support us or is he in fact competing with us?
  • Design Risk: Is this design decision appropriate for dealing with the requirements?
  • Requirements risk: Do we really understand the requirements of our organization or the customers?
  • Process risk: Is this the right development process?

For dealing with risks, there are lot of different ways. Technical risks and architecture risks can be reduced by a requirements-driven, test-driven approach with explicit assessment activities and refactoring activities. Political risks require the architect to communicate and lead efficiently and effectively.

An important point is this context: to be able to deal with risks, we must make them explicit. Implicit risks are often overseen, forgotten or ignored. You should really know your “enemy”.

Making risks explicit means to document AND communicate them.

I recommend to introduce a template for risk assessment comprising:

  • Name of the risk
  • Priority/Relevance of the risk
  • Type of risk: organizational, technical, ….
  • Rationale: explain why this is a risk
  • Context: what else should we know when dealing with this risk
  • Strategies: possible ways to deal with the risk
  • Decision: the recommended strategy to deal with the risk for the concrete context, and the rationale for this decision
  • See also: other risks this risk implies or similar risks that could be treated with the same strategy

Not all of these fields need to be available in the beginning. You could start with name, type, context, thus collecting the risks first. Then, you could prioritize the risks, and eventually extend the templates for this risks identified as high risks with missing information.

Let me give you an example:

  • Name: Uncertainty Using EJB
  • Priority: high (******)
  • Type: technical
  • Rationale: capability to meet the performance requirements of 100000 transactions/hour. We are not sure whether EJB will be appropriate
  • Context: Our developers are not experienced with EJB
  • Strategies:1) Build performance prototype first. 2) Hire external expert. 3) Use Enterprise OSGi instead. 4) Outsourcing.
  • Decision: Hire external consultants. Let them build a performance prototype and then help implementing the system when EJB proves to be a reasonable choice.
  • See also: we are not sure whether MySQL can cope with the throughput requirements.

It is worth mentioning that risk assessment is not exclusively provided by software architects. In fact, all roles in the project must help and closely cooperate for risk assessment. This way, everyone involved is aware of potential risks. And of course, some risks such as those implied by organization, test quality, or quality of requirements must be identified and clarified by other roles such as product and project management, requirements engineering or test and quality management.

Architecture and design decisions should then take risks into account.

Mind the risks: The highest risk is not systematically dealing with risks. 


  • Risks are a difficult matter to manage. In different areas (medicine, embedde, automotive and process control) risk management is a cruicial and natural property that must be dealt with. In some cases, there are requierments that a ceratain risk/safety standard must be applied to. What is interesting to note, is that there are quite some different types of risks. Different stakeholders have different views and focuses on different risks. The key issue here is to be open minded to see all different types and not just a few "favourites". E.g. i never thought of the politcal risks associated with an application/system. Working with risks you need to be aware of quite many different types.

    There are probably specific roles for managing risks, but sooner or later these risks end up for you as an architect to cope with, but then defined in a nice requirements specification.

    Specifing risks also lead to the question of traceability, how should risk be traced to the design/code and vice versa?

    By Anonymous Anonymous, at 2:17 PM  

  • Yes, traceability is an important point. It is like requirements traceability. We need to associate all architecture (and other) decisions with the risks they address. And we need to document these "traces"

    By Blogger Michael, at 2:38 PM  

Post a Comment

<< Home