Review By: Stuart M. Miller
08/07/2006"Reducing Risk with Software Process Improvement" by Louis Poulin takes a very broad approach to examining different methodologies for reducing risk. In each chapter Poulin examines different aspects of the software process and how risk can be introduced at every step.

Poulin frequently makes his points by citing real-world examples and statistics from different projects he has studied. The approach and discovery from different viewpoints allows most any software professional to relate to many of the examples.

The book stresses the value of communication, documentation, and measurement by all involved in the progress. Poulin dedicates several chapters to measurement techniques. Annex A, the “Crash Course in Statistical Process Control,” and Annex B, “Risk Assessment and Estimation of Losses,” are provided for the reader dedicated to measurement technique and execution.

The book also highlights the value of the quality assurance team and how getting QA involved in non-traditional aspects of software development, such as requirements gathering and definition, can aid projects before they get off track. Poulin even states that “quality assurance is the most misunderstood and poorly applied process in the software industry.”

Poulin concludes his book with a two-page synopsis that ties together all the chapters and should serve as a brief guide for getting teams started in the right direction toward reducing risk.

Although the book is not focused on one aspect (development, testing, management, etc.), most of the references can be applied to many parts of software development. I enjoyed his frequent citing of real statistics from projects he has studied, and I even highlighted some to use later when trying to sell someone on the value of quality assurance.

The appendix material has more detail than I need, but it might interest you if your primary task is risk management and you want to get serious about your measurement techniques.

To a reader new to the concepts of managing risk and process improvement, this book serves as a general-purpose introduction that gives a good background understanding to techniques for reducing risk. For those already familiar with the topics, the book is a fairly slow read that includes a lot of basic material wedged between Poulin's unique perspectives. It's worth the read, though, if you're interested in getting a more detailed understanding of what can be achieved by applying the included methods for reducing risk.