From "Fundamentals of Software Architecture"
🎧 Listen to Summary
Free 10-min PreviewDeveloping and Communicating Risk Assessments
Key Insight
Risk assessments are summarized reports detailing an architecture's overall risk against specific criteria, leveraging the quantified risk data from the risk matrix. These reports consolidate risk levels, often color-coded as green (low risk, scores 1-2), yellow (medium risk, scores 3-4), and red (high risk, scores 6-9), though shading can be used for black-and-white presentation or color blindness considerations. Risk can be accumulated by criteria, such as 'data integrity' totaling 17 (highest risk) or 'availability' totaling 10 (least risk), or by domain areas like 'customer registration' having the highest relative risk and 'order fulfillment' the lowest. These relative numbers allow for tracking improvements or degradation over time.
While a full risk assessment contains all analysis results, filtering is crucial for effective communication, especially in meetings. For example, presenting only high-risk areas improves the signal-to-noise ratio, offering a clear snapshot of system health pertinent to the discussion. However, a static report only provides a 'snapshot in time' and fails to convey the 'direction of risk' – whether it's improving or worsening. Using traditional arrows for direction proved confusing, with nearly 50% interpreting an 'up' arrow as worse and 50% as better, even with a key that users often overlooked.
To clearly indicate risk direction, universal symbols are employed. A plus (+) sign (green) next to a risk rating signifies improvement, while a minus (-) sign (red) indicates the risk is worsening, trending towards a higher risk category. For instance, 'performance for customer registration' at medium (4) with a minus sign suggests degradation, whereas 'scalability of catalog checkout' at high (6) with a plus sign indicates improvement. Stable risks have no sign. An alternative technique uses an arrow combined with the number the risk is trending toward (e.g., '4->6'), often color-coded, making the direction unambiguous without a key. This directionality is determined through continuous measurements, such as architecture fitness functions, which objectively analyze risk criteria for observable trends.
📚 Continue Your Learning Journey — No Payment Required
Access the complete Fundamentals of Software Architecture summary with audio narration, key takeaways, and actionable insights from Mark Richards, Neal Ford.