Adam Cole (Toronto, Manager Applications and Development for McKesson & National Director for CIPS)

“All very complex computer programs will, at some time, fail.”

I can’t help but gawk as I drive by an accident, similarly I find I have a morbid curiosity when I read of colossal software failures. I am sure this is due to some deep-rooted fear that next time I could be the victim …or the cause of such a tragedy.

We live in a world where complex software is everywhere. Failures of our software range from minor annoyances to lethal.

With the steady march forward of technology our lives are increasingly, and frequently unwittingly, turned over to technology. Technology enables our telecommunications, dispenses our drugs, determines if we are to be the beneficiary of a tax audit, flies our airplanes, and empowers Outlook to “ding” when we receive notification that Tukki Ghanaki, the son of the deceased monarch of Nigeria, wishes to share his pilfered millions with us.

The risks involved with software development are inherently unique. As Scott Rosenberg, the author of “Dreaming in Code”, points out, “One reason the whole engineering approach has proven so difficult for the software field is also one of the unique things about software: Once a particular problem is solved, it’s almost infinitely cheaper to use the existing solution. There’s no cost to make additional copies.”

In the world of software development new programs are only created if they are innovative in some fashion. The simple fact that each new program and every new project be innovative is the hallmark of risk.

What can be done to mitigate risk?

John Boufford, President of the Canadian Information Processing Society (CIPS) asserts, “Certified Professionals Who Understand a Broad Range of IT Disciplines, Adhere to a Strong Code of Ethics, & Follow Emerging Best Practices Are Better Able to Provide the Process Assurances to Deliver Reliable IT Services.”

Boufford elaborates, “That is not to say that problems will not arise when a project is managed by professionals nor are projects managed by non-professionals doomed to failure. Rather, the factors which influence success are consistently repeatable when performed by a professional.”

(See John Boufford’s presentation on the role of IT Professional Practice at IT360 in Toronto, May 2, 2007.)

The IT industry has come a long way in recent years but remains relatively immature in both adoption of consistent risk management practices and encouragement of professionalism. There is surely a tight correlation between the two.

Need more convincing? Here is some great reading. Unfortunately there is enough here to satisfy even my morbid curiosity:

· Can Software Kill? Why Software Quality Matters.

· “When Software Kills” Revisited

· 107 Software Horror Stories

· History’s Worst Software Bugs

· Trust me, I’m your software – risk of software failure in safety-critical systems

· Why Software Fails

· Project Wipe-out: Big Failures

· The Risks Digest

Besides being interesting reading, these articles/libraries are excellent case studies on lessons learned.