We’re conditioned to think risk is bad, but in fact carrying risk can have advantages. Specifically, delaying a decision allows a more informed choice to made, while making a decision too early can incur unnecessary cost.
It’s notable that in Agile software development carrying risk is intrinsic. For example, design decisions are made as late as possible, and the sequence of deliverables changes often throughout a project. Much of Agile methodology is constructed to facilitate these late decisions. By contrast a more waterfall project tries to eliminate as much risk as possible before the build phase starts. Decisions may be made (about design, etc) but, as noted above, they may not be the best choices.
Not all risks on a software project are answered by Agile methodology. Some risks are just things that have to be dealt with by someone with suitable authority—a project manager or similar. One technique for identifying when to make the choice was what he called a tripwire: some kind of pre-defined signal to indicate whether you should put your mitigation plan into action. An example might be whether you’ve made a given deliverable by a particular point.
We technologists love shiny new things, and we’re not very good about learning lessons from our history. It’s good to see someone like Tim Lister, who’s been around the block a few times, remind those of us with fewer memories that we don’t have to reinvent every wheel. In his book “Waltzing with Bears” there’s a relevant chapter called “Risk Management Is Project Management for Adults”.