PK
Back to archive

Engineering

Big Projects Need a Rhythm of Evidence

A delivery model that measures whether risk is shrinking instead of whether activity is increasing.

Big Projects Need a Rhythm of Evidence

Large projects generate activity easily. Planning meetings, design reviews, tickets, dashboards, demos, status notes, dependency threads, migration checklists, and launch plans all create the reassuring sound of motion.

Motion is not the same as risk reduction.

The projects that worry me most are not always the quiet ones. Sometimes they are the busiest ones, because nobody can tell whether the work is making the hard parts smaller.

The thesis

Big projects need a rhythm of evidence, not just a rhythm of status.

Status asks, "What happened this week?" Evidence asks, "What became less risky this week?" That difference changes the project. It shifts attention from activity to learning, from confidence to proof, and from internal progress to the conditions required for a safe launch.

A principal engineer should care less about whether the project looks busy and more about whether the riskiest assumptions are losing power.

The production pattern

The recurring pattern is familiar. A large project starts with uncertainty. The team identifies broad risks: integration complexity, migration safety, performance, adoption, data correctness, rollout control, operational readiness, or dependency timing.

Then delivery machinery takes over. Work is broken into streams. Streams produce updates. Updates become green, yellow, or red. The project may still be carrying the original risks, but they are now scattered across tickets and meetings.

By the time leadership asks whether the project is really on track, the answer depends on interpretation. Engineering says implementation is progressing. Operators say the runbook is thin. Product says the user-visible milestone is unclear. A partner team says the integration has not been tested against reality. Everyone is telling the truth from their slice.

The project lacks a common rhythm for evidence.

The trap

The trap is measuring the easier thing. Activity is visible. Evidence is inconvenient.

Activity says the API was built. Evidence says a real caller used it under expected constraints. Activity says the migration tool exists. Evidence says it handled representative data and produced a repair path for bad rows. Activity says the rollback plan is documented. Evidence says the team has proved rollback before the launch window.

The second trap is confusing demos with evidence. Demos are useful, but they often show the happy path under controlled conditions. A demo can build confidence without retiring risk. The question is not whether something can be shown. The question is whether the project has learned something that changes its risk profile.

The third trap is letting evidence arrive too late. If the first real integration happens near launch, the project has been spending time while preserving uncertainty.

The model

I use a six-part evidence rhythm for big projects.

Risk ledger: a living list of the assumptions that can still hurt the project. Each risk has an owner, a current belief, a next evidence event, and a date when the risk will be revisited. The ledger is not a status document. It is a pressure map.

Weekly evidence: each week should produce at least one concrete piece of evidence against the highest risks. Not every week will produce a breakthrough, but every week should make the project less dependent on opinion. Evidence can be a load test, a failed prototype, a migration rehearsal, a decision from an owner, a compatibility test, or a user workflow exercised end to end.

Integration points: the project should identify the earliest moments when separate pieces touch reality together. Integration is where optimistic plans meet actual behavior. I want those points pulled forward, even if the first version is ugly.

User-visible milestone: internal completion is not enough. A big project needs at least one milestone that proves the user promise, operator promise, or consuming-team promise can be met. This does not have to be a public launch. It does have to test value outside the team building the project.

Rollback proof: rollback should be demonstrated before it is needed. A written rollback plan is an intention. A rollback proof is evidence that the system, data, deployment process, and humans can actually move backward or contain damage.

Adoption signal: shipping is not adoption. For platform work, adoption may mean a real internal consumer chooses the path. For product infrastructure, it may mean support load changes shape. For a migration, it may mean old paths can be retired. The project should define the signal before launch pressure distorts the definition.

This rhythm creates a different weekly conversation. Instead of asking every stream to report progress, I ask which risks moved, which risks did not, and which risk is now controlling the sequence.

Where this model breaks

Evidence rhythms can become status theater. A project can manufacture low-value proof to satisfy the ritual: tiny tests that do not challenge assumptions, green dashboards that measure the wrong thing, demos staged far away from real constraints, or risk ledgers that never cause decisions.

The model also breaks when evidence is demanded with no appetite for bad news. If every negative signal is punished, teams will sand down evidence until it becomes performance. A useful rhythm requires leaders to treat early failure as a gift, not a stain.

There is also a cost. Pulling integration forward, proving rollback, and finding adoption signals takes time. For small, reversible work, the full rhythm is too heavy. The ceremony should scale with blast radius, not with someone's preference for process.

The counterpoint is that some projects genuinely need a short burst of building before evidence is available. Even then, the burst should be time-boxed and tied to a question. "Build for three weeks" is vague. "Build enough in three weeks to test whether this integration contract survives real caller behavior" is a bet.

What I do now

At the start of a big project, I ask for a risk ledger before I ask for a polished schedule. The schedule matters, but the ledger tells me whether the schedule is based on evidence or hope.

In weekly reviews, I ask three questions:

  • What risk got smaller?
  • What evidence made it smaller?
  • What risk now controls the sequence?

If the answer is a list of completed tasks, I push for the missing evidence. A task can be complete while the project remains just as risky as last week.

I try to pull integration points forward. This often feels inefficient because early integration exposes unfinished edges. That discomfort is useful. It reveals contract problems, ownership gaps, environment assumptions, and operational friction while the project can still respond.

I also insist on rollback proof for changes with meaningful blast radius. This does not always mean full reversal. Sometimes it means containment, disablement, dual-running, repair tooling, or a manual process with an owner. The key is that recovery must be practiced enough to be trusted.

For adoption, I avoid vague language like "teams will migrate" or "users will use it." I want a named adoption signal and an owner for creating the conditions around it. Many big projects fail after launch because they confuse availability with changed behavior.

The principal-engineer lens is risk retirement. A project is healthier when its most dangerous assumptions are being tested early, repeatedly, and visibly.

Closing takeaway

Do not ask only whether a big project is moving. Ask whether the risk ledger is shrinking through evidence every week.