I suppose it depends on the capabilities of your programming staff, and in no small part on your sensibilities as a manager.

Some programmers are staunch advocates of TDD, and will not write any code without writing a unit test first. Other programmers are perfectly capable of creating perfectly good, bug free programs without writing a single unit test. The level of cyclomatic complexity that each group can tolerate is almost certainly going to vary substantially.

It’s a subjective metric; evaluate the setting on your Code Metrics solution, and adjust it to a sweet spot that you feel comfortable with that gives you sensible results.

There are no predefined categories and no categorization would be possible for several reasons:

1. Some refactoring techniques just move the complexity from one point to another (not from your code to the framework or a well-tested external library, but from one location to another of the codebase). It helps reducing cyclomatic complexity and helps convincing your boss (or any person who loves presentations with constantly increasing graphics) that you spent your time making something great, but the code stays as bad as it was previously.

2. At the opposite, sometimes, when you refactor a project by applying some design and programming patterns, cyclomatic complexity can become worse, while the refactored code is expected to be clear: developers know programming patterns (at least they are expected to know them), so it simplifies the code for them, but cyclomatic complexity doesn’t take this in account.

3. Some other non-refactoring techniques don’t affect the cyclomatic complexity at all, while severely decreasing the complexity of a code for developers. Examples: adding relevant comments or documentation. “Modernizing” the code by using syntactic sugar.

4. There are simply cases where cyclomatic complexity is irrelevant. I like the example given by whatsisname in his comment: some large switch statements can be extremely clear and rewriting them in a more OOPy way would not be very useful (and would complicate the understanding of the code by beginners). At the same time, those statements are a disaster, cyclomatic complexity-wise.

5. As Robert Harvey already said above, it depends on the team itself.

In practice, I’ve seen source code which had good cyclomatic complexity, but which was terrible. At the same time, I’ve seen code with high cyclomatic complexity, but I hadn’t too much pain understanding it.

It’s just that there is no and couldn’t be any tool which would indicate, flawlessly, how good or bad is a given piece of code or how easy is it to maintain. As you can’t program an application which will tell that a given painting is a masterpiece, and that another one should be thrown away, because it has no artistic value.

There are metrics which are broken by design (like LOC or the number of comments per file), and there are metrics which can give some raw hints (like the number of bugs or the cyclomatic complexity). In all cases, those are just hints, and should be used with caution.