With increasing project complexity and with the COVID-19 pandemic many companies have been driven to reexamine and improve their risk management techniques, technologies, and processes. This short article should help you better understand how to apply risk management in agile projects and help you take steps to reduce risks in the future.
Risk is any uncertain event that can occur and be either positive or negative. Positive risks are called opportunities and issues are known as materialized risks. Risk management is the process of identifying and responding to any risks in the project lifecycle. Managing risks should be part of the planning process and not a method of proaction.
The ISO 31000 standard divides the risk management process into several steps:
ISO 31000 set 11 principles as best practices:
Besides the ISO 31000 framework, there are a few others worth mentioning:
Projects using traditional techniques require the plan to be developed in the project planning and preparation phase. Traditional techniques are usually done to reduce/eliminate as many risks as they can to produce the “perfect” plan. All risks that cannot be mitigated are tracked. Work on the project can start after the plan has been approved by the project sponsor. The rigidity of this approach creates additional issues when a risk materializes.
In comparison to long periods of work that can’t be reviewed in time and have low project flexibility, Scrum has built-in points for plan adjustment and risk identification. These points provide the perfect time for the risk management process. During every agile planning ceremony there are opportunities for identifying risk and time can be allocated to mitigate or eliminate the risk.
There are plenty of tools, techniques, and approaches for agile risk management, they include, but are not limited to:
In practice, every project follows a somewhat unique approach for dealing with risks and the tools and techniques should be used when needed. This follows the agile doctrine.
The ROAM board is a widely used tool for scaling risk management under SAFe®. It is used during PI planning to Resolve, Own, Accept or Mitigate all risks. It enables teams to highlight risks so they can take action. Resolved risks are disregarded, risks that cannot be mitigated but are completely understood can be Accepted, and Mitigated risks require a plan for impact or probability reduction.
Owned is the only category that contains risks that have no work done upon them. They are assigned to a team member. It is very important that their mitigation is planned and executed.
It works in three steps:
A Monte Carlo simulation is a computerized technique that allows for risks to be accounted in decision making and quantitative analysis. It builds possible results by substituting values for any uncertain factor and the results show not only what could happen, but how likely the outcome is, and it is also used as a tool for assistance in decision making. One of the practical uses is determining possible minimum or maximum time needed for completing a defined amount of work as shown on FIGURE 3 below.
The y-axis shows the probability that the work will be completed at a given date and the x-axis shows the time planned for the work to be done.
The agile framework with a well-functioning single product team inherently reduces the need to monitor, control and track risks; it does not eliminate them.
In order to successfully apply risk management to the agile framework, it’s important to understand where to include it. Risk management needs to be incorporated from the beginning and throughout the entire project lifecycle.
There are “pause” points that can be used for identifying risks on the Project level:
And once risk management practices are in place at the project level, it’s important to incorporate the same behaviors and the same mindset on the Iterative level:
To find out more about how we can help you with Agile Methodology check our Proof of expertise: