Risk management in Agile software development projects
In Agile risks are identified continuously during sprint planning, demos, retrospectives, and daily stand-ups.
Consider residual and secondary risks
When managing risk, often new risks are triggered.
Remember to think about the risk that remains after controlling it (i.e. residual risk). And what are new risks that come as a result (i.e. secondary risks)?
1.Dönmez D, Grote G. Two sides of the same coin – how agile software development teams approach uncertainty as threats and opportunities. Inf Softw Technol. 2018;93:94-111.
2.Patkai N. Data management tool for aiding the hazard and operability analysis process. In: 2006 IEEE International Conference on Computational Cybernetics. IEEE; 2006.
3.Shrivastava SV, Rathod U. Categorization of risk factors for distributed agile projects. Inf Softw Technol. 2015;58:373-387.
4.Shrivastava SV, Rathod U. A risk management framework for distributed agile projects. Inf Softw Technol. 2017;85:1-15.
5.Tavares BG, da Silva CES, de Souza AD. Practices to improve risk management in agile projects. Int j softw eng knowl eng. 2019;29(03):381-399.
6.Buganová K, Šimíčková J. Risk management in traditional and agile project management. Transp res procedia. 2019;40:986-993.
7.Schön E-M, Radtke D, Jordan C. Improving risk management in a scaled agile environment. In: Lecture Notes in Business Information Processing. Springer International Publishing; 2020:132-141.
8.Winters T, Wright H, Manshrek T. Software Engineering at Google: Lessons Learned from Programming over Time. O’Reilly Media; 2020.
9.DeMarco T. Waltzing with Bears: Managing Risk on Software Projects. Addison-Wesley Professional; 2013.
10.ISO 31000. Iso.org. Published 2020. Accessed July 6, 2021. Source
11.Mulcahy R. Risk Management, Tricks of the Trade for Project Managers. RMC Publications; 2003.
12.Lencioni PM. The Five Dysfunctions of a Team: A Leadership Fable. 1st ed. Jossey-Bass; 2013.
- Identify risks continuously
- Practise active listening
- Identify team dysfunctions
- Differentiate between a Risk and an Issue
- Create a safe team environment
- Involve stakeholders when identifying risks
- Use risk categories to identify more risks
- Brainstorm risks
- Conduct a pre-mortem to identify more risks
- Set up expert interviews
- Set up an anonymous system for reporting risks
- Identify risk triggers
- Prioritise risks
- Assign risk owners
- Evaluate and prioritize risks
- Control risks
- Monitor and review risks
- Plan response strategies
- Consider residual and secondary risks
- Assess risk interactions
- Learn from other teams
- Identify assumptions
- Check historical records
- Determine whether you need more formal risk management
- Check if your team identified Safety or Health risks
- Define your risk appetite
- Use the cause-risk-effect format to name risks
- Create a Risk Burndown Chart
- Make a Risk-adjusted Backlog
- Create a Risk Board
- Continuously improve