Risk management in Agile software development projects
In Agile risks are identified continuously during sprint planning, demos, retrospectives, and daily stand-ups.
Use the cause-risk-effect format to name risks
To differentiate risks from issues, you can use the 'cause-risk-effect' format: 'Due to / if / because (cause), a (risk) may occur, which could lead to (effect)'.
For example: 'If we switched vendors, it may take 3 weeks before they get access to all the systems, which could lead to more delays.'
1.Dönmez D, Grote G. Two sides of the same coin – how agile software development teams approach uncertainty as threats and opportunities. Inf Softw Technol. 2018;93:94-111.
2.Patkai N. Data management tool for aiding the hazard and operability analysis process. In: 2006 IEEE International Conference on Computational Cybernetics. IEEE; 2006.
3.Shrivastava SV, Rathod U. Categorization of risk factors for distributed agile projects. Inf Softw Technol. 2015;58:373-387.
4.Shrivastava SV, Rathod U. A risk management framework for distributed agile projects. Inf Softw Technol. 2017;85:1-15.
5.Tavares BG, da Silva CES, de Souza AD. Practices to improve risk management in agile projects. Int j softw eng knowl eng. 2019;29(03):381-399.
6.Buganová K, Šimíčková J. Risk management in traditional and agile project management. Transp res procedia. 2019;40:986-993.
7.Schön E-M, Radtke D, Jordan C. Improving risk management in a scaled agile environment. In: Lecture Notes in Business Information Processing. Springer International Publishing; 2020:132-141.
8.Winters T, Wright H, Manshrek T. Software Engineering at Google: Lessons Learned from Programming over Time. O’Reilly Media; 2020.
9.DeMarco T. Waltzing with Bears: Managing Risk on Software Projects. Addison-Wesley Professional; 2013.
10.ISO 31000. Iso.org. Published 2020. Accessed July 6, 2021. Source
11.Mulcahy R. Risk Management, Tricks of the Trade for Project Managers. RMC Publications; 2003.
12.Lencioni PM. The Five Dysfunctions of a Team: A Leadership Fable. 1st ed. Jossey-Bass; 2013.
- Identify risks continuously
- Practise active listening
- Identify team dysfunctions
- Differentiate between a Risk and an Issue
- Create a safe team environment
- Involve stakeholders when identifying risks
- Use risk categories to identify more risks
- Brainstorm risks
- Conduct a pre-mortem to identify more risks
- Set up expert interviews
- Set up an anonymous system for reporting risks
- Identify risk triggers
- Prioritise risks
- Assign risk owners
- Evaluate and prioritize risks
- Control risks
- Monitor and review risks
- Plan response strategies
- Consider residual and secondary risks
- Assess risk interactions
- Learn from other teams
- Identify assumptions
- Check historical records
- Determine whether you need more formal risk management
- Check if your team identified Safety or Health risks
- Define your risk appetite
- Use the cause-risk-effect format to name risks
- Create a Risk Burndown Chart
- Make a Risk-adjusted Backlog
- Create a Risk Board
- Continuously improve