Risk management in Agile software development projects
In Agile risks are identified continuously during sprint planning, demos, retrospectives, and daily stand-ups.
You can prioritize risks based on their impact and likelihood. But beware that the assessment of risk's likelihood and impact is an estimate only, doesn't include an assessment of timeframes (for example when the risk might materialize), is often biased, and can sometimes give a false sense of security.
Sometimes assigning a risk rating can oversimplify the complexity, and doesn't take into account how risks interact with each other.
However, it's a simple method to implement and introduce to a team not yet familiar with risk management. It promotes discussion, makes the analysis process faster, and helps to prioritize and evaluate the most important areas of risk.
1.Dönmez D, Grote G. Two sides of the same coin – how agile software development teams approach uncertainty as threats and opportunities. Inf Softw Technol. 2018;93:94-111.
2.Patkai N. Data management tool for aiding the hazard and operability analysis process. In: 2006 IEEE International Conference on Computational Cybernetics. IEEE; 2006.
3.Shrivastava SV, Rathod U. Categorization of risk factors for distributed agile projects. Inf Softw Technol. 2015;58:373-387.
4.Shrivastava SV, Rathod U. A risk management framework for distributed agile projects. Inf Softw Technol. 2017;85:1-15.
5.Tavares BG, da Silva CES, de Souza AD. Practices to improve risk management in agile projects. Int j softw eng knowl eng. 2019;29(03):381-399.
6.Buganová K, Šimíčková J. Risk management in traditional and agile project management. Transp res procedia. 2019;40:986-993.
7.Schön E-M, Radtke D, Jordan C. Improving risk management in a scaled agile environment. In: Lecture Notes in Business Information Processing. Springer International Publishing; 2020:132-141.
8.Winters T, Wright H, Manshrek T. Software Engineering at Google: Lessons Learned from Programming over Time. O’Reilly Media; 2020.
9.DeMarco T. Waltzing with Bears: Managing Risk on Software Projects. Addison-Wesley Professional; 2013.
10.ISO 31000. Iso.org. Published 2020. Accessed July 6, 2021. Source
11.Mulcahy R. Risk Management, Tricks of the Trade for Project Managers. RMC Publications; 2003.
12.Lencioni PM. The Five Dysfunctions of a Team: A Leadership Fable. 1st ed. Jossey-Bass; 2013.
- Identify risks continuously
- Practise active listening
- Identify team dysfunctions
- Differentiate between a Risk and an Issue
- Create a safe team environment
- Involve stakeholders when identifying risks
- Use risk categories to identify more risks
- Brainstorm risks
- Conduct a pre-mortem to identify more risks
- Set up expert interviews
- Set up an anonymous system for reporting risks
- Identify risk triggers
- Prioritise risks
- Assign risk owners
- Evaluate and prioritize risks
- Control risks
- Monitor and review risks
- Plan response strategies
- Consider residual and secondary risks
- Assess risk interactions
- Learn from other teams
- Identify assumptions
- Check historical records
- Determine whether you need more formal risk management
- Check if your team identified Safety or Health risks
- Define your risk appetite
- Use the cause-risk-effect format to name risks
- Create a Risk Burndown Chart
- Make a Risk-adjusted Backlog
- Create a Risk Board
- Continuously improve