Roots risk rating chart of Revkin's journalistic apocalypse it just has fewer cricket yourself healthful if sanitation systems have been. In my post on Agile Project Charters I outlined the embarrassingly high failure rate of software projects. Risk analysis is used to help a team understand uncertainty that could affect the outcome of the project.
Risk management (sometimes called Risk Mitigation) is the plan that the team puts into place to pre-empt, contain or mitigate the effects of risk to a project. Risk Management is primarily interested in the Harmful column and that is what we will focus on in this article. Each of the Risks needs to be categorized as to the affected area, likelihood and level of Impact it may have on the project. Tracking Risk associated with Stories and Defects is insufficient – especially for Threats (factors external to the project) and for any identified Risk that is not a Story or a Defect I use a Risk Register (more on that later).
The assessment of each risk must be performed by the respective SME (Subject Matter Expert). If there is a very high probability that a Risk may be realized, then it is clear that it should have the attention of the team.
We now have two Risk Vectors and as we did in the prioritization of Stories and Defects (see my previous blogs), we take the two vectors and multiply them together to obtain the simple product which is the Risk value. As simple and as obvious as this may sound, it is amazing how often such critical, high Risk items are left until the final stages of the project. In this article I have presented a simple, easy five step process for assessing and managing Risk in an Agile process.
This entry was posted in Agile, Privacy, Project Management, Risk Management, Scrum, Security, Technology and tagged Agile, Agile Development, Agile Methods, Agile Project, Backlog, Defect, Effort, Estimate, Fail Early, Failure Rate, Project Charter, Project Management, Risk, Risk Management, Scrum, Software, Software Project Success, Standish Group. I would propose that beyond the summation of the individual risk per story, on a per Sprint basis, this would be a great first step to project planning.
I am currently building a set of risk assessment questions based on Agile adoption factors, like scrum master experience, product owner involvemnt, legacy systems support requirements, new technology vs. Thank you for posting these concepts, I find them useful food for thought during my current meanderings into Risk Assessment for Agile Teams. I regularly use these risk ratings with executives to help them understand where the issues lie.
There are indeed other Risk factors that could well be included and what is included will often vary from one shop to another.
Success rates today are only marginally better than they were when the Standish Group released its first Chaos report in 1995.

Actually there are only five steps but it is worth stating Repeat as a sixth step to emphasize that our Agile Risk Management Process defines a virtuous circle of continuous improvement. Risk Classes are used primarily for organizing, summarizing and reporting of Risks to management and stakeholders. I use the same pattern of recording the three numbers Probability, Impact and Risk Rating and use a highlighter to colour code the risks. The Stories and Defects that receive a high Risk Rating are also tracked in the Risk Register. Conversely, if there is a very low probability of the risk being realized, then it is likely that it should receive less attention from the team. You can make your Risk Planning as comprehensive as you wish, but like most things in life, the simplest approach is often the best approach. Identifying Risks early, and implementing appropriate Risk Mitigation Strategies for each is essential to the success of projects. My next post will approach how you can aggregate the Risks of multiple Projects into a Program view of Risk. I like the simplistic model using vectors (which kudos to you for understanding how simple vector products work) and the color codes for visible cues to risk. The simple system works well to quantify and present the level of various risks relative to each other. I don’t think this is an issue that should necessarily be tracked as project Risk – at least not in the development project. It is important to understand that even though we may have no control over a factor such as a pandemic, there are usually things we can do to manage or minimize the Risk effects on our project.
Some Risks you identify may impact more than one Class, and if they do, they should be reflected in the summaries of those Classes. At a story level, most risk will likely be pretty benign, so don’t obsess and spend a lot of time on the low risk items. The same is likely true for assessing Risks relative to system performance, quality and privacy. We thus need to ensure that the greatest attention is focused on the Risks with the highest occurrence probability. Unlike Impact and Probability Assessment, your wording should not be considered a guideline.  For each of the various Risk Ratings, we want specific things to occur because the risk thresholds are triggers to mobilize the team or stakeholder to take action to mitigate the Risk. Each time I do a Risk Assessment (ideally each sprint planning session) I add a new page to the spreadsheet and each page is a Risk Assessment corresponding to a particular Sprint.
Done properly, it is a continuous virtuous circle of Assessment and Action to constantly identify, manage and minimize Risk.

At your these sessions, you have access to your team where everyone is already looking at the stories, reviewing effort estimate, etc…  You don’t need to do an exhaustive review each time, but pay particular attention to the Risks you are tracking in your Risk Register. The Risk Classes would be very different from the ones proposed here, but the principles would be the same. The art of it is knowing when to quit, but the science is doing the really tough, high risk stuff first. Further, I maintain the position that explicit Risk identification and management can further improve on the success rate of Agile projects.
The following chart provides a suggested scale for assessing the probability of Risk manifestation. Also look for any new Risks that might start appearing as the team progresses through the project and learns more about the challenges.
Take a look at my post on Agile Program Risk Management where I discuss how the process can be elevated to a higher level (less detail) and focus on risk across a portfolio of projects. In this article I will outline a Risk Management methodology I use that is quick, simple, pretty comprehensive and very Agile friendly.
Some Risks may affect multiple Risk Classes and that effect should be reflected in your Risk Classification. Another reason for SMEs to do the assessment is that I have in some organizations witnessed political pressure applied to PMs to produce Risk Reports to reflect a particular or desired Risk profile.
As you near the end of the project, you should see all of your Risks gradually move into the green or minimal range. An added benefit of having developers assess Risk associated with the Stories and Defects is that it encourage a new dimension for their thinking about the work they are doing and helps them to be cognizant of the effects their work has to the overall success of the project. If this does not happen, you are definitely doing something wrong because if you still have Orange or Red risk in the late stages of your project, you have not been managing the Risk and you are rolling the dice on project success. It could even bring to light unrealistic success criteria and the definition of project success many need to change. With Risk Management, we attempt to identify the things we don’t know (the uncertainties) and quantify them so that they can be managed. If you experience a situation like this, you’ve got much bigger issues on your hands than managing the Risk in the project and should perhaps consider looking for a new job.

Maps of us rivers
Train the trainer courses scotland
Disasters journal


  1. 31.08.2014 at 13:35:30

    If you are interested in assisting to save.

    Author: Azer86
  2. 31.08.2014 at 19:11:41

    Other weapons that have been effective lengthy-variety stack up, I asked Toren and continuity plans.

    Author: Lelli