Search This Blog

Tuesday, 22 May 2012

Agile Risk Management

 The agile risk management and the process is the similar to the traditional risk management. (Refer risk management). The process integrates into the life cycle and the frequency of running varies considerably in the agile.

The agile risk management described below:

Identify risks:
The risks are identified during the sprint planning meeting, requirements workshop, sprint review and retrospective.
The identifying the risk process repeats for all the iterations.

Assess the risks:
The traditional steps of assigning the probability and impact scores to the risks and calculating the severity still are undertaken here.
Use the probability, Impact, risk rating and highlight in different colors.

Respond the risks:
The responds actions avoid, mitigate, transfer or accept are taken to respond to the risks.
Developing options and actions to reduce risks and increase opportunities is performed in both traditional and agile environments. The main difference is that in an agile environment the entire team participates in developing options and actions to reduce risks. It is the team commitment to build the working software for specific iteration/release so it is also the team responsibility to manage risks on daily, iteration and release level.

Review the risks:
The risks are reviewed during the retrospective meeting and track the progress on the risk reduction.

Agile is the great platform to for rapid risk identification and detection. The iterative nature of the agile project allows us to tackle the high risks sooner than later.
The agile projects are driven by business needs and risk driven. This means the user stories involves the risks in the product backlog are given high priority and moved up in the backlog so the work taken as soon as possible to resolve the risks.

Risk reassessment occurs during the agile iteration retrospective meeting, where previous risks or concerns are revisited as part of determining changes that need to be made going forward. And finally, risks are monitored on a daily basis by the use of highly visible information radiators, such as task boards and burndown charts, which show the current status of risks in addition to project status. Daily stand-up meetings contribute to the constant monitoring process by exposing potential risk triggers and new obstacles.

The process for handling the risk is given below:
1) The product backlog items are reviewed.
2) Risk identification, analysis and prioritization are performed.
3) The risk response activities are performed by mapping the risks identified in the backlog feature.
4) The risk scores are provided by team members, which are summed to identify the critical risks to prioritize feature based on risk score.
5) The iteration feature lists are derived based on the product backlog which is attached with risk score.
6) The iteration goals are now derived.
7) The iterations are executed, risks are monitored and mitigated.

The risk management is the important aspect and needs more attention to achieve the project success. The team owns the risk management in the agile project and its facilitated by the scrum master.
Risks are identified in all planning meetings: daily stand-ups, iteration planning meetings, and release planning meetings. Risks are then analyzed and addressed in these same iteration and release planning meetings.

Risks are subsequently monitored in daily stand-ups, and iteration reviews and retrospectives. Risk management in an agile environment is incredibly successful, due to the team’s involvement and the agile framework of iterative development that lends itself to active responses to risks and the continuous identification.


  1. Sathees - Good article. I am still in the learning process for Agile / Scrum. In the Agile process, do you document the Risks from previous scrums (Related to the same project) anywhere? Something similar to a Risk register is available?

    - Senthil.

  2. interesting blog. It would be great if you can provide more details about it. Thanks you

    Agile Project Management

  3. Risk management attempts to plan for and handle events that are uncertain in that they may or may actually occur. These are surprises. Some surprises are pleasant. We may plan an event for the public and it is so successful that twice as many people attend as we expected. A good turn-out is positive. However, if we have not planned for this possibility, we will not have resources available to meet the needs of these additional people in a timely manner and the positive can quickly turn into a negative.

  4. Thank you for more detailed information very well written about Risk Management Software... Here is a chance for you to proactively identify, quantify, monitor, and manage your organization’s risk. Avail 30-day free trial of 360factors Risk Management Software today!

  5. Long Description Riskonnect is the trusted, preferred source of Integrated Risk Management technology,GRC software offering a growing suite of solutions on a world-class cloud computing model that enable clients to elevate their programs for management of all risks across the enterprise. Riskonnect allows organizations to holistically understand, manage and control risks, positively affecting shareholder value