The content has been bookmarked!
There was an error bookmarking this content! Please retry.
Posted by Vikas Hazrati on Jan 27, 2009
Risk management is an activity directed towards assessing, mitigating and monitoring of risks. Many Agilists believe that the process of risk management for Agile projects is not significantly different from the traditional projects. Though the process might be a bit lighter in Agile, however, the steps of finding, sifting, sorting and creating resolution plans for risks remains close to traditional projects.
Mike Cottmeyer suggested that, Agile methodologies are better in identifying and mitigating risks. According to him,
Agile is so effective at managing risk because risk management processes are built into the very fabric of how we run the project.
There is an implicit understanding that risk is EVERYWHERE on a project. Risk cannot be contained in a risk list. Risk cannot be mitigated in a team meeting or a periodic risk review session. Dealing with risk has to be an obsession. Our mitigation strategies don’t live outside the project, but influence the very nature of how we structure and plan our work.
He further classified risk into three categories
According to Mike, by virtue of the fact that Agile encourages frequent delivery, constant inspection and adaptation, it inherently is risk management.
However, not everyone agrees that Agile inherently addresses risks.
Jurgen Appelo suggested that more often than not, there is a lack of focus on risk in Agile projects.
According to him,
Risk Management is part of Prince2, part of PMBOK, and part of the CMMI, but you don't often see it addressed explicitly in books on agile methods. I think that's strange.
He also mentioned that, often project managers dig themselves deep into the project and miss the forest for the trees. This leads to a severe lack of focus on risk management.
James Shore added that effective risk management can help a team make solid commitments. He suggested using tools like risk multiplier and burn-up charts for managing project specific risks.
Risk multipliers account for common risks, such as turnover, changing requirements, work disruption, and so forth. These risk multipliers allow you to set a date, estimate how many story points of work you'll get done, and be right.
James suggested the following risk multipliers for a rigorous process where velocity of the team is constant and the stories are 'done done' at the end of the iteration.
Risk Multiplier
| Chance | Rigorous Process | Description |
| 10% | 1 | Ignore--almost impossible |
| 50% | 1.4 | Stretch goal--50/50 chance |
| 90% | 1.8 | Commitment--virtually certain |
Now, to make the commitment, the multipliers would be applied like this
| Chance | Story Points | FinishedDescription |
| 10% | 140 (140 ÷ 1) | Ignore--almost impossible |
| 50% | 100 (140 ÷ 1.4) | Stretch goal--50/50 chance |
| 90% | 78 (140 ÷ 1.8) | Commitment--virtually certain |
According to James,
This allows you to make commitments to stakeholders and executives. "We are virtually certain to finish 78 more points by our release date, so we're committing to delivering features A, B, and C. We have a 50-50 chance of completing 100 points, so we're planning on features X, Y, and Z as a stretch goal."
Thus, risk management is an integral part of any Agile project just like traditional projects. The key is give it the desired focus, mitigate it efficiently and make commitments based on it.
Transforming Software Delivery: An IBM Rational Case Study
Agile Maturity Model Applied to Building and Releasing Software
In today’s hyper-competitive world, later may be too late to adopt Agile development and this Roadmap for Success will help you get started. Download "Agile Development: A Manager's Roadmap for Success" now!
Tracking risks "EXPLICITLY" in Agile is a waste. You do that all the time with standups, review meetings etc. There is no need to track it explicitly.
There is a need only when you are "not" doing the other practices correctly.
I agree. Risk mitigation is implicit in Agile.
Although the article sort of focuses more on date risk than any other types of risk. I am personally not a big fan of risk multipliers. Rather if the team can reach steady state velocity that should be good enough and velocity should already contain risk in it. Given steady state velocity, it's pretty easy to extrapolate a ship date.
My 2 cents
Jack
www.agilebuddy.com
blog.agilebuddy.com
The development KPIs we gain through use of Accurev (www.accurev.com) and properly staging our continuous integration environment (see blog by Damon Poole) are ways we incorporate risk management within our agile process.
I fully agree! As already stated, agile has so many measures in-built, which addresses risks or rather the probability of occurrence of any risks. I loved the statement made above -
"There is an implicit understanding that risk is EVERYWHERE on a project. Risk cannot be contained in a risk list. Risk cannot be mitigated in a team meeting or a periodic risk review session."
I have been associated with Agile practice for over 5 years now & this is an acknowledgement of this statement. :)
Attila Szegedi talks about performance tuning Java and Scala programs at Twitter: how to approach GC problems, the importance of asynchronous I/O, when to use MySQL/Cassandra/Redis, and much more.
One category of risk that project teams need to ensure they address is business value failure – delivering a product that fails to provide value for the business investor.
InfoQ spoke to the authors of Software Systems Architecture on a couple of new topics, the System Context viewpoint and Agile, which have been added to the second edition.
Alex Papadimoulis discusses ugly code, where it comes from, how to avoid it, and how to get rid of it.
John Davies examines Visa’s architecture and shows how enterprises have architected complex integrations incorporating Hadoop, memcached, Ruby on Rails, and others to deliver innovative solutions.
Sean Comerford unveils ESPN.com’s architecture, what components are used and why, and the current changes the website goes through.
Are there repeated patterns of failure on Enterprise Agile Enablement efforts? Sanjiv and Arlen discuss Seven Deadly Sins to avoid when adopting Agile in an enterprise.
Erik Dörnenburg answers: What is Enterprise and Evolutionary Architecture?, discussing 4 issues: Turning strategy into execution, Ensuring conformance, Where do the architects sit? Buying or building?
4 comments
Watch Thread Reply