A Risk is an uncertain event that will impact your chosen path should it be realised. Risks are events that are not currently affecting you – they haven’t happened yet. Once a risk is realised, it becomes an Issue.
As touched upon in the Identifying Risks section, Agile Project Management has Risk Management built into it’s core. The meetings that take place in the run up to Sprint Planning offer numbers opportunities to mitigate/avoid Business, Technical and Logistical risk realisation. These meetings also offer an opportunity to review risk realisation and improve Risk Management techniques.
The ‘Review’ stage in the Risk Management life cycle is three-fold:
- Reviewing active risks to ensure that responses are delivered in a timely/efficient manner
- Reviewing the risk management process to ensure that it is optimised
- Reviewing the impact of risks and risk realisation on project and company objectives
The first part i.e. Reviewing active risks, is done via the Daily Scrum, Scrum of Scrums and Programme Planning Meeting. Actions and decision points are added to the following whiteboards and reviewed daily:
- Epic Boards – Programme-level risks, issues and actions reviewed at the Scrum of Scrums or Programme Planning Meeting
- Risk Matrices – Risk assessment i.e. impact vs likelihood reviewed at the Daily Scrum, Sprint Planning and the Retrospective
- Risk Board – Risk response activities e.g. Mitigate, Avoid, Evade, Contain reviewed at the Daily Scrum, Sprint Planning and the Retrospective
These boardare reviewed Daily and ‘Sprintly’ to ensure the efficient management of known risks and in order to enable the discovery of emerging risks.
The second two parts are handled as part of the Retrospective(team/project-level) and the Retrospective of Retrospectives (“RoR”) (programme-level).
The key questions answered at a retrospective are:
- What went well last sprint? < e.g. this could be the successful handling of a risk
- What didn’t go so well last sprint? < e.g. this could be the realisation of a risk or the re-occurrence of an issue
- What will we do differently next sprint? < e.g. this could include risk mitigation/response activities