The Project Management Body of Knowledge (“PMBOK”) describes 12 Principles of . I’ve taken the headings and summarised the main messages from an Agile perspective.
1) Organisational Context
There’s no ‘one-size-fits-all’ when it comes to Risk Management. Each organisation will be affected by different Political, Economic, Societal, Technological, Legal and Environmental factors (“PESTLE“).
It’s also worth pointing out (the obvious) that each organisation will have different internal cultures, communication channels, levels of agile-adoption and existing risk management processes.
2) Stakeholder Involvement
3) Organisational Objectives
When assessing and responding to a risk, be sure to keep the overal organisational objectives in mind – see the bigger picture.
When considering a Task-level risk, look at the role it plays towards delivering a User Story. If you’re concerned about a User Story, consider the impact it has on delivering your Sprint Objective or the relevant Theme. If you’re concerned about a particular Theme, then look at the relevant Epic or the Programme of works.
Keep things in perspective and don’t lose sight of your end-goal.
4) Management of Risk Approach (N/A)
This particular principle is less applicable as it refers specifically to the PMBOK Risk Management processes, however the message basically stresses the importance of following best practice guidelines and learning from the mistakes of others.
Keep people informed – ensure transparency and visibility. Communication is key!
6) Roles & Responsibilities
7) Support Structure
Ensure that everyone understands how risk is managed through the Risk Management Life cycle and who to go to if they have any questions.
- How are risks identified (e.g. via Daily )
- How and when are risks escalated?
- Where and in what format are risks documented?
- How and when are risks reviewed (e.g. Retrospective)
8) Early Warning Indicators
Give yourself the best chance of forecasting/anticipating the transition of a Risk to an active Issue. Ensure that everyone is communicating and that any potential issues are highlighted in the Daily Scrum.
It’s also important to know how you should react in the event a risk does or is about to be realised e.g. who needs to know and how will you inform them – in the Daily Scrum also? Or, maybe in the Scrum of Scrums? Or, maybe you’ll just walk over and tell them.
9) Review Cycle
Make sure that your Risk Board is visible and that you’re regularly reviewing it – you could do this via the Retrospective and as an extension to the Daily Scrum by adding a 4th question:
- What did you do since the last sprint?
- What will do you today?
- Is there anything blocking you at the moment?
- Any changes to the risks board?
10) Overcoming Barriers to the Management of Risk
Ensure you’re doing everything you can to give you the best chance of successfully managing risk.
Some common barriers include:
- Established roles, responsibilities, accountability and ownership.
- An appropriate budget for embedding approach and carrying out activities.
- Adequate and accessible training, tools and techniques.
- Risk management orientation, induction and training processes.
- Regular assessment of Management of Risk approach (including all of the above issues).
11) Supportive Culture
Make sure that everyone on the team feels comfortable raising, discussing and managing risks.
12) Continual Improvement