12 Principles of Risk Management (PMBOK – with an Agile slant)

12 Principles of Agile Risk Management (PMBOK with an Agile Slant)The Project Management Body of Knowledge (“PMBOK”) describes 12 Principles of Risk Management.  I’ve taken the headings and summarised the main messages from an Agile perspective.

1) Organisational Context

There’s no ‘one-size-fits-all’ when it comes to Risk Management. Each organisation will be affected by different Political, Economic, Societal, Technological, Legal and Environmental factors (“PESTLE“).

It’s also worth pointing out (the obvious) that each organisation will have different internal cultures, communication channels, levels of agile-adoption and existing risk management processes.

2) Stakeholder Involvement

Involve your stakeholders wherever possible.  Keep them informed and understand the role they can/could play at each stage in the Risk Management process > Identify, Assess, Respond, Review.

3) Organisational Objectives

When assessing and responding to a risk, be sure to keep the overal organisational objectives in mind – see the bigger picture.

When considering a Task-level risk, look at the role it plays towards delivering a User Story. If you’re concerned about a User Story, consider the impact it has on delivering your Sprint Objective or the relevant Theme.  If you’re concerned about a particular Theme, then look at the relevant Epic or the Programme of works.

Keep things in perspective and don’t lose sight of your end-goal.

4) Management of Risk Approach (N/A)

This particular principle is less applicable as it refers specifically to the PMBOK Risk Management processes, however the message basically stresses the importance of following best practice guidelines and learning from the mistakes of others.

5) Reporting

Keep people informed – ensure transparency and visibility. Communication is key!

6) Roles & Responsibilities

Make sure that everyone understands the role they play at each stage of the Risk Management Life cycle i.e. > Identify, Assess, Respond, Review.  Ensure that all bases are covered by someone.

7) Support Structure

Ensure that everyone understands how risk is managed through the Risk Management Life cycle and who to go to if they have any questions.

For example:

  • How are risks identified (e.g. via Daily Scrum)
  • How and when are risks escalated?
  • Where and in what format are risks documented?
  • How and when are risks reviewed (e.g. Retrospective)
  • etc.

8) Early Warning Indicators

Give yourself the best chance of forecasting/anticipating the transition of a Risk to an active Issue. Ensure that everyone is communicating and that any potential issues are highlighted in the Daily Scrum.

It’s also important to know how you should react in the event a risk does or is about to be realised e.g. who needs to know and how will you inform them – in the Daily Scrum also? Or, maybe in the Scrum of Scrums? Or, maybe you’ll just walk over and tell them.

9) Review Cycle

Make sure that your Risk Board is visible and that you’re regularly reviewing it – you could do this via the Retrospective and as an extension to the Daily Scrum by adding a 4th question:

  1. What did you do since the last sprint?
  2. What will do you today?
  3. Is there anything blocking you at the moment?
  4. Any changes to the risks board?

10) Overcoming Barriers to the Management of Risk

Ensure you’re doing everything you can to give you the best chance of successfully managing risk.

Some common barriers include:

  • Established roles, responsibilities, accountability and ownership.
  • An appropriate budget for embedding approach and carrying out activities.
  • Adequate and accessible training, tools and techniques.
  • Risk management orientation, induction and training processes.
  • Regular assessment of Management of Risk approach (including all of the above issues).

11) Supportive Culture

Make sure that everyone on the team feels comfortable raising, discussing and managing risks.

12) Continual Improvement

Use the Retrospective to review the way you manage risk and to assess ongoing risks. Learn from your mistakes.


  Subscribe to the Agile101 RSS to be notified when I upload new Articles Templates and Tips!


Related Articles:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s