How is Risk Management for Agile different? Most people think of a conventional approach to risk management built around a plan-driven approach to project management.
- I want to share my thoughts on a broader view of risk management for Agile project environments.
- This approach will also work in a traditional plan-driven project management environment.
First, if you’ve read any of my other blog posts or books, you will understand that:
- We need to broaden our view of project management to see “Agile” and what is commonly called “Waterfall” as complementary to each other rather than competitive and
- Recognize that traditional plan-driven project management is not the only approach to project management
I prefer to think of a continuous range of alternatives from heavily plan-driven at one extreme to heavily adaptive at the other extreme that looks something like this:
And, the right thing to do is to fit the approach to the project rather than force-fitting a project to some arbitrary model (whatever it might be – Agile or plan-driven).
- One of the biggest characteristics that would influence the choice of an approach is the level of uncertainty in the project and
- Uncertainty is directly related to risk
That kind of broader approach to project management has a big impact on how you might do risk management.
Why is Risk Management Different in an Agile or More Adaptive Environment?
There are some key differences in an Agile risk management approach in a very uncertain environment:
1. Definition of Failure
Risk is associated with the failure of a project, so how you define “failure” has a big impact on how you do risk management.
Traditional Plan-driven Projects
In a traditional plan-driven project,
- The requirements of the project are typically well-defined.
- A “failure” would normally be associated with failing to deliver those requirements within the required cost and schedule budgets allocated for the project
A conventional approach to risk management is typically used that is generally based on avoiding and eliminating risks and uncertainty as much as possible:
- That enables the project will deliver predictable results, but
- That approach can work against you if you have a goal of maximizing business value
- (See my article on Management of Uncertainty in Agile Projects).
In an Agile environment,
- There is a much larger risk that the project won’t produce the required business value even if it does meet the defined requirements within budgeted cost and schedule goals
- That’s a very important difference between an Agile (or adaptive) approach and a more traditional plan-driven approach.
2. Relationship to Upfront Planning
Since an Agile approach normally has a lot less upfront planning,
- It typically requires a more dynamic approach for identifying and managing some of the risks while the project is in progress rather than
- A comprehensive approach to identify and anticipate risks before the project starts.
Note that this is not an all-or-nothing choice between zero upfront planning and highly detailed and rigid upfront planning – the approach to planning could be anywhere between those extremes and the approach to risk management should be consistent with the level of planning.
The important point is that it just isn’t practical to take a comprehensive approach to identify and anticipate all risks in a project with a very limited amount of upfront planning
3. Relationship to Business Value
The risk of not producing the appropriate business value in a very uncertain environment is a very different kind of risk. You could produce a relatively mediocre product that met the letter of the requirements but really didn’t provide much business value. That requires a different kind of risk management approach:
- To reduce the risk in a project, you might tend to favor a low risk approach of using tried-and-true technology rather than
- “Pushing the envelope” a bit to use riskier technology that might provide a higher level of value to the user
From a risk management perspective, that may be the right thing to do, but it could easily result in a very mediocre product that doesn’t provide much business value.
Advantages of an Agile or Adaptive Risk Management Approach
An Agile or adaptive approach can have a lot of advantages for developing a very effective risk management approach.
- Agile or adaptive thinking provides the ability to structure a project to fail early and inexpensively. That minimizes the impact of a risk on the overall project
- When a risk does occur in an Agile environment, it is generally easier to adapt to the risk without extensive re-planning of the entire project
There are also several more specific risk management advantages that an Agile or adaptive approach can provide:
- Technical risks are addressed through early prototypes (“spike stories”) and side-by-side comparison of alternatives (‘A/B testing’)
- Integration risk is mitigated through early and continuous integration. User acceptance risk is mitigated through early product review
- Cost and schedule risk is mitigated through incremental releases. We always have something to show for the money spent; it is no longer an all or nothing trade-off
Some people might think that risk management isn’t appropriate in an Agile environment. I don’t believe that to be the case.
- You can do as much or as little risk management as needed depending on the nature of the project and
- An Agile project actually provides an environment that can be well-suited to risk management
It just requires a different approach to risk management:
1. Definition of Failure
The risk management approach needs to recognize a broader definition of “failure”. A project can fail by failing to deliver business value even if it meets defined requirements and meets its cost and schedule goals
2. Level of Upfront Planning
The approach to risk management needs to be consistent with the overall level of upfront planning in the project:
- Risk is directly related to uncertainty and
- The level of uncertainty also determines the planning approach
An abbreviated level of upfront planning might mean
- A less comprehensive identification and analysis of risks prior to the start of the project and
- A more dynamic approach to risk management as the project is in progress.
3. Risks Are Related to Opportunities
Instead of seeing all risks as a bad thing that should be avoided and eliminated, we need to recognize that some risks are related to opportunities. For that reason, a decision to avoid or eliminate risks needs to consider the impact of potential missed opportunities as well as the impact of the risk.
You will find much more detail on this in my Online Agile Project Management Training.