How is Risk Management for Agile different? Most people think of a conventional approach to risk management built around a plan-driven approach to project management which heavily emphasizes risk avoidance
I want to share my thoughts on a risk management approach for Agile project environments. This approach can also be used in a traditional plan-driven project management environment.
First, if you’ve read any of my other blog posts or books, you will understand that:
- We need to broaden our view of project management to see “Agile” and what is commonly called “Waterfall” as complementary to each other as opposed to competitive, and
- Recognize that traditional plan-driven project management is not the only approach to project management
I prefer to think of a continuous range of alternatives from heavily plan-driven at one extreme to heavily adaptive at the other extreme that looks something like this:
The right thing to do is to fit the approach to the project as opposed to force-fitting the project to an arbitrary model (whatever it might be – Agile or plan-driven).
- One of the biggest characteristics that would influence the choice of an approach is the level of uncertainty in the project and
- Uncertainty is directly related to risk
That kind of broader approach to project management has a big impact on how you might do risk management.
Why is Agile Risk Management Different?
There are some key differences in an Agile risk management approach in a very uncertain environment:
1. Definition of Failure
Risk is associated with the failure of a project. How you define “failure” has a big impact on how you do risk management.
Traditional Plan-driven Projects
In a traditional plan-driven project,
- The requirements of the project are typically well-defined.
- A “failure” would normally be associated with failing to deliver those requirements within the required cost and schedule budgets allocated for the project
A typical approach used to manage risk is based on avoiding and eliminating risks and uncertainty as much as possible:
- This enables the project to deliver predictable results
- Be mindful that this can work against you if you have a goal of maximizing business value. (See my article on Management of Uncertainty in Agile Projects).
In an Agile environment,
- There is a much higher level of importance placed on providing business value and not simply meeting cost and schedule goals. This may significantly change the nature of the risk exposure.
- That’s a very important difference between an Agile (or adaptive) approach and a more traditional plan-driven approach.
2. Relationship to Upfront Planning
An Agile approach normally has a lot less upfront planning:
Note that this is not an all-or-nothing choice between zero upfront planning and highly-detailed and rigid upfront planning. The approach to planning could be anywhere between those extremes and the approach to risk management should be consistent with the level of planning.
The important point is that it just isn’t practical to take a comprehensive approach to identify and anticipate all risks in a project if you have only done a limited amount of upfront planning. A project with limited planning will require a more dynamic approach for identifying and managing risks throughout the project. That approach differs from the traditional detailed planning approach which attempts to identify and anticipate all risks up front.
3. Relationship to Business Value
The risk of not producing the appropriate business value in a very uncertain environment is a very different kind of risk. As a result, the project may end up producing a mediocre deliverable that meets the requirements, but fails to add significant business value.
To reduce the risk in a project, one often favors using tried-and-true technology as opposed to “Pushing the envelope” a bit to use riskier technology that might provide a higher level of value to the user. That may be the right thing to do from a project management perspective, but it could easily result in a very mediocre product that doesn’t provide much business value.
Advantages of an Agile Risk Management Approach
An Agile or adaptive approach can have a lot of advantages for developing a very effective risk management approach.
- Agile or adaptive thinking provides the ability to structure a project to fail early and inexpensively. This can significantly reduce overall project risk.
- When a risk does occur in an Agile environment, it is generally easier to address and avoid extensively re-planning the entire project
There are also several more specific risk management advantages that an Agile or adaptive approach can provide:
- Technical risks are addressed through early prototypes (“spike stories”) and side-by-side comparison of alternatives (‘A/B testing’)
- Integration risk is mitigated through early and continuous integration. User acceptance risk is mitigated through early product review
- Cost and schedule risk is mitigated through incremental releases. We always have something to show for the money spent; it is no longer an all or nothing trade-off
Some people might think that risk management isn’t appropriate in an Agile environment. I don’t believe that to be the case.
- You can do as much or as little risk management as needed depending on the nature of the project and
- An Agile project actually provides an environment that can be well-suited to risk management
It just requires a different approach to risk management:
1. Definition of Failure
The risk management approach needs to recognize a broader definition of “failure”. A project can fail by failing to deliver business value even if it meets defined requirements and meets its cost and schedule goals
2. Level of Upfront Planning
The approach to risk management needs to be consistent with the overall level of upfront planning in the project:
- Risk is directly related to uncertainty and
- The level of uncertainty also determines the planning approach
An abbreviated level of upfront planning might mean a:
- Less comprehensive identification and analysis of risks prior to the start of the project
- More dynamic approach to risk management as the project is in progress.
3. Risks Are Related to Opportunities
Instead of seeing all risks as a bad thing that should be avoided and eliminated, we need to recognize that some risks are related to opportunities. For that reason, a decision to avoid or eliminate risks needs to consider the impact of potential missed opportunities as well as the impact of the risk.
You can find related articles on the topic of “Agile Risk Management” here:
You will find much more detail on this in my Online Agile Project Management Training.