Tuesday, February 15, 2011

Is the Risk Management Process Area compatible with Agile?

The Risk Management process area, a process area at level 3, aims at foreseen risks so that they can be mitigated in case they occur.

Below are the specific goals and practices:

SG 1 Prepare for Risk Management
SP 1.1 Determine Risk Sources and Categories
SP 1.2 Define Risk Parameters
SP 1.3 Establish a Risk Management Strategy
SG 2 Identify and Analyze Risks
SP 2.1 Identify Risks
SP 2.2 Evaluate, Categorize, and Prioritize Risks
SG 3 Mitigate Risks
SP 3.1 Develop Risk Mitigation Plans
SP 3.2 Implement Risk Mitigation Plans

Is there the need of a risk management process area in an Agile organization?

I have heard this question a lot in organizations that transition to Agile: How does Agile handle risk management? This question usually comes from project managers used to Waterfall methodologies where maintaining a list of potential risks and how to mitigate them was of utmost importance. Why? Because these risks appeared late in the life of the project, when a good percentage of the budgeted money has been expended and there wasn’t much space to take decisions. Been able to deal with these risks at that moment decided the fate of the project. Agile approaches risk management differently. Agile tries to deal with risks as early as possible or as soon as risks appear. The risk that a user story entails is a decisive factor in the prioritization of this user story. If a new risk is detected, constant reprioritization assures that it will be dealt with soon. With this approach, the fate of the project is decided when there is still room to maneuver and money to do it. Instead of trying to foresee risks in the future and imagine solutions, risks are aggressively attacked. A side effect of this approach is the infrastructure needed to deal with risks is lighter than the one needed in Waterfall. Would you need a list of risks if you know that the top priority user stories are attacking the same set of risks? Not too sure. Would you try to imagine how to deal with them if they are going to be tackled by the team in the next iteration? No need to draw in the air, right? The processes and practices in Agile make up the risks management infrastructure.


Risk Management is embedded into the process in Agile. Therefore, I am not sure this area would be too valuable.

No comments:

Post a Comment