Risk management in agile

from http://resources.infosecinstitute.com/risk-management-agile/

Does Agile’s approach to project management in fact endanger the safety of an organization’s projects?Agile was created in order to deal with high-risk projects. There are three main types of risks from the investor’s perspective, and insist that they must be mastered fairly quickly.

  • Risk of delivery – the project may not be delivered on time, at a given budget and quality.
  • Risk of business value – the project may have no value.
  • Risk to the business model – that the project may hurt the existing organization of work.

Benefits of Choosing Agile

Agile methodology focuses primarily on providing value, while maintaining safety for organizations to implement solutions. Companies choose Agile because:

  • In long-term projects, it can quickly respond to changes in business.
  • Agile is based on the realities of the requirements of the organization, not imaginative over-analysis.
  • By deep collaboration with customers, and readiness to change (within reasonable budget), Agile promotes a win-win philosophy.

Risk Management in Agile

Most of the literature describing Agile methodologies completely ignores the topic of risk management. However, the risk is inherent in the projects by their very definition – if the project is an innovative project, then risk is associated with it. To avoid doubt, assume the definition of the risk to be any future, uncertain event that may affect the scope, time, resources, or quality of the project.

In fact, Agile has risk management inherent in the methodology, because of the short iterations, providing only the active version of the product, constant contact with clients, and surveys, which include the project scope, technology and processes used. Being careful to the consider the possibility of a good functional alignment of priorities, where all of those projects at high risk are first, we get a system that is expected to cope with risk. If the risk is to materialize thanks to a short iteration, we will be able to quickly change the scope of the plan and adapt to new situations. By selecting the most risky project as the first, we will be able to quickly test the feasibility of the project.

The activities of the Agile methodology can significantly reduce the risks associated with technology and uncertainty about the scope of the project. Unfortunately, these are not the only risks that may arise during the project. In particular, in larger organizations and projects, there is much more risk related to the financing of the investment, integration with other system components, system implementation in production environments, the organization of the market situation, or even domestic policy. Such risks are not only due to the short iterations and focus on delivering value. These risks are completely ignored in most of the literature on Agile. So dust off time risk management methods straight from PMI (Project Management Institute).The processes of identification of risk and qualitative evaluation occurs under the name of Planning Responses to Risk. For each risk, you can use one of four general strategies:

  • Acceptance – do not do this, and let’s move on.
  • Avoid – take active steps to ensure that the risk does not occur.
  • Minimize the impact – know the risk, and do not wait for the moment when it appears, but have a plan to reduce its impact.
  • Transfer – Pay someone else to worry about the risk.

Regardless of the method you use to conduct the project, if you choose anything other than the risk acceptance strategy, your project plan should be adjusted to the chosen risk management strategy.

In the case of Agile, if you want to avoid any risk, the steps leading to the avoidance should be recorded and assigned to the earliest possible realization of the iteration. In this way the risk will be less likely to occur.

If you choose to minimize the impact, in this case the ratio of the Agile is held “on the side,” in a set of features / cards that will come to pass if the risk is to materialize.

However, if we choose a strategy of risk transfer such action also entails the implementation of operations, but usually these are not activities for the project team.