Agile Risk Management - A Brief Outline

Post date: Jan 19, 2015 9:52:20 AM

In this short entry I would like to write some thoughts on mapping the Risk Management Knowledge Area as it appears in the Project Management Body of Knowledge (PMBOK) Guide to agile practices. Each standard process will be covered.

1. Plan risk management - is performed outside of agile rituals in a short descriptive manner that is communicated to all relevant stakeholders via information radiators and company knowledge bases (organizational process assets if you will)
2. Identify Risks - is performed during backlog grooming and backlog refinement meetings with a risk register presented as a risk backlog, updated during daily standup meetings and retrospectives and risk burndown charts are updated
3. Perform qualitative risk analysis - is performed during backlog grooming and backlog refinement meetings where the risk backlog is re-prioritized
4. Perform quantitative risk analysis - is performed during backlog grooming and backlog refinement meetings where the risk backlog is re-prioritized with the top level risks described in more detail
5. Plan risk responses - is performed during backlog grooming and backlog refinement meetings where the Plan-Do-Check-Act process is triggered for the most relevant risks
6. Control risks - performed in all daily standup meetings and in retrospectives at both iteration(sprint) and release levels where risk status is updated and risk burndown charts are updated

Implementing risk responses happens as part of the iteration implementation and as part of the impediments removal (the proactive side of it since we are talking about risks, not issues).

All these risk activities form an important input to sprint and release retrospectives, being an important trigger to accelerate and enhance the overall continuous improvement processes.