agile risk management
DESCRIPTION
TRANSCRIPT
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Agile Risk Management Agile Consortium Belgium
12.05.2014
Dr. Alan Moran
(IARM, Managing Director)
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
About the IARM
• The Institute for Agile Risk Management (IARM) is a Swiss based
institution that exists to promote the principles and practices of agile risk management.
• Focus primarily on research and training activities through a network of third parties in the agile and academic communities as well as in the private sector.
• Publication of books and whitepapers on agile risk management and related topics as well as appearances at public events and conferences.
• Further details can be found at http://institute.agileriskmanagement.org/
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
My Biopic
http://www.linkedin.com/in/agility
Experience spanning nearly two decades of working in both public and private sectors. Currently employed as an IT Manager in the Swiss public sector and as Managing Director of the IARM.
Dr. Alan Moran MBA CITP
AgilePM, DSDM Adv. Practitioner, Scrum PSM
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Understanding Risk: Social Media Example
I was nearly finished my test when all of a sudden I was kicked out of the system and had to enter a code to get back in (which I don't have!) I can't restart and there is no help whatsoever! How can I get back into the test or get my money back!!
Sorry to hear you are having problems, we'll get right on it now!
Wow! That was a lightening response! Thanks so much! I was able to finish the test - and passed!!! Money well spent! Thanks so much!
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Defined
Risk is “uncertainty that matters”, i.e., uncertainty that if realised impacts one or more objectives in either a negative (i.e., threat) or a positive (i.e., opportunity) manner.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Nature of Risk
• Risk culture, attitude and tolerance are defining elements of organizational character.
• Like change, there is advantage to be found in embracing risk.
• Risk is inherent, residual and secondary
and all are intertwined in a complex
web of causality!
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Agile and Risk
• “A project risk is something that may happen and, if it does, it will have a detrimental effect”
• Risk is “an exposure to a potentially negative outcome”
• Risk in the context of projects with “dynamic requirements” with “customers [who] need a new system by a specific date” that is a “new challenge for your software group”
• The “first iteration will immediately expose the risks, wherever they may lie”
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Sources of Project Risk*
Requirements Technical Project
Schedule Supplier People
*Research based on IT project risk excl. enterprise risk which includes systemic financial and L&C risks.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Why Risk (Management) Matters
Not focusing on risk in projects exposes them to the following shortcomings:
• Inability to make informed risk and reward decisions.
• Failure to identify appropriate risk response strategies based on risk exposure.
• Lack of oversight in risk monitoring.
• Poor understanding of when to engage in risk activities.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Agile Risk Management Process
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Principles
Transparency Balance Flow
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Roles
Risk Manager Team
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Objectives, Context and Risk Environment
Environment
Context
Objectives
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Scoping
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Tailoring (XP)
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Identify Analyse
Treat Monitor
Risk Management
Key is how to incorporate agile practices and values!
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Identification
Exploit agile team structures to involve appropriate stakeholders and use the
agile approaches to group discussions (e.g., facilitated workshops).
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Risk Log Artefact
Timebox Name:
Timebox Objectives:
Timebox Start/End Dates:
ID Description Classification Likelihood Impact Score Strategy Priority Measure
Residual
Likelihood
Residual
Impact
Residual
Score
Notice anything different compared with a traditional risk list ?
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Risk Analysis
• Risk Exposure comprises of the following components:
– Likelihood (proxy is frequency with respect to a fixed time period)
– Impact (e.g., financial, reputation, affected customers)
– Proximity (implicit at the iteration level)
• Use T-shirting sizing against agreed scales if possible and endeavour to be
robust (e.g., use ranges)
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Risk Scoring
1
2
4
6 6
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Response Strategy
This is the MOST critical point in the process from a social and cultural perspective.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Cultural and Social Influences
There are many humanist aspects to risk management that agile project managers need to be aware of:
• Personal attitudes towards risk.
• Risk typologies (e.g., cultural theory).
• Risk compensation effects.
These become particularly important when balancing personal and organisational risk in culturally mixed or geo-dispersed teams.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Risk Typology
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Cultural Uncertainty Avoidance*
* Data sourced from The Hofstede Centre
(http://geert-hofstede.com/)
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Response Treatment
• The following options are available:
– Tasks for the iteration backlog.
– Risk tagging.
– Contingency planning (conditional tasks on the backlog).
– Avoidance.
• Risk Log records risks but responses are found on the backlog or Kanban.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: User Story Map
User story map approach for rendering risk distribution.
• U1: mixture of risk activities and agile practices.
• U2: relies solely on agile practices.
• U3: worth considering if the same amount of value can be achieved with less risk.
Do you see something that might cause you concern ?
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Backlog (Scrum)
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Timebox Plan (DSDM)
Timebox Name:
Timebox Objectives:
Timebox Start/End Dates:
ID Description Acceptance Criteria MoSCoW Comments Assignee Type Status Ris
k Tag
ging
Archite
ctur
al S
pike
Busin
ess
Proce
ss M
appi
ng
Cod
ing
Standa
rds
Con
tinuo
us In
tegr
atio
n
Facilita
ted
Wor
kshop
Mod
elling
Pair P
rogr
amm
ing
Proto
typing
Qua
lity Fun
ction D
eploym
ent
Ref
acto
ring
Simpl
e Des
ign
Static
Cod
e Ana
lysis
Test D
riven
Dev
elop
men
t
Usa
ge S
cena
rios
-
-
-
-
-
-
-
-
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Risk modified Kanban
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Management: Monitoring
Reduction a consequence of risk management activities but some systemic risk
always present reflecting project context and risk environment.
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Risk Walling
Use Risk Walling to solicit and encourage continual feedback!
Timebox Name:
Timebox Objectives:
Timebox Start/End Dates:
ID Description Classification Likelihood Impact Score Strategy Priority Measure
Residual
Likelihood
Residual
Impact
Residual
Score
http://institute.agileriskmanagement.org/ Copyright © 2014. All Rights Reserved.
Become Involved!
Find out about forthcoming events (e.g., public talks, conferences, trainings) http://institute.agileriskmanagement.org/ or follow us on LinkedIn
http://www.linkedin.com/company/institute-for-agile-risk-management/
Learn about agile risk management http://institute.agileriskmanagement.org/publications/
Tell us about your experiences and let us know if we can help you!