Agile software development teams face many types of risks but only a few really matter.
There are countless risk possibilities to consider on any software development project. Everything from under-estimating the project scope to the local nuclear power plant suffering a meltdown. It can be mind-boggling.
I think many teams don’t even bother to assess risks because they feel that risks fall into one of two categories. They are either self-evident or ambiguous. Here are a few examples:
- Inadequate test coverage
- Staffing issues
- Unforeseen problems with tools and technologies
- Fire in the data center
- Reductions in the project budget or staffing level
- Unexpected competitive announcements
The self-evident and ambiguous risks are probably not worth spending time on — unless the team is inexperienced or a particular risk factor has a high probability of impacting the project.
There are five risk factors worth discussing among the software developers and the business stakeholders. Every project is bitten by at least of one the following:
- Missing Stories – Some “Must have” stories may be missing in the backlog because no one has thought of them yet. When they do, a scramble will ensue.
- Under-Estimated Stories – Some epics/stories in the backlog may require more work than estimated. This may be offset by other stories that were over-estimated but there’s no way to know until implementation time.
- Under-Valued Stories – Some lower priority stories may actually be “Must haves”. This is common. As the software takes form and word gets out, more interested parties will emerge and priorities may change.
- Not-“Done” Stories – Some stories thought to be “Done” may not be. This can happen to anyone particularly if a story is unusual in some way. The standard “definition of done” may not cover every situation.
- Lack of Participation – Stakeholders and end users may not be engaged. This is also a common problem. It results in a flurry of changes late in the project increasing tensions and putting commitments at risk.
At a minimum, always do your best to document, discuss, and mitigate these five risks. If you don’t consider any other risk factors, you’ll at least have the major gotchas covered.
If you’re aware of other commonly-occurring risk factors that may be peculiar to your organization, cover those as well. For example, software consulting firms usually experience a number of client risk factors from failing to approve deliverables to not paying bills on time. These usually fall into the category of business risks but can still wreak havoc with your project.