Agile Risk Management Won’t Make You Cringe

Mention “risk management” and many software developers will cringe and sneak away. It’s understandable. I’ve observed some elaborate risk analyses covering everything from missed requirements to flash floods. I cringe just thinking about it!

You could go to extremes in preparing an elaborate risk assessment matrix covering probabilities, impacts, mitigation steps, etc. If you’re going to invest in such an effort, you really need to commit to keeping the risk analysis up to date. Face it, risks change over time, their likelihoods fluctuate, their impacts grow and shrink, and the mitigation steps change. You’ll need someone who spends most of his time managing the risk assessment!

Are you ready to commit?

The biggest problem with this legacy approach to risk management is that it treats risk as a separate artifact. It’s something else to manage outside of the development process and apart from the team. It gives managers something to do…I guess. After all, someone needs to worry about flash floods, right?

In reality, risk is everywhere. It’s in every requirement, every story, every feature, every communication, and every line of code. Disassociating risk from the rest of the project is like treating the smell of food as completely independent from the taste. Try holding your nose the next time you have dinner. Let me know how that works out for you.

Agile teams manage risk every day.

Managing risk is an integral part of agile software development. Daily stand-ups, integrated testing, frequent deliverables, business participation, and regular production updates are all intended to reduce risks. Most people don’t think about the core agile development practices in terms of risk management but they should.

Getting people engaged and communicating is central to agile teams and essential to managing risk. When someone senses an imminent problem, they’ll speak up and offer mitigation ideas. When something has been missed, it gets caught early and addressed. When mistakes occur, they’re spotted quickly and corrected.

Agile developers are risk averse and manage risk daily. They may not think about it that way but it’s true. How agile are you?

photo credit: mag3737 via photopin cc

Updated: October 31, 2012 — 9:33 pm