Somehow, risk management is often given the short shrift when companies are transitioning to Agile. Either they create a risk register at the beginning of the project and then forget all about it, or worse, pay no heed to risk management. Neither is a good option; instead, they can use a light-weight approach to identify and manage risks.
Yesterday, I reused an old (2007) risk management presentation (Risk-Management-eBiz) at the current client and the workshop was surprisingly well received. I thought I’d share. Download the Risk-Management-eBiz PDF to follow along.
Step 1: (5 minutes)
Explain the goals of the workshop, the process that you’ll be following, and show samples of the outputs the group will be producing. Also provide a brief overview of why risk management is important.
Step 2: (30 minutes)
Get team members to identify the risks and opportunities on a handful of dimensions — the attached PDF shows the six I used but you may get more mileage by using other dimensions.
First, encourage team members to identify (without scoring, ranking or solving) as many risks as they can about that dimension. Second, ask them to identify opportunities (“good” risks or fortuitous events), for each of the dimensions, that would have a positive impact should they occur. Examples: consolidating teams geographically, forming an enablement team, getting Chief Product Owner to prioritize work requests with stakeholders, etc.
Use different color stickies for risks and opportunities (blue) to visualy set them apart. You don’t need to create the circle (as shown in the PDF), just blue tape to draw the spokes will suffice.
Step 3: (30 minutes min)
Better understand the impact and probability of the risks occuring by visualizing them in a chart. This is where you qualitatively access the impact and probability of the risks.
Step 4: Optional quantitiative analysis
Use basic quantitiative analysis to determine where the next-best dollar should be spent — compare features from the backlog with the risks to mitigate to determine what to do next: build a business feature, or reduce a risk.
Step 5: (30 minutes)
In the Risk Response Planning step decide what to do about the risks the group has identified, ranked and measured.
Inject risk avoidance, mitigation, and opportunity stories into the backlog. Without explicitly adding them into the backlog, you run the risk of the items remaining unaddressed.
Step 6: (30 minutes to create and seed the initial Risk Radar)
Use a Risk Radar to monitor & control the risks throughout the project lifecycle. Hold a weekly meeting with stakeholders, PO, SM, and management to review the risks and determine new steps. When running properly, risks are identified early and addressed before they become issues.
Risks should pop-up at the outer edges of the chart (still a few sprints away). As time passes, risks if left unaddressed move inwards and become immediate when in the inner most rung. You know there is a problem with:
– risk identification if risks just pop-up in the middle quadrant (i.e., urgent right off the bat)
– addressing risks if they continue marching inwards unimpeded
Use color coding to indicate potential severity: green signifies miminal, red severe. Also, use a foam board, if possible, for creating the Risk Radar — it makes it easy to carry to meetings. Leave some space on the right side of the foam board to (1) stack risks that have been accepted but need to be watched, and (2) risks that have been addressed/mitigated.
Note: When coaching a large program with multiple teams, I use an Excel sheet to identify teams and risk areas to focus on. The attached example Team-Risk-Monitor, is based on a conversation with Dennis Stevens from LeadingAgile. In this worksheet, any team scoring 70 or higher on any of the 6 dimensions (Column C through Column H) is flagged for follow-up/monitoring.