Managing Risk in Scrum, Part 2

In my previous post, I discussed the five risk areas found on most projects and how Agilemanaging risk in scrum agile addresses them.

Managing risk is prevalent in Scrum on a daily basis.  Discovery, analysis, and mitigation for risk happens organically in Agile, and particularly in Scrum.  Let’s compare risk management practices between traditional/”waterfall” project management and Scrum.



Risk Management:  work with management and stakeholders to determine what the risk management approach will be for the project

*formal documented results

Risk Management:  work with the product owner, delivery team, and scrummaster to determine what the risk management approach will be

*no documentation or informal documentation usually preferred

Risk Identification:  identify all risks upfront at project initiation and planning (i.e. natural disasters, divorce, death, etc.) 

risk identification is “big planning up front”  (BPUF)

*the project manager holds a risk management meeting to review the risk document with stakeholders and project team

*the project manager creates this deliverable

Risk Identification:  identify risk on multiple levels:

product vision

product roadmap

release planning

sprint planning

daily stand up

risk is identified, and mitigated daily via the daily standup and beginning and end of sprint planning and review meetings

*whole team is involved in the multiple levels and through transparency

* whole team is involved in Scrum ceremonies and transparency

Risk Analysis:  review all of the risks identified during the identification meeting and perform quantitative and qualitative analysis

prioritize risks by performing an exercise of pssibility and probability scoring of every risk

*the project manager creates a scoring sheet for all risks and determine which risks to mitigate based on score

Risk Analysis:  agile projects generally focus on qualitative risk analysis because of the sprint time boxes and constant feedback loops provided in scrum

*scrummasters help keep the team see the risks and determine what to do next

Risk Response Planning:  develop options and actions for the risks creating the biggest threats

*the project manager or a part of the team to create ways to avoid, mitigate, plan contingency, or accept the risks

Risk Response Planning:  happens real-time as risk is identified

*whole team is involved in brainstorming ways to avoid, mitigate, contain or evade the risks

Risk Monitoring and Controlling:  status meetings are the forum to discuss new risks and updates to the risk identification list

*the project manager facilitates the status meeting that is usually weekly or monthly

Risk Monitoring and Controlling:  transparency of the delivery team’s work via task boards, burndowns, daily standups, and end of sprint reviews provide information and forums for continuously monitoring risk

*whole team is involved in risk monitoring through their contributions to the data and feedback loops in scrum

Traditional project risk management is a knowledge area in PMBOK.  Risk management in Scrum is not mentioned as a formal tenet of the framework.  Scrum has enough structure to plan and deliver quality software incrementally with inspection and adaptation.  Scrum gives you front row access to identify and mitigate risk daily.  Scrum does not ask you to be stupid on purpose by ignoring risk.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 United States License.


Subscribe to Business Agility Trends and Insights
Business leaders need insight into how business agility and Agile are shaping the world. With a monthly subscription to Business Agility Trends and Insights, you'll receive curated trend reports, case studies, white papers and more that demonstrate how business agility is a core competency of the future. Topics include innovation, portfolio management, leadership, budgeting and finance and more!
*By entering your email address you give Accenture | SolutionsIQ permission to send you marketing emails. You may unsubscribe at any time by clicking the unsubscribe link located at the bottom of any email. View our Privacy Policy