Agile for PMs – what about managing Risk?

Reading time
3 min
Categories: Agile for Project Managers

The “Agile for PMs” articles are written for experienced project managers who are interested in exploring how Agile development differs from classical project management.
In these articles, “Agile” is generally capitalised (and sometimes used as shorthand for “Agile development). The Agile Manifesto is described in more detail in other Plays on this site.

As we saw in AgileProjects, Projects are more reductionist than Agile development and focus more on a defined goal broken down into work packages. Agile development has more in common with Programmes and includes tools and approaches to address emergent learning and change.

Programme: A temporary flexible organization … (AgileTeams) … created to coordinate, direct and oversee … (AgilePlanning) (AgileEstimates) (AgileRisk) … to deliver the organization’s objectives (AgileProjects) (AgileComplex).

Managing successful Programmes

However, although projects aim to be predictive, there is a clear understanding that this prediction is limited. Risk management has been a key part of project management since at least the 1950s with academic publications since Mehr and Hedges (1963). Now no-one would approach projects without a healthy amount of risk management.

We looked at the differences between Agile and project planning approaches in AgilePlanning. Let us look at how risk management in projects differs from Agile development.

For reference, Risk is defined by the PMI as below. Similar definitions are used in other standards (e.g “effect of uncertainty on objectives” in ISO 31000).

Risk. An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more portfolio, program, or project objectives. 

Lexicon of Terms” – Project Management Institute

Project Risk Management

In a project, we expect a high degree of alignment between the plan and actual events. The plan is built at the start of the project. Once we have defined the plan, we aim to keep reality as closely aligned to the plan as possible.

A “risk” is a potential significant deviation from the plan. In general it represents a “known unknown” (in Donald Rumsfeld’s phrase). By this we mean that we can predict the broad area of the potential impacting event. However, we cannot predict whether or it will occur.

Therefore we build a base plan assuming one outcome (generally the most likely). We then add to the plan work on risk mitigation to reduce the likelihood of the risk occurring and causing variance.

risks present challenges that can result in delays, expense and missed objectives

PMI Risk Management Professional 

For example, if the plan requires a delivery from a supplier, there could be risks around this dependency (late delivery, poor quality, incorrent specification). Actions to work with the supplier to mitigate the risk could be added.

Agile Risk Management

Agile development is intended for complex environments. The two dimensions which suggest complexity, in Stacey’s model (AgileComplex), are a lack of agreement and a lack of certainty. Agile development includes some specific processes aimed at reducing the risk in these areas.

Agile risk management is especially strong when related to positive risk (also known as “opportunity”). Project risk management can focus excessively on correcting deviation from the plan. As Agile development continually reassesses value delivered, it is more obviously aimed at increasing value as well as avoiding decreasing value.

Agile processes harness change for the customer’s competitive advantage.

Principles behind the agile manifesto

Lack of agreement is mitigated by working closely with the customer(s) to maximise value. Projects typically assume the original plan delivers the most value. Taking an incremental approach encourages customer feedback on early releases. Change is accommodated and risk addressed by feedback and reprioritisation of value.

Lack of certainty is mitigated by incorporating learning into the process. Using ordered backlog allows investigation (through backlog refinement) continually to reduce technical risk. Working iteratively means that detailed investigations are done as late as possible, maximising the learnings and reducing technical risk.

Combining Project and Agile Risk Management

Project and Agile Risk Management are optimised for the types of risk which occur most often in their different domains. In complicated projects, risk management is focussed primarily on “known unknowns” which are managed by anticipation, planning and mitigation. In complex Agile developments, risk management concentrates more on “unknown unknowns” which are managed by continuous re-evaluation and flexible approaches to change.

The two are not incompatible. The domain of Emergent Risk in project management focusses on continual approaches to identify “unknown unknowns” and Agile approaches of incorporating incremental and iterative development add value. Project risk approaches have application in Agile developments to consider areas of risk which might affect the whole development. Risk is an area which should, for example, be considered regualrly at Sprint Reviews.

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Discover more from Agile Plays

Subscribe now to keep reading and get access to the full archive.

Continue reading