Embrace Risk! An agile approach to risk management

Similar documents
PRINCE Update. Changes to the manual. AXELOS.com. April 2017 PUBLIC

Agile Projects 7. Agile Project Management 21

Agile delivery. Delight your organisation & increase job satisfaction

Scrum Alliance Certified Team Coach SM (CTC) Application SAMPLE

Risk appetite and internal audit

Agile Essentials Track: Business Services

A Guide to Assurance of Agile Delivery

Certified Team Coach (SA-CTC) Application - SAMPLE

PMI Agile Certified Practitioner (PMI-ACP) Duration: 48 Hours

Russell Pannone February 10, 2009

Agile leadership for change initiatives

Agile Charting: A Practical Guide. Dr. Alan Moran

IRM s Professional Standards in Risk Management PART 1 Consultation: Functional Standards

This document is copyrighted, the distribution of this document is punishable by law.

Agile Transformation In the Digital Age

CHRISTIAN AID GLOBAL COMPETENCY MODEL

for Financial Services. A UK Perspective

AGILE INTERNAL AUDIT (IA)

Johanna Rothman. Chapter 1 Why Agile and Lean Approaches Work. Copyright 2017

Bridging the Gap Between Governance and Agility. Mario E. Moreira

Active Essex Risk Management Strategy

Community Hubs in Practice: A Way Forward

Course Title: Agile for Business Analysts

Introduction - Leadership Competencies

Course Title: Agile for Business Analysts

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

White Paper Realising benefits: How to plan for success

The state of play in project management

The state of play in project management

PRINCE Process Terms and Definitions Wizard. The Project Management. Framework. Dave Litten s PRINCE2 Definitions

Chapter 01 - The Process The Process Application Process ACP Qualifications Scheduling Your Exam Rescheduling/Cancelling Fees

Project Manager's Role in Agile projects?

LEAN ENTERPRISE TRANSFORMATION

Agile Wars - And How to Avoid Them

Standard Work and the Lean Enterprise Net Objectives Inc. All Rights Reserved.

Next-generation enterprise risk management

Agile Program Development. Agile Manifesto 9/3/2013. What is Agile Development? 12 Principles of Agile Development 1 of 4

Agile Certified Professional

The Change Management Implications of Scaling Agile 1

ORACLE SOA GOVERNANCE SOLUTION

AGILE AND PRINCE2. Happy bedfellows?

Purpose. To discuss what it takes to create a fast-paced, dynamic, innovative and customer centric organisation.

Part of the IoD International Network

CGMA Competency Framework

Wales Millennium Centre Behavioral Competencies Framework 1

Agile and Scrum 101 from the Trenches - Lessons Learned

Agile Beyond Software

A Risk Practitioners Guide to ISO 31000: 2018

Managing Risk in Agile Development: It Isn t Magic

Risk Appetite Statement

Mature agile development using HP Quality Center

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Agile Risk Management

Our Approach to the Scaled Agile Framework (SAFe )

Scrum. a description. V Scrum Alliance,Inc 1

CS314 Software Engineering Project Management

Investors in People Introducing the sixth generation Standard. Gordon Stopani Accredited Practitioner

FIT2101 Software Engineering Process and Management

2016 AHSN Stakeholder Survey

Course Title: Planning and Managing Agile Projects

Our purpose, values and competencies

Strategy Analysis. Chapter Study Group Learning Materials

Improving Agile Execution in the Federal Government

SwissQ Agile Trends & Benchmarks Switzerland Where are we now where are we going to?

This course will explore how your projects can easily and successfully make the transition to an effective Agile environment.

Dissatisfaction with the overheads involved in software design methods of the 1980s and 1990s led to the creation of agile methods.

Deloitte Shared Services Conference 2018 Agile 101: delivering value using Agile Richard Barsby, Ashley Payne Rolls-Royce, Tom Bevan, Christina

Agile Software Development:

Study on Social Impact Assessment as a tool for mainstreaming social inclusion and social protection concerns in public policy in EU Member States

pwc.co.uk Enterprise Risk Management

Choose an Agile Approach

Risk Management Implementation Plan

IoD Director Competency Framework

Agile SCRUM in Systems Engineering A Practical Application

The IoD Academy Director Competency Framework

The 9 Characteristics of Successful Multi Academy Trusts. Sir David Carter South West Regional Schools Commissioner July 2015

Introduction. Agile overview. 12 Agile Principles

Lean Agile Community of Practice Implementing Scaled Agile

It s the Keele difference.

"Charting the Course to Your Success!" Planning and Managing Agile Projects Course Summary

SOFTWARE ENGINEERING SOFTWARE-LIFE CYCLE AND PROCESS MODELS. Saulius Ragaišis.

THE MELBOURNE MANDATE: A call to action for new areas of value in public relations and communication management

Risk Management Policy

Community Engagement Framework

Leadership Programs Glossary

Risk Appetite. Matt Mueller EY Advisory

SDEFT: Scrum Driven Engagement Framework for Testing

An Overview of Guiderails: Keeping Aligned and on Track

Taking Your PMO to the Next Level:

Software Development Methodologies

Creating an Agile PMO via Scrum

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

Collaboratively, we help our customers transform, evolve and become agile

The Quality Profession Driving Organisational Excellence

Agile Methodologies for DevOps

Job Description. Chief Executive Officer (CEO) Board of Governors, City College Brighton and Hove

Risk Management Update ISO Overview and Implications for Managers

Transcription:

10004.000.90.1 Embrace Risk! An agile approach to risk management

The material in this document (excluding the IARM logos, footer and cover images) may be reproduced free of charge in any format or medium providing that it is reproduced accurately and not used in a misleading context. The IARM copyright must be acknowledged and the full document title cited. The IARM logos and the footer wave image are trademarks of the IARM. Copyright 2014 by the Institute for Agile Risk Management. All Rights Reserved.

Foreword Risk is an inherent aspect of the pursuit of reward and few tasks involve one without the other. Although the agile community has always acknowledged risk, it has been less clear about how to manage it, let alone manage it in an agile manner. Agile methodologies are, however, more than equipped to tackle the risks that arise in projects in an effective and efficient manner. Accustomed to defining risk in purely negative terms, agile practitioners may fail to perceive the opportunities that naturally arise in their projects or the capacity of their methodologies to exploit them. This publication surveys the nature and perception of risk management in the agile community and provides a brief introductory overview of the principles and practices of agile risk management. Further information concerning this topic together with a full calendar of IARM events can be found at http://institute.agileriskmanagement.org/. Dr. Alan Moran Managing Director, IARM 2014

Table of Contents Introduction Understanding Risk Why Risk Management Matters Agile Risk Management Benefits Further Information

Introduction Agile came to prominence during the 1990s as a movement within the software development industry, that was born of the perception that difficulties with existing IT processes were rooted in an over allegiance to rigid plan-driven practices and command-and-control structures. Inspired by agile and lean thinking within the manufacturing industry, the IT industry responded with its own unique interpretation of these practices culminating in the formulation in 2001 of the Agile Manifesto, which articulates four central tenets and twelve principles of software development. Since then, agile has become mainstream and established as a formal project management approach. Whilst many agile methodologies have been designed to cater specifically for the engineering or product development environments found in IT (e.g., Scrum, XP, SAFe), others, have taken a broader view of general project and portfolio management at the enterprise level (e.g., DSDM/AgilePM). Which approach is best suited for an organization is as much as a question of culture and maturity as it is of technique or methodological approach. Advocates of agility promote the notion that change should be embraced and seek to balance planning and control with execution and feedback. Accordingly, agile projects exhibit features of adaptive planning, open communication amongst heterogeneous stakeholders, emergent behaviour within selforganizing teams and a culture of openness and learning. These attitudes can present new challenges for managers more accustomed to command-andcontrol environments, in terms of the leadership of agile teams, the management of project portfolios and the understanding and treatment of risk. The agile approach revolves around iterative development and incremental delivery of solutions based on a cyclical model, with well-defined techniques and practices. Iterations are usually fixed timeboxes of two to three weeks, delimited by planning and retrospective review activities, wherein each day commences with a stand-up meeting of all project members. Throughout the iteration, considerable focus is maintained on establishing feedback loops and demonstrating working solutions. In addition, there is a pronounced tendency to reduce overheads to a minimum, in order to focus instead on sustainable value creation. Whilst there is a prevailing attitude within the agile community that its practices tackle risk, much of this relies on the belief that risk can be contained and better understood within short term iterative cycles. Moreover there is a framing of risk around the notion of change and technical implementation, at the cost of other sources of risk, resulting in at best an implicit management of risk. This suggests that risk can at best be implicitly managed without any clear notion of when, or how, to engage in risk treatment activities.

Understanding Risk Risk is uncertainty that has an impact on project objectives in either a positive or a negative manner. The fact that not all uncertainty is either relevant or negative, is summed up in the analogy that whilst a horse race may well be uncertain it only becomes a risk once a bet is placed, the outcome of which may result in losses (threat) or winnings (opportunity). Whilst a horse race may well be uncertain, it only becomes a risk once a bet is placed. In order to manage risk it is therefore necessary to not only understand the project objectives, but also the project context and risk environment. The project context determines how risk is to be interpreted and the primary drivers of risk (e.g., regulatory, technology, business), whereas the risk environment reflects what constitutes acceptable levels of risk (e.g., dispensations for research and development activities). Together these help assess the risk profile of a project in terms of the wider attitude towards, and tolerance of, risk within the organisation. This enables management to compare projects on a risk basis and to balance risk and reward. Why Risk Management Matters Management of risk is important, since few project activities promise rewards without entailing some degree of risk. It is telling that whilst project team members can often tell what it is they are working on, how important their tasks are and what constitutes completion, they are seldom able to articulate the implications of their work with regard to managing risk. Recognising and assessing threats (negative risks) and opportunities (positive risks) and determining appropriate steps to treat them, are therefore essential in order to balance risk and reward within a project. Monitoring the effectiveness of risk management by tracking how risks are managed, ensures feedback into the process and allows all involved to learn from mistakes and improve the overall risk management process. Failure to adequately address risks within a project can lead to: Inability to make informed risk and reward decisions. Failure to identify appropriate risk response strategies based on risk exposure. Lack of oversight in risk monitoring leading to ineffective or inefficient treatment of risks. Poor understanding of when to engage in risk activities. Finally, project risk management needs to be understood in terms of enterprise risk management if an island mentality is to be avoided. The capacity of an organization to absorb losses or to exploit opportunities, together with the alignment of personal, project and enterprise risk attitudes and tolerances, must all be taken into consideration. Indeed, social and cultural influences on risk management constitute an important, but often neglected, aspect of the analysis and treatment of risk within the organization.

Extending the agile mantra of embrace change, agile risk management encourages practitioners to embrace risk. Agile Risk Management Agile risk management is concerned with the identification, assessment, prioritization, treatment and monitoring of project risks in a manner consistent with agile principles and practices. It considers not only threats (negative risks) but also opportunities (positive risks) in the context of the enterprise attitude towards risk and employs its own techniques and practices to inform decision making to balance risk and reward. Extending the agile mantra of embrace change, agile risk management encourages practitioners to embrace risk. Agile risk management is founded on the following principles: Transparency: Make visible and accessible all risk artefacts used to understand, communicate and manage risks within the project. Balance: Establish clarity about the nature and distribution of risk and reward throughout the project. Flow: Ensure that risks do not inhibit the project and that the agile process itself is capable of withstanding perturbations arising from risk. Application of the agile risk management process involves establishing an understanding of the nature of risk facing a project and adapting the existing agile process to better cater for risk management risks. The agile risk management process (see Figure 1 ) comprises of the following stages: Understand project objectives, context and risk environment. This stage is about achieving an understanding of the environment in which the project operates. This is a necessary prerequisite to frame risk management practices and assist in clarifying the relevance of risk within the project and in relation to the organization (e.g., the need for risk dispensations). Risk Scoping. Identify Risk Drivers and Appetite. By scoping the project risk drivers, the primary sources of risk and the institutional attitude towards and tolerance thereof can be established and communicated in a clear manner. This ensures the foundations for alignment of personal and institutional attitudes towards risk-reward behaviour. Risk Tailoring. Embed Risk Management in Agile Process. The dynamic view of agile process being employed is charted in order to determine the most appropriate positioning of risk management activities (e.g., risk identification workshops at the start of an iteration and risk retrospectives at the end). In light of the risks facing a project, additional measures may also be proposed (e.g., application of specific agile techniques to tackle risk). Risk Management. Identify Analyse, Manage and Monitor. This encompasses the operational aspects of risk management within the project albeit imbued with an agile character (e.g., use of risk modified Kanban boards to visualize the distribution of risk and reward, tagging of activities to indicate the application of an agile technique in order to treat risk and, communal ownership of risk artefacts).

Figure 1: Agile Risk Management Process. Copyright 2013 Alan Moran. All Rights Reserved. The result is a risk optimized agile process that empowers the project team to explicitly understand, articulate, manage and track risks as they arise in the project. The application of the agile risk management process to a variety of agile methodologies including Scrum, XP, DSDM, SAFe and DAD has been described in the literature. Agile risk management employs a variety of artefacts to assist in the visualization of risk tolerance, tailoring of agile processes, distribution of risk and reward and the tracking of progress towards managing risk. Combined these ensure that project members and stakeholders are always in a position to assess the risk of the project activities, enabling them to pose the right questions and react in a timely manner to changes in their risk landscape. Risk Driver Map. Scaled depiction of key sources of risk on which risk threshold levels are marked, against which the risk profile of a project can be displayed. Agile Chart. Dynamic view of the agile process being employed that helps frame risk tailoring measures, appropriate to the risk environment of the project. Risk List. Variation of the traditional project risk register adapted to the circumstances of agile projects. Risk Pyramid. Traditional mapping of risk response strategies based on risk exposure, to enable the project team to identify appropriate initial responses to risks. From a social and cultural perspective this is important since it is at this point in risk management that these views have their strongest influence. Risk modified backlog or Kanban. Visualization of the distribution of risk and reward within the project, based on traditional agile tracking devices, that enables the project team members to critically assess the risk management process. Risk Burndown. Visual tacking of progress towards the tackling of project risks and indicator of project systemic risk.

Benefits The benefits of agile risk management include the following: Improved capacity to manage project uncertainties that would otherwise threaten revenues or impede efforts to exploit opportunities that arise within projects. Enhanced communication of the nature and sources of risks facing projects within the organization, leading to an improved culture of awareness and understanding of the need to balance of risk and reward. Better alignment of project and enterprise risks that promote the transfer of lessons learned between projects of similar scope and complexity. Empowerment of project teams, enabling them to accept responsibility for the identification analysis, prioritization, treatment and monitoring of risks within their projects. Appreciation for the social and cultural influences on risk management, (e.g., risk compensation effects) particularly in environments where these can play a dominant role (e.g., geographically dispersed teams). Ability to extend and enhance existing investments in agile methodologies (e.g., Scrum, XP, DSDM, SAFe, DAD) by tailoring and embedding risk management practices into daily activities. Further Information Agile Risk Management (Springer Verlag) This work is the definitive guide for IT managers and agile practitioners. It elucidates the principles of agile risk management and how these relate to individual projects. Explained in clear and concise terms, this synthesis of project risk management and agile techniques is illustrated using the major methodologies such as XP, Scrum and DSDM. Available on Amazon and through all book stores. For further information concerning the principles and practices of agile risk management, including a full calendar of training events, please contact the Institute for Agile Risk Management: http://institute.agileriskmanagement.org/ info@institute.agileriskmanagement.org/

10004.000.90.1 The Institute for Agile Risk Management (IARM) is a Swiss based institution that exists to promote the principles and practices of agile risk management in the context of agile project management and the agile enterprise. It undertakes research and provides training in association with its network of third parties in the agile and academic communities as well as in the private sector. For further information concerning the institute please refer http://institute.agileriskmanagent.org/

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback