Introduction

Project teams face many types of risks and most of these risks are common to all types of projects whether it is waterfall or agile. These risks can have either a positive or negative impact on the project. These are separated further by Project Management Institute Standards into individual risks on particular project goals and overall risks that will affect the whole project. In agile, there is a large focus on project goals, and in scrum meetings, it is common for team members to discuss what they have created thus far and what is impeding their progress. This tends to help eliminate the individual risks but does not answer the overall risks that the project faces. Project managers will need to manage these risks and prepare responses to them. In this article, we will discuss the general types of risk response to both positive and negative then explain which ones pertain better to the agile methodology.

Risk Response

Once risks are identified, controlling those risks is the act of risk response. With risk response, project managers plan options and strategies to reduce negative risks and enhance positive risks. They also take into account residual and secondary risks. Residual risks are ones that remain even after strategies have been implemented. While secondary risks are risks that form from risk response strategies.

Though agile has risk management built into its core and smaller failures are used as learning points for team members it is still useful practice for managers to prepare risk responses for risks that the team incurs. Agile teams should plan in a way that accommodates the potential outcomes and try to make the outcome work in their favor. Basic strategies for risk management include:

Negative Risk Response

• Avoidance- This strategy is used to eliminate the cause of a risk. This can be done by canceling a part of the project or not using an unknown software to avoid the risks that are taken on from them. This is because we can not get rid of risks, but we can get rid of the events that create them. Avoidance is not typically done within agile management.

• Mitigation- Is used to reduce the impact of risks by reducing the chance of it occurring. A way that agile teams use risk mitigation is through knowing how much work they can get done in a particular sprint, also known as velocity.

• Transference- This is shifting risk and its management to a third party. This can be used for something like insurance on a piece of hardware so that if it fails, they can get a replacement without incurring the cost.

• Acceptance- Accepting the consequences of a risk. In agile, this is used quite often as it proves to be a lesson for the team and members allowing for improvement and change for the progress of the project.

• Escalation- Escalating the risk is presenting it to higher management or authority as it is outside the project manager’s authority. This can happen in agile projects with external risks such as economic, environmental, and political.

Positive Risk Response

• Exploitation- Is doing what you can to make sure that a positive risk occurs within the project.

• Sharing- Allocating ownership of a positive risk to another party.

• Enhancement- This strategy identifies and maximizes what is the drivers of the positive risk.

• Acceptance- Not doing anything about a positive risk and just letting it run its course naturally

• Escalation- Just like negative risk response of notifying a higher-level authority, but for a better positive risk.

Agile Risk Response

Many, if not all these strategies for risk response can be implemented by agile project teams and their managers. Though they may not be used in the traditional way and documented as such. With traditional or waterfall techniques they tend to focus on the planning of avoidance and mitigation strategies. Whereas agile techniques embrace the learning opportunities and improvements from changes caused by small failures. The iterative approach of agile allows for continuous attention to risks and reduces risks by practices such as early validation and continuous software integration. Risk response techniques can still prove useful to agile teams as previously mentioned with overall project risks as teams can prepare a plan for these risks they take on. One way that teams do this is through a product backlog that addresses high-risk items early in the project and a “spike” can be performed to evaluate risk without it impacting the project. A “spike” is using a simple program to explore potential solutions and determine the work required for the solution. The strategies listed above can all also have a purpose to agile teams, though they may not be implemented in the same fashion as waterfall teams would. Agile teams and project managers should work together to implement strategies that are effective for their particular project.

Image from Scrum.org showing product backlog

Conclusion

Risk is something necessary to a project. Risk can be positive or negative and individual or overall. Once teams identify the risks their project faces, they should create risk responses. Risk responses are plans to reduce negative risks and enhance positive risks. These include avoidance, mitigation, transference, acceptance, escalation, exploitation, and enhancement. Each one is particularly important in waterfall methodology, but agile risk management is built into its core. This reduces the individual risks that a project team faces because of the use of scrum meetings to address individual risks. The iterative process of agile also helps agile teams be able to identify and prepare for risks. Though this does not make risk response useless to agile as it can be used through a product backlog to address high-risk items in a project and the use of a “spike” to evaluate the risk without hindering or largely affecting the project. Agile teams can also implement their own versions of risks response strategies that they feel are best suited for their project. Risk response should be a benefit to all teams and the approach they choose to take as it prepares reactions to events that can negatively or positively impact a project.

Citations

Cobb, Chuck. “Agile Project Management Training.” Agile Project Management, 5 Jan. 2021, https://managedagile.com/what-is-agile-risk-management/.

Hamilton-Whitaker, Tara. “Agile Risk Management – Risk Response.” Agile 101, 1 Aug. 2009, https://agile101.wordpress.com/2009/07/27/agile-risk-management-risk-response-step-3-of-4/.

Schwalbe, K. (2019). Information technology project management (9th ed.). Cengage.