Risk is defined as an uncertain event that can
affect the objectives of a project and may contribute to its success or
failure. Risks with a potential for positive impact on the project are called
opportunities, whereas threats are risks that could negatively impact a
project. Managing risk must be done proactively, and it is an iterative process
that should begin at project inception and continue throughout the life of the
project. The process of managing risk should follow some standardized steps to
ensure that risks are identified, evaluated, and a proper course of action is
determined and acted upon accordingly.
Risk Management consists of five
steps:
·
Risk identification: Using various techniques to
identify all potential risks.
·
Risk assessment: Evaluating and estimating the
identified risks.
·
Risk prioritization: Prioritizing risk to be
included in the Prioritized Product Backlog.
·
Risk mitigation: Developing an appropriate
strategy to deal with the risk.
·
Risk communication: Communicating the findings
from the first four steps to the appropriate stakeholders and determining their
perception regarding the uncertain events.
Risk identification involves the
Scrum Team members who attempt to identify all risks that could potentially
impact the project. Only by looking at the project from different perspectives,
using a variety of techniques, can they do this job thoroughly. Risk
Identification is done throughout the project and Identified Risks become
inputs to several Scrum processes including Create
Prioritized Product Backlog, Groom Prioritized Product Backlog, and Demonstrate and Validate Sprint.
Risk assessment helps in understanding the potential impact
of a risk, how likely it is to occur, and when the risk could materialize. The
overall effect on business value should be estimated; if that impact is
significant enough to outweigh the business justification, a decision must be
made whether to continue the project. The assessment of risks is done with
regard to probability, proximity, and impact. Probability of risks refers to
the likelihood of the risks occurring, whereas proximity refers to when the
risk might occur. Impact refers to the probable effect of the risks on the
project or the organization. To estimate the probability of a risks, various
techniques may be used, including Probability Trees, Pareto Analysis, and a
Probability and Impact Matrix. In addition
to probability, risk assessment also evaluates the potential net effect of
risks on the project or organization. These effects can be estimated using
techniques such as Risk Models and Expected Monetary Value.
Under the risk prioritization step, Identified Risks are captured
in a Prioritized Product Backlog—so a Prioritized Product Backlog could also be
referred to as a Risk Adjusted Prioritized Product Backlog. The prioritized
User Stories from the existing Prioritized Product Backlog and the prioritized
list of risks are then combined to create an updated Prioritized Product
Backlog which includes the Identified Risks.
The following diagram illustrates the risk prioritization process:
Risk mitigation can be proactive or reactive. In the case
of a risk, a plan B may be formulated, which can be used as a fall-back in case
the risk materializes—such a plan B is a reactive response. Sometimes risks are
accepted and are an example of a risk response which is neither proactive nor
reactive. Risks are accepted because of various reasons, as in a situation
where the probability or impact of the risk is too low for a response.
Acceptance can also be the case in a situation where the apprehension of
secondary risks may deter the product owner from taking any action. The effort
made by the Product Owner to reduce the probability or impact—or both—of the
risk is an example of a proactive response to mitigating risks.
Risk communication is important because
stakeholders have an interest in the project and need to know the hindrances
that the project may face. Information provided to stakeholders related to risk
should include potential impact and the plans for responding to each risk. This
communication is on-going and should occur in parallel with the four sequential
steps discussed thus far—risk identification, assessment, prioritization and
mitigation. The Scrum Team may also discuss specific risks related to their
Tasks with the Scrum Master during Daily Standup Meetings. The Product Owner is
responsible for the prioritization of risks and for communicating the
prioritized list to the Scrum Team.
Other Resources:
No comments:
Post a Comment