Aligning Risk Management in Agile Delivery with PMBOK Principles
The Project Management Body of Knowledge (PMBOK) outlines 12 principles of risk management. Here's how we can align these principles with Agile delivery:
1. Organizational Context
Each organization is unique, influenced by different Political, Economic, Societal, Technological, Legal, and Environmental factors (PESTLE). Understanding the current Agile maturity, improvement plan, and flow is crucial in developing a risk management vocabulary that fits the organization's context. This includes understanding the organization's Agile practices, the level of Agile adoption, and the existing risk management processes. This context helps in tailoring the risk management approach to the organization's specific needs and circumstances.
2. Stakeholder Involvement
Product owners should be directly engaged in the evolution of the Risk Assessment and Risk Management Strategy. They should involve their network of stakeholders in identifying risks and possible mitigations. This involvement should be continuous throughout the risk management process: Identify, Assess, Respond, and Review. Stakeholder involvement is crucial in Agile, as it ensures that the risk management process is aligned with the needs and expectations of the stakeholders.
3. Organizational Objectives
Risks should be assessed and responded to with the overall organizational objectives in mind. This perspective helps in understanding the impact of task-level risks on User Stories, Sprint Objectives, Themes, Epics, and the overall Programme of works. In Agile, the focus is on delivering value to the customer, and this should be the guiding principle when assessing and responding to risks.
4. Management of Risk Approach
While the PMBOK's specific risk management approach may not be directly applicable to Agile, it's important to define and implement a risk management approach as part of the definition of done. This approach should be iterative and incremental, reflecting the Agile principle of continuous improvement. It should also be collaborative, involving all team members in the risk management process.
5. Reporting
Reporting should be more than just a cover-your-own function. It should be a part of the communication plan, addressing how risks are raised at all levels of the Sprint - Daily, Review, and Retrospective. Transparency and visibility are key in keeping everyone informed. In Agile, information is shared openly and regularly, ensuring that everyone is aware of the risks and can contribute to their management.
6. Roles & Responsibilities
Everyone should understand their role in each stage of the Risk Management Life cycle. This includes how risks are identified, escalated, documented, and reviewed. In Agile, roles and responsibilities are clearly defined, and everyone is empowered to take ownership of their part in the risk management process.
7. Support Structure
Everyone should understand how risk is managed through the Risk Management Life cycle and who to go to if they have any questions. This includes understanding the process for identifying, escalating, documenting, and reviewing risks. In Agile, the support structure is collaborative and team-oriented, with everyone working together to manage risks.
8. Early Warning Indicators
Communication is key in forecasting the transition of a Risk to an active Issue. Any potential issues should be highlighted in the Daily Scrum. It's also important to have a plan for reacting when a risk is realized. In Agile, early warning indicators are used to anticipate risks and take proactive measures to manage them.
9. Review Cycle
Regularly review your Risk Board. This could be done via the Retrospective and as an extension to the Daily Scrum by adding a 4th question: Any changes to the risks board? In Agile, the review cycle is continuous and iterative, ensuring that risks are regularly reviewed and managed.
10. Overcoming Barriers to the Management of Risk
Overcoming barriers to risk management includes establishing roles, responsibilities, accountability, and ownership, allocating an appropriate budget, providing adequate training, tools, and techniques, and regularly assessing the Management of Risk approach. In Agile, barriers are addressed through collaboration, empowerment, and continuous improvement.
11. Supportive Culture
Everyone on the team should feel comfortable raising, discussing, and managing risks. A supportive culture is key to effective risk management. In Agile, the culture is one of trust, openness, and respect, which supports effective risk management.
12. Continual Improvement
Use the Retrospective to review the way you manage risk and to assess ongoing risks. Learn from your mistakes and continually improve your risk management process. In Agile, continual improvement is a core principle, and this applies to risk management as well.
By aligning the PMBOK principles with Agile delivery, we can create a robust and effective risk management process that fits the unique context of each organization.
No Comments