How can risk be managed?

June 9, 2014

How can risk be managed?

Risk Management consists of five steps:

1. Risk identification: Using various techniques to identify all potential risks

2. Risk assessment: Evaluating and estimating the identified risks

3. Risk prioritization – Prioritizing Risk to be included for specific action in the Prioritized Product


4. Risk mitigation: Developing an appropriate strategy to deal with the risk

5. Risk communication: Communicating the findings from the first four steps to the appropriate

stakeholders and determining their perception regarding the uncertain events.

Risk Identification

The Scrum Team members should attempt to identify all risks that could potentially impact the project.

Only by looking at the project from different perspectives, using a variety of techniques, can they do this

job thoroughly. Risk Identification is done throughout the project and Identified Risks become inputs to

several Scrum processes including Create Prioritized Product Backlog, Groom Prioritized Product Backlog,

and Demonstrate and Validate Sprint.

Risk Assessment

The assessment of risk helps in understanding the potential impact of a risk, how likely it is to occur, and

when the risk could materialize. The overall effect on business value should be estimated, and if that

impact is significant enough to outweigh the business justification, a decision must be made whether to

continue the project.

The assessment of risks is done with regard to probability, proximity, and impact. Probability of risks

refers to the likelihood of the risk occurring, whereas proximity refers to when the risk might occur.

Impact refers to the probable effect of the risks on the project or the organization.

To estimate the probability of a risk various techniques may be used, including Probability Trees, Pareto

Analysis, and a Probability and Impact Matrix.

In addition to probability, risk assessment also evaluates the potential net effect of risks on the project

or organization. These effects can be estimated using techniques such as Risk Models and Expected

Monetary Value.

Risk Prioritization

Scrum allows for quick identification and assessment of risks. Identified Risks are taken into account

when creating a Prioritized Product Backlog during Create Prioritized Product Backlog process, or when

we update the Prioritized Product Backlog during Groom Prioritized Product Backlog process—so a

Prioritized Product Backlog could also be referred to as a Risk Adjusted Prioritized Product Backlog.

The risks could be identified and assessed based on any of the Risk Identification and Risk Assessment

techniques mentioned earlier.

Risk Mitigation

The response to each risk will depend on the probability and impact of the risk. However, the iterative

nature of Scrum with its rapid turnaround time and feedback cycles allows for early detection of failures;

therefore, practically speaking, it has a natural mitigation feature built in.

Risk can be mitigated by implementing a number of responses. In most situations, responses are

proactive or reactive. In the case of a risk, a plan B may be formulated, which can be used as a fall-back

in case the risk materializes – such a plan B is a reactive response. Sometimes risks are accepted and

are an example of a risk response which is neither proactive nor reactive. Risks are accepted because of

various reasons, as in a situation where the probability or impact of the risk is too low for a response.

Acceptance can also be the case in a situation where the apprehension of secondary risks may deter the

product owner from taking any action. The effort made by the Product Owner to reduce the probability

or impact—or both—of the risk is an example of a proactive response to mitigating risks.

Risk Communication

Because stakeholders have an interest in the project, it is important to communicate with them

regarding risks. Information provided to stakeholders related to risk should include potential impact

and the plans for responding to each risk. This communication is on-going and should occur in parallel

with the four sequential steps discussed thus far—risk identification, assessment, prioritization and

mitigation. The Scrum Team may also discuss specific risks related to their Tasks with the Scrum Master

during Daily Standup Meetings. The Product Owner is responsible for the prioritization of risks and for

communicating the prioritized list to the Scrum Team.

An important tool which can be used for communicating information related to risks is the Risk

Burndown Chart.


Leave a Reply

Your email address will not be published. Required fields are marked *


+ eight = 11


Follow Us On

Post-Plugin Library missing