What is Risk Management in an Agile Project?
In a conventional project, risk management is the responsibility of the project manager, and is generally limited to whether the project comes in on time and within budget, although there are other risk factors, such as resource and quality management. The fact that an agile project does not have a project manager does not mean that there are no risks, and that these risks do not have to be managed as scrupulously as in a conventional project. Before we examine what risks should be managed and mitigated in an agile project, it is a good idea to consider risk management within the enterprise in context, as the maturity level of the organisation determines how the risks in the agile project should be managed.
The Organisational Path to Risk Maturity
Risk management is conducted in different ways at different organisations. Some companies will have different risk departments and/or initiatives, like operational risk and project risk. In these circumstances, risk is handled on an ad-hoc basis and the focus is on risks within the scope of that business unit or project. In a mature organisation, risk is handled at enterprise level; while there could be units conducting risk assessment and mitigation within the company, these are all co-ordinated and consolidated into a single organisational risk model. This is because a risk at any level that develops into an issue can have ramifications for the business as a whole. For instance, if one were to develop a healthcare app that reminds a patient to take their medication and it had a defect that resulted in an overdose, this would cause reputational risk to the entire business.
As companies become more mature in managing risk, they may also adopt frameworks and methodologies to manage risk, such as ISO31000, often supported by a risk management software app. Of course, there are still businesses out there that rely on spreadsheets and some ad-hoc process, but these are becoming less and less common. Risk is everyone’s business, and risk-averse companies ensure that everyone in the company is trained in risk identification and the process of risk management.
Recommended Further Reading
The following materials may assist you in order to get the most out of this course: