Responsibility for Risk Management
In a Scrum project, much of the responsibility and accountability sits with the Product Owner, because most of the risk revolves around successful delivery of the product. The Product Owner is also the team member who has an active role liaising with external stakeholders. The Scrum Master also has responsibility for risk, specifically where the risks arise from team dynamics and compliance with the scrum framework. When it comes to risk identification, everyone has the responsibility to identify risk and notify the team. Assessment through to mitigation should also be a team effort, but this depends on the company’s risk maturity.
Integrating Risk Management into a Scrum Project
Scrum is designed to reduce risk by using an iterative process of “sprints” of short duration, rather than a monolithic development lifecycle. This approach reduces risk by giving the opportunity to realign the project when it appears to be going off the rails. The prescribed meetings for Scrum provide an opportunity to integrate the risk management process:-
Daily Stand-up Meeting – the ideal forum for risk identification. The risk is merely named and tabled by the Scrum Master for later assessment and prioritisation, because of the short timeframe allotted to the Stand-up.
Sprint Planning Meeting – Also a forum for risk identification, especially before the first Sprint. The Sprint Planning meeting aids a lot in risk mitigation by determining complexity of user stories and which of those are committed to and moved into the Sprint Backlog, although this does not officially form part of the risk management process.
Retrospective – The retrospective is another forum for risk identification, based on what happened and could be used to reprioritise the Risk Register.
Risk Meetings – These are not part of Scrum, but will be required to perform the assessment and mitigation activities. They should be aligned with the risk management framework used in the company. Depending on circumstances, these meetings could be held on either a regular or an ad-hoc basis, for instance, if a risk was raised in a Stand-up meeting, it should be assessed within a couple of days, because of the general velocity of Sprints.
Recommended Further Reading
The following materials may assist you in order to get the most out of this course: