Managing Risks the Agile Way

On many occasions, I have heard people question how the Agile framework manages project risks, since risk planning and tracking is not immediately evident in the Agile model. While I believe that Agile inherently mitigates many sources of risk, I wanted to validate my understanding on this subject, find conclusive evidence that supports my gut instinct, and help convince others of the benefits of adopting this technique.

Let us consider the Scrum framework for this analysis, because it is the most widely adopted and successful Agile framework in the IT industry. According to the Scrum guide, “Scrum is founded on empirical process control theory, or empiricism. Scrum employs an iterative, incremental approach to optimize predictability and control risk.”

The traditional Waterfall approach relies on Big Design Up Front (BDUF), and its one-way path works well for projects completed in a linear fashion. Each phase proceeds sequentially based on the outcomes of the previous phase, which logically means that all planning (including risk planning) must be done early in the process.

In contrast, Scrum advocates the opposite approach, using Lean and Just in Time (JIT) principles for every aspect of the process. Lean focuses on eliminating waste and non-value adding activities by doing things simply; Just in Time focuses on reducing inventory and cycle time by doing things at the right time. Scrum welcomes changes later in the process, even during development. Since Scrum believes that risks are proportional to the magnitude of what is being developed, the larger development process is broken into short sprints which should inherently be lower risk.

In a traditional software approach, the goal is to develop all business requirements within stipulated schedule and quality limits by varying the project cost. With Scrum, the objective is to deliver maximum business value within the project duration by a constant Scrum team. By knowing the average velocity, the team tries to increase the predictability of sprint outcome to reduce delivery failures and risks.

Scrum addresses many shortcomings of traditional software development:

Project Risk Causes How Scrum Mitigates Risks
Team Attrition • Authoritative project management style
• Lack of motivation or recognition
The Scrum master is a servant-leader that helps motivate team members by empowering them to take project decisions and providing learning opportunities to build a cross-functional team.
Customer Dissatisfaction • Wrong product or functionality
• Miscommunication of requirements
Sprint demos help quickly solicit business feedback at the end of every sprint. Product owners help bridge the gap between IT and the business, guiding the team through the process.
Changing Market Needs • Product scope changes
• User story changes
Since sprints are timeboxed, the definition of what is being built cannot change often. Scope changes are inevitable, and are managed by dropping those user stories from the sprint backlog and adding others. For major scope changes, the product owner can cancel a sprint to avoid rework.
Building New Products or Using New Technology • Technical/Functional Challenges Scrum believes in the “Fail Fast” principle and encourages courage and openness. Fail fast relies on Test Driven Development (TDD), prototyping, and Continuous Integration/Continuous Deployment (CI/CD) to develop high-risk features and modules, and to understand risks, functional and technical challenges.

In addition, risk management is explicitly built into the Scrum ceremonies of every sprint, as illustrated by the diagram below:

Although Scrum is excellent at mitigating many different types of risk, it may not address long-term risks (like BCP/DR) and non-product related risks like governance, 3rd party dependency, etc. Hence, I recommend instituting an appropriate level of traditional risk management in any Agile project.

Every member of the Scrum team must be highly proficient with the framework, which is why companies that have been successful with Agile transformation start their journey with basic Agile training, followed by specialized role-based training for Scrum masters and product owners.