decorative image

Risk Management in an Agile World

Agile, Performance Optimization, Risk Management

It seems that “Agile” development approaches are in use everywhere.  In fact, 71% of businesses use Agile in some form.1  Agile methods were first employed in software development in response to predictive project management’s inability to deal with evolving requirements.  Since then, Agile has been employed successfully in product management, project management, and manufacturing.  Even with the proliferation of Agile, most organizations still find a need for traditional project management approaches such Predictive, Iterative, and Incremental.  This means it is very common to find Hybrid Agile organizations, places where Agile and traditional project management live side by side.  Since each hybrid implementation is unique to the organization, it can be especially hard to craft a successful risk management approach.  Coupled with its Performance Optimization Line of Business, LMI uses Risk Management to enhance the efficiency and effectiveness of organizations and operations.

There are numerous Agile frameworks

Agile is a set of principles and philosophies. Agile frameworks have been developed to implement these, including Scrum, Adaptive Software Development (ASD), Disciplined Agile (DA), Lean Software Development (LSD), and Scaled Agile Framework (SAFe).  It is important to understand the framework in use, and to what extent it manages risk. To get optimum results, the risk management solution must be matched to the Agile framework in use.

Considerations for Risk Management in hybrid Agile

Risk Management in a hybrid environment requires coordination between the Agile teams, traditional teams, and management.  Miscommunication can occur when non-Agile teams and managers do not understand the Agile framework. The Agile teams may not understand that there is more to risk management beyond the risk activities in each work period. Communication can be further hindered since Agile teams tend to be “self-governing,” increasing the number of entities to coordinate with.  Agile teams tend to focus inward on their project risks and can lose sight of the larger risk context.

When viewed in terms of common risk categories, Agile only addresses a few categories well.  As shown below, our analysis revealed that Agile Frameworks only fully address 13% of risk categories, partially address 47%, and does not address 40%. Without a risk plan that integrates Agile risk management with traditional, many risks may go unmanaged.

  • Technical Risk (of the solution) – Yes
  • Design Risk – Yes
  • Business Risk – Partial
  • Cost Risk – Partial
  • Information Security Risk – Partial
  • Legal Risk – Partial
  • Performance Risk – Partial
  • Reputation Risk – Partial
  • Schedule Risk – Partial
  • External Risk – No
  • Legislative Risk – No
  • Operational Risk – No
  • Scope Creep Risk – No
  • Strategic Risk – No
  • Technology Risk (of the enterprise) – No


Integrating Agile and Traditional Risk Management  

It is important to understand the specific Agile Framework in use and assess how the organization will address each risk category it faces.  Some risk categories may be covered by the Agile framework. Other categories of risk may be covered by traditional risk management.  Yet other categories will require a coordinated approach where the responsibilities and hand-offs points are clearly identified.

Key steps to integration include:

  • Document how risks are handled in the Agile Framework
  • Make plans for each risk category and apportion the effort to Agile, traditional, or hybrid management.
  • Ensure known risks are embedded into the customer requirements documentation.  
  • Assign risk activities to Agile teams in terms of the Agile framework phases.
  • Create an appendix to the Risk Management plan that specifically communicates to Agile teams their roles and responsibilities.
  • Ensures that the Definition(s) of Done includes appropriate risk management considerations and risk reporting.

If your organization is looking to better integrate Project and Risk Management activities within your specific Agile environment, LMI’s team of Project and Portfolio Management (PPM) subject matter experts can help. For more information, please contact LMI’s Program Planning and Investment Management (PP&IM) Sub-Service line Vice President, Mark McAlister, PPM Practice Area Lead (PAL), Vickie Sanchez, or Community of Practice (CoP) Lead, Jack Oliva.