Sunday, March 18, 2012

Risk Management

Let us record the project risks in the following category:

Agile process is all about the change in the scope during the development process. We can make any number of changes to the scope before we commit the release date (of course, change is not allowed during the sprint J ). The change in the scope could be due to lowering business value, competition, internal business needs. Some time product owners may alter the scope due to avoid risks. Keeping this in view the if the risk is exposed to sprint, may not impact the release. Let us identify and analyze the risks in isolation for better project management.

I feel it is best way to look at the projects health in Sprint level and release level. Some of the risks for the sprint may impact the release especially when we are close to release dates.1.

Sprint:
–Issues and risks that are exposed to sprint however, these may not impact the release. (Eg: 3rd party software not available in sprint 4, can impact the completion of user stories for this sprint. However, this may not impact the release as the release may be after 5 – 6 sprints.) Scrum allows us to integrate the 3rd party software later time. Or whore user story can be dropped if the business value gets low during the course.

Release:

–Issues and risks are exposed to release level. Any risks exposed to release level will definitely impact sprint. We need to use expert judgment as sometimes certain risk is red for sprint can be yellow or green for release.

Every risk reported should have following
Risk Id: An unique identifies (we can use the convention used by PMF for user stories)

Description : self explanatory

Mitigation Plan – Identify the activities to eliminate the threat imposed by risk. More mitigations you suggest, the better Scrum Master you are. All that time we need to see that the project enters into mitigation route

Contingency Plan – Fall back Option in case of Risk Occurs. We can suggest multiple paths here.

Trigger: This is very important for us to identify the trigger. This will help us to act few days/weeks before occurrence if we know the trigger.

Risk Exposure can be calculated using following table

How to use Risk Table?




Impact - Scale – 1 to 3
Profanity- Scale – 0.1 to 1.0
Formula Impact X Probability = Criticality of Risk

How to Interpret?
IF the score is < 1 then the criticality is Low
If the score is > 1 and < 2 Criticality of Risk is Medium
If the Score is => 2 then criticality is “High”

Risk Exposure (E) = Probability * Impact

For simplicity let us categorize only High, Medium and Low.

· Owner: who can work on mitigation or own the responsibility for contingency. Most of the time, scrum master or product owner.
· Action Items:
Reporting risks without A.I. is like reading news paper. Make sure that all relevant AI to be recorded for Mitigation or Contingency.