Employee-Personal
Vanilla Agile Risk Management flavored with traditional practices
Presented By: Ankit Tandon
©AnkitTandon
Employee-Personal
Agenda
• Understanding Risk• Traditional Risk Management Approach• How does Agile Handles Risk?• My experimentation with it
©AnkitTandon
Employee-Personal
Understanding Risk
• Outsourced Performance Testing of the application to the third party and it seems like it wont be completed in time.
• Reference platform may not be available for Middleware/Application development.
• Big upfront design to get its specifications right.• Lack of support of key stake holders• Lack of knowledge to make a crucial architectural decision.
©AnkitTandon
Employee-Personal
Many Words for Same
RANDOMNESS
UNCERTAINITY VARIABILITY
RISK
©AnkitTandon
Employee-Personal
Risk Defined
• Risk is uncertainty that matters, i.e, uncertainty that if realized impacts one or more objectives in either a negative (threat) or a positive (opportunity)*
*As quoted by Dr Alan Moran
Employee-Personal
Traditional Risk Management
• In traditional risk management process, a complete list of potential risks with their priority and a plan to mitigate them is prepared upfront.
• It is based on the assumption that at the start all the uncertain events can be identified
• A lot of time and effort is spent towards these hypothetical risks both in upfront planning and in ongoing monitoring and discussion.
Employee-Personal
Risk Management In Agile
• The process is rather emergent in nature• The realization of risk occurs quickly and abruptly• Delay time is less as the risk gets highlighted in the daily stand
up, review, retrospectives or release/sprint planning meetings• It is more a real time thing in Agile• An application of Agile principles make the process robust and
antifragile
©AnkitTandon
Employee-Personal
…..But Is it enough….??
Are an application of these Agile practices enough to manage risks in an Agile bound project?
Or with little adjustments can the traditional risk management be more powerful with Agile methods?
©AnkitTandon
Employee-Personal
How Did I Do It?
• Embraced bare minimum traditional risk management techniques
• Customized it with core Agile principles to make it a lightweight framework
• Applied Agile principles to avoid self creation of intrinsic risks or uncertain events
• Applied engineering / technical practices for treatment (As required)
• Used Product Backlog to manage risks
©AnkitTandon
Employee-Personal
Identification Analyze Treatment Monitoring
The Flow..
©AnkitTandon
Employee-Personal
Risk Identification
Who
How
When
©AnkitTandon
Employee-Personal
Risk Breakdown Structure
Business
Product Others
OrganizationalSecurity
Project
©AnkitTandon
Employee-Personal
When
Backlog Refinement
Release Planning
Sprint Review
Daily Stand Up
Sprint Planning
©AnkitTandon
Employee-Personal©AnkitTandon
Employee-Personal
Identification
The Flow..
Analyze
©AnkitTandon
Employee-Personal
Risk Analysis
• Risk Analysis is done by deriving following:
-Probability (Likelihood of happening it)
-Impact (Cost, Schedule, Technical Performance, Reputation etc)
-Exposure is the quantified potential for loss that might occur as a result of some uncertainty (Multiplication of Probability and Cost)
Probability and Impact are measured on a scale of 1-5 with an explicit definition of what a 1,2,3 ,4 and 5 means.
©AnkitTandon
Employee-Personal
Identification
The Flow..
Analyze Treatment
©AnkitTandon
Employee-Personal
Risk RegisterDescription Probabi
lityImpact Exposure Response Sprint
New features may require significant rework and skills
4 3 12 Technical Spike - TA2031 created for investigation
Sprint 11
Database Scalability
4 3 12 Pending
Potential security flaws discovered
4 4 16 Security task created. TA2045 Sprint 11
Third party Integration challenges
3 2 6 Neha to sync up with Akamai team to figure out discrepancies and challenges. US 1103
Sprint 12
Video streaming schedule slipping - Technical challenges
2 3 6 Manav and Chris to pair program. TA 2099
Sprint 13
©AnkitTandon
Employee-Personal
Identification
The Flow..
Analyze Treatment Monitor
©AnkitTandon
Employee-Personal
Risk Modified Kanban Board
Story Tasks In Progress Review Done
US1101
US1144
US1271
Task Task
Task
Task Task Task
Task
Task
Task Task
Task Task
Normal Task Negative Risk Task Positive Risk Task
Employee-Personal
Risk Burn Down Chart
Day1 Day2 Day3 Day4 Day50
5
10
15
20
25
30
35
Exposure
EX
POSU
RE
©AnkitTandon
Employee-Personal
Risk Management Activities In Various Agile Meetings
Meetings Risk Identification
Risk Analysis Create Response
Monitor Response
Residual Risk Approval
Release Planning
S S S
Backlog Refinement
S S S
Sprint Planning
S S S
Daily Stand Up
C C C S
Sprint Review
C C C S S
S=Should be C=Could be
©AnkitTandon
Employee-Personal
Framework
Risk Identificatio
n
Risk Analysis
Create Response
Apply Response
Monitor Response
Risk Modified Kanban Board
Risk Burndown
Chart
Sign Off
Residual Risk
Risk Register
Appr
oved
Unapproved
UPDATE
Cr
eate
©AnkitTandon
Employee-Personal
Thank You!!
©AnkitTandon