Disciplined Agile

Address Risk

This ongoing process goal describes how we will identify, mitigate, and monitor risks within our team. Although the project management community prefers the term “manage risk” rather than “address risk,” not surprisingly, we find that the word manage comes with too much baggage—managing risk leaves the door open to needless bureaucracy, whereas addressing risk motivates us to focus on dealing with the challenges that we face. This process goal focuses on risk at the team level, whereas the Governance process blade focuses on addressing enterprise risk. To be effective, we need to consider several important questions:

  • How will we manage identified risks?
  • How will we mitigate risks?
  • How will we monitor risks?
2021 Project Management Institute Address Risk v5.2 Choose Risk Strategy Identify risk appetite Identify risk attitude Identify risk threshold Risk/value life cycle Tailor your approach Identify Risks Collaborative discussions Expert judgment Formal risk session Informal risk session Interviews Patterns/common lists SWOT analysis Categorize Risks Architecture Dependency Economic Environmental Legal Life cycle Political Quality and testing Requirement Schedule Socio-cultural - Teams Security Identify Compound Risks Identify aggregate risks Identify dependent risks Classify and Score Risks Assess probability Assess impact Assess severity Qualitative analysis (prioritization) Qualitative analysis (quantification) Quantitative analysis Address a Threat Avoid Mitigate Transfer Escalate Accept Address an Opportunity Exploit Escalate Share Enhance Accept Document a Risk Sticky notes/index cards Lightweight description Detailed description Track Risks Work backlog Risk burndown Risk backlog Risk list Risk register/database No tracking Monitor Risks Information radiators Informal reviews Audit/formal reviews

Figure 1. The Address Risk process goal diagram (click to enlarge)

You can use the DA Browser to learn more about the options in the goal diagram of Figure 1. 

Why This is Important

There are several reasons why this process goal is important:

  1. We face many risks. Many risks are addressed within the team, but some risks we’ll need help from outside the team to address. Disciplined teams make risks transparent, making it easier for them to garner the help they need.
  2. Understanding the level of risk is a critical decision factor for moving forward. The DA life cycles have built in, risk-based milestones as overviewed in Figure 2. At each milestone point there is a go-forward decision made where the current level of risk faced by the team is considered.
  3. Reducing risk increases our chance of success. Enough said.
  4. It’s usually better to deal with risks early (in other words, shift risk mitigation left). Risks tend to grow (but not always). If a risk proves to be a problem, it’s better to know that early when we still have time and budget to fix it, or if the risk proves insurmountable, it’s better to cancel or go in a different direction and thereby not waste time and money.
Risk Value

Figure 2. Decreasing risk and increasing value throughout a disciplined agile project (click diagram to expand)

Key Points

  • Risks should be identified, assessed, and addressed appropriately throughout the life cycle.
  • DAD teams have a better risk profile compared to Scrum teams, which in turn have a better risk profile than traditional teams.