Disciplined Agile

Address Risk

This Ongoing phase process goal describes how we will identify, mitigate, and monitor risks within our team. Although the project management community prefers the term “manage risk” rather than “address risk,” not surprisingly, we find that the word manage comes with too much baggage—managing risk leaves the door open to needless bureaucracy, whereas addressing risk motivates us to focus on dealing with the challenges that we face. This process goal focuses on risk at the team level, whereas the Governance process blade focuses on addressing enterprise risk.

Copyright Project Management Institute All Rights Reserved Address Risk v5.2 Choose Risk Strategy Identify risk appetiteIdentify risk attitudeIdentify risk thresholdRisk/value life cycleTailor your approach Identify Risks Collaborative discussionsExpert judgmentFormal risk sessionInformal risk sessionInterviewsPatterns/common listsSWOT analysis Categorize Risks ArchitectureDependencyEconomicEnvironmentalLegalLife cyclePoliticalQuality and testingRequirementScheduleSocio-cultural - TeamsSecurity Identify Compound Risks Identify aggregate risksIdentify dependent risks Classify and Score Risks Assess probabilityAssess impactAssess severityQualitative analysis (prioritization)Qualitative analysis (quantification)Quantitative analysis Address a Threat AvoidMitigateTransferEscalateAccept Address an Opportunity ExploitEscalateShareEnhanceAccept Document a Risk Sticky notes/index cardsLightweight descriptionDetailed description Track Risks Work backlog Risk burndownRisk backlogRisk listRisk register/databaseNo tracking Monitor Risks Information radiatorsInformal reviewsAudit/formal reviews

Figure 1. The Address Risk process goal diagram.

Click the diagram to open the interactive DA Browser, where you can learn more about the decision points and options of this goal.

Why This is Important

There are several reasons why this process goal is important:

  1. We face many risks. Many risks are addressed within the team, but some risks we’ll need help from outside the team to address. Disciplined teams make risks transparent, making it easier for them to garner the help they need.
  2. Understanding the level of risk is a critical decision factor for moving forward. The DA life cycles have built in, risk-based milestones as overviewed in Figure 2. At each milestone point there is a go-forward decision made where the current level of risk faced by the team is considered.
  3. Reducing risk increases our chance of success. Enough said.
  4. It’s usually better to deal with risks early (in other words, shift risk mitigation left). Risks tend to grow (but not always). If a risk proves to be a problem, it’s better to know that early when we still have time and budget to fix it, or if the risk proves insurmountable, it’s better to cancel or go in a different direction and thereby not waste time and money.
Risk Value

Figure 2. Decreasing risk and increasing value throughout a disciplined agile project (click diagram to expand)

Important Questions to Consider

  • How will we manage identified risks?
  • How will we mitigate risks?
  • How will we monitor risks?

Key Points

  • Risks should be identified, assessed, and addressed appropriately throughout the life cycle.
  • DAD teams have a better risk profile compared to Scrum teams, which in turn have a better risk profile than traditional teams.

January 2023