Skip to main content

Saved Posts

Effective Risk Management That Isn’t Boring

Jesse Fewell
Reading: Effective Risk Management That Isn’t Boring

Last week at Agile 2012, there were a couple Risk Management talks that blew my mind.  I was already comfortable with the notion that Agile methods offer a set of effective IMPLICIT risk management practices (e.g. iterative learning cycles, fully tested iteration increments). But this past week, I learned the community is beginning to mature a set of EXPLICIT risk management practices that can be embedded in your Agile methods.

Mike Griffiths shared his experiments with using collaboration games to improve Risk Management practices. He has a multi-part blog series that goes through the approach in detail, but the most important  can be summarized in 3 points. Meanwhile, LeadingAgile’s very own Dennis Stevens had a talk where he challenged people to move beyond 1-dimensional thinking. Here is my summary of the key points from both talks.

Effective Risk Management Techniques

Make risk planning more engaging. In his talk, Mike asserted that we need to get beyond the idea that Risk Management has to be boring academic exercise. He does this by renaming the standard risk management processes to be more playful. “Risk Identification” becomes “Find Friends and Foes”. “Qualitative Risk Management” becomes “Post Your Ad”, where risks look more like a job board. This helps us get over the anxiety of being perfect or technically correct.

Make risk planning more holistic. Dennis suggested we involved multiple disciplines in risk analysis, rather than just the ivory tower project manager. Technical people, operations people, HR people, all need to be a part of the conversation. He also highlighted our tendency to go straight into the weeds (“IF the shipment of servers is late, THEN our testers will be late getting started”). Instead, Dennis proposed a multi-tiered taxonomy for thinking about risk at progressively higher levels. Specifically, a Risk Category (e.g Security) will cover many different Risk Drivers (e.g. Fraudulent Transactions), which will in turn unearth the Risk Events (“IF a customer deposits  More people thinking about risk at more levels.

Think of risk at multiple levels


Make risk planning more visual. Mike shows a few examples of hands-on collaboration games for performing the risk management processes. This moves the risk conversation into a more whole-brained activity, where both left and right hemisphere activities are engaged. Also, it keeps the risks front-and-center in our minds as we perform the project, rather than having them archived in a spreadsheet somewhere.

Team’s visual brainstorm of risks


What about you: What EXPLICIT risk management techniques do you add into your Agile projects?


Next Team WIKISPEED at Agile 2012

Comments (6)

  1. julian

    “Holistic risk planning” sounds rather like what Swiderski was advocating in his “Threat Modeling” book.

    • Jesse Fewell

      Interesting point, Julian. I confess I had to google Threat Modeling…”a description of the [system] security issues the designer cares about, or a description of a set of security aspects for a system”. So yes, one could argue that holistic risk management is akin to thread modeling for a project.

      Thanks for the comment!

    • Jesse Fewell

      Chitra! Great to hear from you. I’m glad you posted, but you need to send me an email or something :)

  2. Risk Management Practices

    Risk management practices are important in the organisation to identify and avoid the risks which business may face in the future. Proper planning can control and minimise adverse impact of the threat.


Leave a comment

Your email address will not be published. Required fields are marked *