Risk Management in Agile Projects
Article: Risk Management in Agile Projects
Author: Alan Moran, Ph.D., CRISC, CITP
The inherent cadence and iterative nature of Agile practices make them well suited for the management of a wide range of risk commonly encountered in product development and related projects.1 Indeed, the nature and pace of change in such undertakings present considerable challenges for traditional methods that presume well-defined and stable requirements, together with known risk, that can be captured and modelled using classic techniques. For example, the manner in which understanding of requirements evolves (e.g., facilitated workshops, Agile modelling), the explorative fashion in which designs are implemented (e.g., prototyping, architectural spikes) and the incremental delivery of solutions all help to tackle uncertainty and to promote desired outcomes. This is particularly true of highly innovative solutions where both the customer and the delivery team must collaboratively work together to iteratively define the scope and content of the final solution while tackling both upside and downside risk.
However, throughout Agile literature, there is also a pronounced tendency to focus exclusively on the downside of risk without considering opportunities that can be exploited. This is evident from the view, expressed in many methodologies, that risk should necessarily be considered as an exposure to potentially negative outcomes. Moreover, there is a prevailing view that merely being Agile suffices and that more explicit attention to the identification, assessment, treatment and monitoring of risk is, therefore, not warranted.
Read more
©2021 ISACA. All rights reserved.
