Management of Risks in a Scrum Environment

Risk?is defined as an uncertain event that can affect the objectives of a project and may contribute to its success or failure. Risks with a potential for positive impact on the project are called opportunities, whereas threats are risks that could negatively impact a project.

In a Scrum environment, risks are generally minimized, largely due to the work being done in Sprints whereby a continuous series of Deliverables is produced in very short cycles, Deliverables are compared to expectations, and the Product Owner is actively engaged in the project. However, even in the simplest of projects, things can go wrong, so it is important to have a strategy to identify and address risks.

Risks should be identified, assessed, and responded to based primarily on two factors: the probability of an occurrence and the probable impact in the event of the occurrence. Risks with a high probability and high impact rating should be addressed before those with a lower rating. In general, once a risk is identified, it is important to understand the basic aspects of the risk with regard to the possible causes, the area of uncertainty, and the potential effects if the risk occurs.

Risk, as defined in?A Guide to the Scrum Body of Knowledge?(SBOK? Guide), is applicable to the following:

• Portfolios, programs, and/or projects in any industry
• Products, services, or any other results to be delivered to business stakeholders
• Projects of any size or complexity

Managing risk must be done proactively, and it is an iterative process that should begin at project inception and continue throughout the life of the project. The process of managing risk should follow some standardized steps to ensure that risks are identified, evaluated, and a proper course of action is determined and acted upon accordingly.

Risk Management consists of the following five steps, which should be done iteratively throughout the project:

• Risk identification: Using various techniques to identify all potential risks.
• Risk assessment: Evaluating and estimating the identified risks.
• Risk prioritization: Prioritizing risk to be included in the Prioritized Product Backlog.
• Risk mitigation: Developing an appropriate strategy to deal with the risk.
• Risk communication: Communicating the findings from the first four steps to the appropriate business stakeholders and determining their perception regarding the uncertain events.