Risk management in Scrum – Insights

I am writing this post after exchanging tweets with @flowchainsensi.

The Nokia test provides criteria to measure the adequacy of Scrum implementation. If we have ScrumBut (aka inadequate Scrum), then we should not expect the accomplishments in terms of higher velocity, better quality and increased customer value.

Even while we are implementing ScrumBut, we should strive to show some value from using Scrum. This value will allow us to remove handicaps for Scrum implementation and therefore improve our score in Nokia test.

ScrumBut introduces risks to the project. Such risks should be managed using the rigor of Risk Management (RskM) process. PMBOK® and CMMI® have in-depth addressing of RskM details. Traditionally, software development is driven by risks. There are two drivers that can help us start brainstorming for risk identification.

  1. Risks originated from ScrumBut.
  2. Risks originated from not achieving the value which management expects as a result of using Scrum.
I suggest implementing weekly RskM as 30 minutes meeting to:
  1. Monitor the risks
  2. Update risks status
  3. Identify new risks
  4. Create actions to address risks

Such meetings and the outcomes tasks are planned in the sprint backlog.

Risk management in agile/ Scrum

I believe the Scrum frame-work itself is built to address risks. I managed CMMI® program which at heart of its level-3 is risk management and requirement to organize risks into taxonomy relevant to the organization. This taxonomy describes risks categories and attributes that in my opinion are addressed directly if we strictly apply Scrum. I think risk management is so powerful in the world of traditional project management. It reinforces the illusion that we can have a right plan at the beginning.
The advantage of risk management in traditional project management is getting the team together in up-front to assess the possible threats that the project might encounter in the future. Based on those threats the project plan is adjusted so it can weather the proposed risks. Also, it helps to gain extra budget from up-front in case the risks were materialized. Continue reading