The document presents a hybrid approach to risk management that combines traditional practices with agile methodologies. It outlines how risks are identified, analyzed, treated, and monitored within an agile framework while emphasizing the importance of real-time risk detection during agile ceremonies. The author shares insights from experimentation with integrating traditional risk management techniques to enhance agile practices.

2. Vanilla Agile Risk Management flavored with
traditional practices
Employee-Personal
Presented By: Ankit Tandon
©AnkitTandon

3. Agenda
• Understanding Risk
• Traditional Risk Management Approach
• How does Agile Handles Risk?
• My experimentation with it
Employee-Personal©AnkitTandon

4. Understanding Risk
• Outsourced Performance Testing of the application to the third
party and it seems like it wont be completed in time.
• Reference platform may not be available for
Middleware/Application development.
• Big upfront design to get its specifications right.
• Lack of support of key stake holders
• Lack of knowledge to make a crucial architectural decision.
Employee-Personal©AnkitTandon

5. Many Words for Same
Employee-Personal
RANDOMNESS
UNCERTAINITYVARIABILITY
RISK
©AnkitTandon

6. Risk Defined
• Risk is uncertainty that matters, i.e, uncertainty that if
realized impacts one or more objectives in either a
negative (threat) or a positive (opportunity)*
Employee-Personal
*As quoted by Dr Alan
Moran

7. Traditional Risk Management
• In traditional risk management process, a complete list of
potential risks with their priority and a plan to mitigate them is
prepared upfront.
• It is based on the assumption that at the start all the uncertain
events can be identified
• A lot of time and effort is spent towards these hypothetical
risks both in upfront planning and in ongoing monitoring and
discussion.
Employee-Personal

8. Risk Management In Agile
• The process is rather emergent in nature
• The realization of risk occurs quickly and abruptly
• Delay time is less as the risk gets highlighted in the daily stand
up, review, retrospectives or release/sprint planning meetings
• It is more a real time thing in Agile
• An application of Agile principles make the process robust and
antifragile
Employee-Personal©AnkitTandon

9. …..But Is it enough….??
Are an application of these Agile practices enough to manage
risks in an Agile bound project?
Or with little adjustments can the traditional risk management be
more powerful with Agile methods?
Employee-Personal©AnkitTandon

10. How Did I Do It?
• Embraced bare minimum traditional risk management
techniques
• Customized it with core Agile principles to make it a
lightweight framework
• Applied Agile principles to avoid self creation of intrinsic
risks or uncertain events
• Applied engineering / technical practices for treatment (As
required)
• Used Product Backlog to manage risks
Employee-Personal©AnkitTandon

11. Identification Analyze Treatment Monitoring
Employee-Personal
The Flow..
©AnkitTandon

12. Risk Identification
Who
How
When
Employee-Personal©AnkitTandon

13. Risk Breakdown Structure
Busines
s
Product
Others
Organiz
ationalSecurity
Project
Employee-Personal©AnkitTandon

14. When
Backlog
Refineme
nt
Release
Planning
Sprint
Review
Daily
Stand Up
Sprint
Planning
Employee-Personal©AnkitTandon

15. Employee-Personal©AnkitTandon

16. Identification
Employee-Personal
The Flow..
Analyze
©AnkitTandon

17. Risk Analysis
• Risk Analysis is done by deriving following:
-Probability (Likelihood of happening it)
-Impact (Cost, Schedule, Technical Performance, Reputation etc)
-Exposure is the quantified potential for loss that might occur as a result of
some uncertainty (Multiplication of Probability and Cost)
Probability and Impact are measured on a scale of 1-5 with an explicit
definition of what a 1,2,3 ,4 and 5 means.
Employee-Personal©AnkitTandon

18. Identification
Employee-Personal
The Flow..
Analyze Treatment
©AnkitTandon

19. Risk Register
Description Probabi
lity
Impact Exposure Response Sprint
New features
may require
significant
rework and
skills
4 3 12 Technical Spike - TA2031
created for investigation
Sprint 11
Database
Scalability
4 3 12 Pending
Potential
security flaws
discovered
4 4 16 Security task created. TA2045 Sprint 11
Third party
Integration
challenges
3 2 6 Neha to sync up with Akamai
team to figure out
discrepancies and challenges.
US 1103
Sprint 12
Video streaming
schedule
slipping -
Technical
challenges
2 3 6 Manav and Chris to pair
program. TA 2099
Sprint 13
Employee-Personal
©AnkitTandon

20. Identification
Employee-Personal
The Flow..
Analyze Treatment Monitor
©AnkitTandon

21. Risk Modified Kanban Board
Story Tasks In Progress Review Done
US1101
US1144
US1271
Task Task
Task
TaskTask Task
Task
Task
Task Task
Task Task
Normal Task Negative Risk Task Positive Risk Task
Employee-Personal

22. Risk Burn Down Chart
Employee-Personal
0
5
10
15
20
25
30
35
Day1 Day2 Day3 Day4 Day5
Exposure
EXPOSURE
©AnkitTandon

23. Risk Management Activities In Various Agile
Meetings
Employee-Personal
Meetings Risk
Identification
Risk Analysis Create
Response
Monitor
Response
Residual Risk
Approval
Release
Planning
S S S
Backlog
Refinement
S S S
Sprint
Planning
S S S
Daily
Stand Up
C C C S
Sprint
Review
C C C S S
S=Should be C=Could be
©AnkitTandon

24. Framework
Employee-Personal
Risk
Identification
Risk
Analysis
Create
Response
Apply
Response
Monitor
Response
Risk
Modified
Kanban
Board
Risk
Burndown
Chart
Sign Off
Resi
dual
Risk
Risk Register
Approved
Unapproved
UPDATE
Create
©AnkitTandon

25. Thank You!!
Employee-Personal©AnkitTandon