This document summarizes a presentation on using Agile practices to manage risks in software development projects. It discusses how core Agile practices like frequent collaboration, iterative delivery of working software, and addressing hard problems earlier can help reduce and control risks. It also explains how scaled Agile frameworks and practices like automated testing, continuous integration and delivery further enhance risk monitoring and management. The overall proposition is that Agile approaches are better than traditional methods for managing risks and improving control over project delivery outcomes.

1. Risk Management in
an Agile Lifecycle
PMI Chicagoland
Professional Development Day
November 1, 2013
Elena Yatzeck
eyatzeck@gmail.com

2. Or…Optimized Risk
Management With Agile

3. What is Agile?

4. Popular Agile Brands
v Scrum - Jeff Sutherland and Ken Schwaber/Mike
Cohn
v Lean Software Development - Tom and Mary
Poppendieck
v Extreme Programming - Kent Beck
v PMI-ACP

5. Agenda
v Proposition: choose Agile if you want less risk and better
control.
v Core Agile practices that better reduce, monitor, and
control risk:
v Do the hardest things first: create frameworks
v Embrace the wisdom of crowds
v Always have a working build that can deploy a full working
system
v Agile at Scale practices:
v Build a big enough scaffold
v Automate

6. What is the greatest source of
risk on the diagram?

7. Solution: Reduce In-cycle Risk, and
Enhance Monitoring & Controls

8. Agile Minimizes Change Risk

9. Agenda
v Proposition: choose Agile if you want less risk and better
control.
v Core Agile practices that better reduce, monitor, and
control risk:
v Do the hardest things first: create frameworks
v Embrace the wisdom of crowds
v Always have a working build that can deploy a full working
system
v Agile at Scale practices:
v Build a big enough scaffold
v Automate

10. Long Runways Are Needed

11. Concretely
v Identify what you don’t know and quickly learn it:
“Spikes”
v Solutions architecture: how will the pieces work?
Build frameworks (not fully detailed):
v Life of a Query
v Data model
v Error handling
v Riskiest system pieces first (along with highest value to
product owner)

12. Agenda
v Proposition: choose Agile if you want less risk and better
control.
v Core Agile practices that better reduce, monitor, and
control risk:
v Do the hardest things first: create frameworks
v Embrace the wisdom of crowds
v Always have a working build that can deploy a full working
system
v Agile at Scale practices:
v Build a big enough scaffold
v Automate

13. Increase Risk Monitoring with
Crowd Wisdom

14. Concretely
v Hire the whole team, provision them properly, and keep
them all the way through.
v Schedule and facilitate efficient communication paths and
meetings:
v Collocation
v Daily stand-up
v Story and backlog refinement
v Story kick-offs and desk checks
v Demos, Product Owner sign-offs, Showcases
v Information radiators

15. Agenda
v Proposition: choose Agile if you want less risk and better
control.
v Core Agile practices that better reduce, monitor, and
control risk:
v Do the hardest things first: create frameworks
v Embrace the wisdom of crowds
v Always have a working build that can deploy a full working
system
v Agile at Scale practices:
v Build a big enough scaffold
v Automate

16. Working Software

17. Concretely
v Build environments and deployment pipeline first.
v Build your continuous integration engine, and implement
“hello world” before anything else.
v *DD techniques:
v ATDD:
v Build automated end-to-end acceptance tests first;
incorporate functional details before story acceptance
v Build end-to-end flows first, then add details
v BDD: Build failing functional tests within E2E framework
first; satisfy with working software
v TDD: Build failing unit tests first, one at a time; Write just
enough functionality to make unit tests pass.

18. But wait!
There’s more!

19. Agenda
v Proposition: choose Agile if you want less risk and better
control.
v Core Agile practices that better reduce, monitor, and
control risk:
v Do the hardest things first: create frameworks
v Embrace the wisdom of crowds
v Always have a working build that can deploy a full working
system
v Agile at Scale practices:
v Build a big enough scaffold
v Automate

20. Build a Big Enough Scaffold

21. Concretely
Scaled Agile
Framework
Disciplined Agile Delivery
Scrum … AND

22. Agenda
v Proposition: choose Agile if you want less risk and better
control.
v Core Agile practices that better reduce, monitor, and
control risk:
v Do the hardest things first: create frameworks
v Embrace the wisdom of crowds
v Always have a working build that can deploy a full working
system
v Agile at Scale practices:
v Build a big enough scaffold
v Automate

23. Automation

24. Concretely: Don’t Just Log.
Dashboard.

25. For REAL Risk
Management…Go Agile!

26. Questions?
Elena Yatzeck | JPMorgan Chase | eyatzeck@gmail.com | 773-573-7114
http://pagilista.blogspot.com

27. As Manifesto Hints: Agile Is All About
Reducing Risk of the Unknown
We are uncovering better ways of developing software by doing
it and helping others do it. Through this work we have come to
value:
v Individuals and interactions over processes and tools
v Working software over comprehensive documentation
v Customer collaboration over contract negotiation
v Responding to change over following a plan
That is, while there is value in the items on the right, we value
the items on the left more.

28. Abstract
Increasingly, risk control is key to successful project delivery, and large companies are
incorporating Agile practices into their SDLC specifically to improve their risk
controls. Although Agile has a reputation for “legalized cowboy coding,” core Agile
principles actually accelerate identification of risks, enabling more time for mitigation.
Additionally, some of the newer Agile practices create even better controls over
project delivery risk, making Agile the best available framework for risk control.
Core Practices that Control Risk:
• Group conversation provides “wisdom of teams” to bring out risks earlier.
• Partitioning the work into small pieces instead of handling in batch allows for
better quality control and business inspection.
• “Fail fast” philosophy puts “solving unknowns” first in line for project execution,
and asks IT to start identifying those unknowns and proving out solutions from
Day 1.
Evolved Agile Practices:
• “Scrum-AND” and other scaled Agile frameworks call for a mandatory, collocated
workshop at the start of the project (business and all roles represented) to build a
higher quality backlog that can be prioritized for risk.
• Continuous integration, delivery, and deployment with automated testing
guarantee defect-free software that meets functional requirements from day 1.