Tuesday, December 5, 2023

Subscribe to the RSS Feed

Agile Risk Board

Posted by jc-Qualitystreet on 2009/07/23

Risk management is crucial on any IT projects.

It is a core activity of project management discipline, already well documented in Prince 2, PMBOK or CMMI (thus it is an essential part of an Agile CMMI model, expected by some of our client).

Unfortunately agile teams tend to abandon risk management considering applying agile practices is enough to avoid problems. We need to change it and reintroduce a risk management approach …
In an Agile-CMMI context, it’s a must !

The Good News … with adjustments, risk management is clearly more powerful with Agile methods. It is a great strength (often ignored or hidden). Monitored on a daily basis, the Agile Risk Board becomes a key element of the Information Radiator (with Task Board, Burndown chart, and User eXperience artifacts).

Agile Risk Board by Grosjean (based on De Marco - Lister)

Agile Risk Board by Grosjean (based on De Marco - Lister)


Yes it is ! Our Agile risk management :

  • Is less formal and done in a Lean spirit (in terms of value, decision making and waste elimination…)
  • Is collective and owned by the Team
  • Is facilitated by an Agile project Manager (ScrumMaster, Coach XP)
  • Is above all qualitative
  • Is ubiquitous and continuous
  • Is “action-oriented”
  • Is improved by Agile values, principles and practices
  • Provides us with much more control and monitoring points


  • Beginning of the project

I plan the Risk management activities, and invite the team to determine how to best manage risks (depending on the context, Agile only, Agile-CMMI …). This is a short exercise that describes how agile management will be done in the specific project. Required, process oriented but useful and no time consuming.

  • Sprint 0

Collectively during a workshop we seek to identify risks and prioritize them according to conventional parameters (probability of occurrence and potential impact). Taxonomy, check lists and brainstorming ! Classic.

  • At each sprint

The beginning and the end of each sprint are important milestones. Risks are formally included in the agenda of the Sprint planning meeting and Sprint Review. They are discussed with the team. A good thing if the Agile Project manager needs to report.

Risks are identified during all Scrum meetings (Planning release + Planning meeting, Daily Scrum, Sprint review and Retrospective)

Risks are assessed and managed with strategies for addressing them during all Scrum meetings. Strategies (Mitigate, avoid, transfer, accept ), associated risks and actions are written on the risk board (as the example above).

Risks are continuously monitored on the Information radiator, mainly through the Risk board but also with the Task board and BurnDown Chart (immediate visible result of good or ineffective risk management strategies). Risk management is now collective and HIGLY VISIBLE.


Yes it is  !Concerning risk management, PMI, the Project Management Institute (via PMBOK) and SEI, the Software Engineering Institute (via CMMI) have almost the same approach.

Risk Management (RSKM, Maturity Level 3) is the process area dedicated to risk in CMMI (Capability Maturity Model Integration). “The purpose of Risk management is to identify potential problems before they occur so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives”. Through RSKM, CMMI requires you answer three specific objectives:

  1. Prepare for Risk Management => Yes
  2. Identify and Analyze Risks => Yes
  3. Mitigate Risks => Yes

The agile risk management and its specific practices described above enable you to answer these three objectives and to get direct or indirect evidences needed in appraisal contexts (SCAMPI).

Project Risk management Is one of the nine knowledge areas described in the PMBOK guide (Project Management Body of Knowledge). “The objectives of Project Risk Management are to increase the probability and impact of positive events and decrease the probability and impact of events adverse to the project”

Project Risk management contains 5 processes:

  1. Risk Management planning => Yes

  2. Risk identification => Yes

  3. Risk Analysis => Yes

  4. Risk response planning => Yes

  5. Risk monitoring and controlling => Yes

One more time, the 5 processes map very well with Agile Risk management practices, even if the Agile Project Manager acts more as a facilitator.

THE BENEFITS: risk management is highly visible, monitored on a daily basis and is everyone’s business.

  • Andrey Yasinetskiy said,

    very good article. I think we will try this in our team. we’re always looking in something new in agile practices.

    There’s only one question. Could you describe in more details the structure of this risk board please? Maybe via email.


  • Bruce Benson said,

    Too many folks don’t take the time to see how so many different techniques really are trying to accomplish the same thing.

    Once this is seen, it is much easier to integrate various effort together – in complimentary ways.

    Nice summary.

    Bruce Benson

  • A Few Resources On Agile Risk Management « Agile Tools said,

    […] Agile Risk Board | Agile UX […]

  • rakesh said,


    This is really great post. almost cover the risk management of scrum. am doing masters reaserach on scrum risk management. i prepared most of the questions from this post and solutions also.

    is it possible to contact through mail, i really need your great asisstance.

    rakesh kandukuri

  • rakesh said,


    How to make decisions on risk prioritization and who is involve in the decision making team.

    the whole scrum team is going to solve the risks or only particular members are assigned..

    rakesh kandukuri

home | top