Friday, March 1, 2024

Subscribe to the RSS Feed

Agile Risk Board

Posted by jc-Qualitystreet on 2009/07/23

Risk management is crucial on any IT projects.

It is a core activity of project management discipline, already well documented in Prince 2, PMBOK or CMMI (thus it is an essential part of an Agile CMMI model, expected by some of our client).

Unfortunately agile teams tend to abandon risk management considering applying agile practices is enough to avoid problems. We need to change it and reintroduce a risk management approach …
In an Agile-CMMI context, it’s a must !

The Good News … with adjustments, risk management is clearly more powerful with Agile methods. It is a great strength (often ignored or hidden). Monitored on a daily basis, the Agile Risk Board becomes a key element of the Information Radiator (with Task Board, Burndown chart, and User eXperience artifacts).

Agile Risk Board by Grosjean (based on De Marco - Lister)

Agile Risk Board by Grosjean (based on De Marco - Lister)


Yes it is ! Our Agile risk management :

  • Is less formal and done in a Lean spirit (in terms of value, decision making and waste elimination…)
  • Is collective and owned by the Team
  • Is facilitated by an Agile project Manager (ScrumMaster, Coach XP)
  • Is above all qualitative
  • Is ubiquitous and continuous
  • Is “action-oriented”
  • Is improved by Agile values, principles and practices
  • Provides us with much more control and monitoring points


  • Beginning of the project

I plan the Risk management activities, and invite the team to determine how to best manage risks (depending on the context, Agile only, Agile-CMMI …). This is a short exercise that describes how agile management will be done in the specific project. Required, process oriented but useful and no time consuming.

  • Sprint 0

Collectively during a workshop we seek to identify risks and prioritize them according to conventional parameters (probability of occurrence and potential impact). Taxonomy, check lists and brainstorming ! Classic.

  • At each sprint

The beginning and the end of each sprint are important milestones. Risks are formally included in the agenda of the Sprint planning meeting and Sprint Review. They are discussed with the team. A good thing if the Agile Project manager needs to report.

Risks are identified during all Scrum meetings (Planning release + Planning meeting, Daily Scrum, Sprint review and Retrospective)

Risks are assessed and managed with strategies for addressing them during all Scrum meetings. Strategies (Mitigate, avoid, transfer, accept ), associated risks and actions are written on the risk board (as the example above).

Risks are continuously monitored on the Information radiator, mainly through the Risk board but also with the Task board and BurnDown Chart (immediate visible result of good or ineffective risk management strategies). Risk management is now collective and HIGLY VISIBLE.


Yes it is  !Concerning risk management, PMI, the Project Management Institute (via PMBOK) and SEI, the Software Engineering Institute (via CMMI) have almost the same approach.

Risk Management (RSKM, Maturity Level 3) is the process area dedicated to risk in CMMI (Capability Maturity Model Integration). “The purpose of Risk management is to identify potential problems before they occur so that risk-handling activities may be planned and invoked as needed across the life of the product or project to mitigate adverse impacts on achieving objectives”. Through RSKM, CMMI requires you answer three specific objectives:

  1. Prepare for Risk Management => Yes
  2. Identify and Analyze Risks => Yes
  3. Mitigate Risks => Yes

The agile risk management and its specific practices described above enable you to answer these three objectives and to get direct or indirect evidences needed in appraisal contexts (SCAMPI).

Project Risk management Is one of the nine knowledge areas described in the PMBOK guide (Project Management Body of Knowledge). “The objectives of Project Risk Management are to increase the probability and impact of positive events and decrease the probability and impact of events adverse to the project”

Project Risk management contains 5 processes:

  1. Risk Management planning => Yes

  2. Risk identification => Yes

  3. Risk Analysis => Yes

  4. Risk response planning => Yes

  5. Risk monitoring and controlling => Yes

One more time, the 5 processes map very well with Agile Risk management practices, even if the Agile Project Manager acts more as a facilitator.

THE BENEFITS: risk management is highly visible, monitored on a daily basis and is everyone’s business.