ebook img

Agile Risk Management PDF

110 Pages·2014·3.352 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Agile Risk Management

SPRINGER BRIEFS IN COMPUTER SCIENCE Alan Moran Agile Risk Management SpringerBriefs in Computer Science For furthervolumes: http://www.springer.com/series/10028 Alan Moran Agile Risk Management 123 Alan Moran Zurich Switzerland ISSN 2191-5768 ISSN 2191-5776 (electronic) ISBN 978-3-319-05007-2 ISBN 978-3-319-05008-9 (eBook) DOI 10.1007/978-3-319-05008-9 Springer ChamHeidelberg New YorkDordrecht London LibraryofCongressControlNumber:2014931762 (cid:2)TheAuthor(s)2014 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionor informationstorageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purposeofbeingenteredandexecutedonacomputersystem,forexclusiveusebythepurchaserofthe work. Duplication of this publication or parts thereof is permitted only under the provisions of theCopyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the CopyrightClearanceCenter.ViolationsareliabletoprosecutionundertherespectiveCopyrightLaw. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexempt fromtherelevantprotectivelawsandregulationsandthereforefreeforgeneraluse. While the advice and information in this book are believed to be true and accurate at the date of publication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityfor anyerrorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,with respecttothematerialcontainedherein. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Foreword Agileisnolongerahype.Ithasmatured—weevenhaveanAgileMaturityModel! Itisbeingusedacrosstheglobeandcontinuestobeinnovated,overcomingmany old myths as well as some new ones. However, our work is not complete and it will always demand ofus that we keep up with new developments intechnology, societyandourworkingenvironment.Oneoftheseareasisagileriskmanagement. The most used method of risk management I know is people just writing risks down! With pride people will show you their most brilliant Excel sheets with fifteentotwentycolumnsthatpresentinformationonwhattheyperceivedasrisks in a given situation. Rarely do I meet people who actually manage risk, let alone manage it in an agile way! Thisbringsustoanimportantquestion,whatisagileriskmanagement?Ihave beendiscussingthiswithAlanandweagreeonthefactthatagileriskmanagement meansmanagingrisksinsuchawaythatitfacilitatestheagileinteractionconcept just like any other agile practice or technique. Alan takes agile risk management a step further. He changes the perception of whatariskisandwhatitcanbringtoaprojectorateam.Wehavebeenoverthis groundagainandagainandeachtimemorevaluehasbeenadded.Hebustsafew myths and brings new techniques tothe table. I hope that you will notonly enjoy this book but that it will also help you in your work and give you new insights. I congratulate Alan on this work and hope to see more like it soon! Arie van Bennekum v Preface Thisbookisacriticalanalysisofthepracticeofriskmanagementinagilesoftware development projects. Risk, defined in terms of uncertainty relating to project objectives,istreatedbothasathreatandasanopportunitywhereinthepitfallsand rewards that underpin project success lie. Although the agile community fre- quently cites risk management, research suggests that risk is often narrowly framed and at best implicitly treated, which in turn leads to an inability to make informed decisions concerning risk and reward and a poor understanding about when to engage in risk-related activities. Moreover, the absence of reference to enterprise risk management means that project managers are unable to clearly articulate, scope or tailor their projects in line with the wider expectations of the organisation. Yet the agile approach, with its rich toolset of techniques, is more than equipped to effectively and efficiently deal with the risks that arise in projects. In this book we endeavour to address the above issues by proposing an agile risk management process derived from classical risk management but adapted to the circumstances of agile projects. We thus express the agile approach to risk man- agement and illustrate its application to selected methodologies (XP, Scrum and DSDM) chosen on account of their varying foci on the software development process and their attitudes towards risk. Though our interest lies in the software development process, much of what we say could be applied to other types of IT projects. Audience This book is intended for those directly involved in agile software development whoshareaconcernforhowriskshouldbemanaged.Theprimaryinterestgroups include project and risk managers, agile practitioners and general IT managers. Whilst we do not presume a thorough background in risk management, we do assume some basic level offamiliarity with or exposure to agility. Where appro- priate we refer the reader to more detailed sources in the literature. vii viii Preface Overview We begin in the chapter ‘‘Agile Software Development’’ with an initial survey of agilityfocusingonthoseaspectsthatareofrelevancelaterinthebookandusethis opportunity to introduce our three main methodologies (i.e., XP, Scrum and DSDM). We characterize the cyclical nature of iterative development and incre- mental delivery in terms of agile charting (and related notions such as slicing, clock facing and escape velocity)andshow how this toolcan beused tofacilitate communication and improve understanding within an agile team. We conclude withsomeremarksconcerningthecurrentstateofagilityandcommentbrieflyon the management perspective. Inthe‘‘ProjectRiskManagement’’chapterweformallydefineprojectriskand conductacomprehensivesurveyofprojectriskmanagementasitisunderstoodby riskmanagers.Weillustratetheconsensusviewbysynthesizingbestpracticesinto a generic model of project risk management before moving on to the notion of enterprise risk management. In effect this sets the standard and defines the core conceptsthatagileriskmanagementmustembraceifwearetoseriouslyapplyrisk management in agile projects. The reader already familiar with the details of project risk management may choose to skim over this chapter. Inthechapter‘‘AgileRiskManagement’’,wefirstexplorehowriskisperceived andidentifysomeoftheshortcomingsofagilemethodologiesbeforeproposingan agile risk management process that is loosely based on traditional project risk management, though we introduce a number of adaptations that make it more meaningfulinthecontextofagileprojects.Thisprocessisconcernedwithhowto risk scope a project and how to interpret this in the context of the wider risk environment by introducing the notion of a risk driver map. We then use agile chartingtoexplorehowamethodologycanberisktailoredattheprojectlevel.In our treatment of risk management we explain a couple of techniques that can be used to identify risks during iteration planning and then go on to explain the options available to risk managers and the principles that underpin them. We introduce a number of tools such as a risk list and show how risks can be treated withacombinationofrisktasking,risktechniqueingorcontingencyplanning.We showhowtomakerisksvisibleusingariskmodifiedKanbanboardandmoveon to describing a risk reporting technique using risk burndowns. We acknowledge the systemic nature of risk, iteration residual risk, and how to measure the effectiveness of risk management in terms of the iteration residual risk ratio. In‘‘ApplyingAgileRiskManagement’’weillustratetheapplicationoftheagile risk management processtoour chosen methodologies. We criticallyreview each methodologyanddescribeitschiefcharacteristicsandlevelofmaturityinrelation torisk. From there we offer concrete advice and guidance on how toconductrisk management and relate our suggestions to existing artefacts and practices found within the respective methodologies. Our final chapter on ‘‘Enterprise Agility’’ notes the rise of frameworks (including DAD and SAFe) that attempt to scale agile practices to the enterprise Preface ix and we evaluate their contribution to agile risk management. We note an absence of reference to enterprise risk management though there are indications of a growing awareness and maturity. Terminology Throughout we strive towards simplicity, clarity and neutrality in our use of ter- minologyandforreasonsofpersonaltasteweoftenprefertheterm‘‘agility’’over ‘‘agile’’ (e.g., ‘‘enterprise agility’’ rather than ‘‘enterprise agile’’). We seek to use neutral language that is already widely accepted or understood within the agile community. Thus we refer to ‘‘daily stand-ups’’ (rather than the more methodo- logically specific ‘‘Daily Scrum’’), ‘‘Kanban (board)’’ (rather than ‘‘Scrum-ban’’) and ‘‘backlog’’ (rather than the ‘‘product/Sprint backlog’’ of Scrum or the ‘‘pri- oritized requirements list’’ of DSDM). We trust that the context will render clear what is meant by our use of the terms and that no bias towards a specific meth- odology be inferred through our choice of nomenclature. Needless to say some termsaresimplyapplieddifferentlyaccordingtomethodologysothatalthoughwe use ‘‘iteration’’inthe manner already defined earlier, we appreciatethat thisterm is used in a broader sense in Scrum and a narrower sense in DSDM. Instead we respect our mutual differences and endeavour to make our language more precise where appropriate. Acknowledgments Though this book was born of efforts by the author to integrate risk management practices over a period of many years of setting up and working with agile pro- cesses, a truly deep understanding of how agility really works can only be achieved by working together with and learning from others. We would like to extendourthankstoallwhodirectlyorindirectlycontributedtothisbookthrough their discussions, feedback and comments and through the exchange of experi- ences based on mutual respect and tolerance. Special thanks is afforded to our reviewers Scott Amber, Arie van Bennekum, Jutta Eckstein, Julia Godwin, Margaret Stewart and Patrick Verheij whose insightful remarks and comments helped validate and clarify the ideas raised in this book. Finally, since nothing would have been possible without the love and support of Helen, Markus and Patrick it is to them that I owe an unrepayable debt! Contents Agile Software Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Agile Defined. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Iterations and Increments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Agility in Practice. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Comparing Methodologies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Agile Charting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 State of Agility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Management Perspective. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Concluding Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Project Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Definition of Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Cultural Attitudes to Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Synthesis of Risk Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Initiation and Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Risk Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Risk Assessment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Risk Treatment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Risk Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Risk Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Enterprise Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Agile Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Agility and Risk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Why Risk Management Matters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Agile Risk Management Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Project Context and Risk Environment . . . . . . . . . . . . . . . . . . . . . . . 39 Risk Scoping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Risk Tailoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Concluding Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 xi xii Contents Applying Agile Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 General Advice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 eXtreme Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Methodology Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Agile Charting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Risk Scoping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Risk Tailoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Scrum. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Methodology Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Agile Charting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Risk Scoping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Risk Tailoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Dynamic Systems Development Method . . . . . . . . . . . . . . . . . . . . . . . . 77 Methodology Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Agile Charting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Risk Scoping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Risk Tailoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Concluding Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Enterprise Agility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Scrum of Scrums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Dynamic Systems Development Method . . . . . . . . . . . . . . . . . . . . . . . . 90 Disciplined Agile Delivery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Scaled Agile Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Concluding Remarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Appendix A: Agile Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.