Managing risk on an Agile project. My favourite way to do this is by way of using the burndown chart. In just the same way that we monitor development using the burndown chart we can also use it for monitoring risk.
Here’s how. Most teams rate there risks according to impact and likelihood of occurrence. You must continue to do this. For example I do the following:-
1.) Rate the risk in terms of impact should it occur (impact): 1 = Negligible, 2 = Minor, 3 = Moderate, 4 = Serious, 5 = Disastrous
2.) Rate the risk in terms of likelihood of occurrence (probability): 1 = Very unlikely, 2 = Fairly likely, 3 = 50/50 chance, 4 = Fairly likely, 5 = Almost certain.
3.) Now calculate the risk exposure for each risk: risk exposure = impact x probability.
4.) Sum the risk exposures for all your risks.
5.) Plot this on a line graph (Y axis = Exposure, X axis = Time).
Ok now we are ready to start managing our risks during the project. As the team starts implementing, the “fog of war” begins to get pushed back as we learn more and more. At the end of each sprint the team reviews the risks and changes their ratings if needed. I do this in the retrospective meeting.
If the risk exposure is not burning down then this is your cue to do something about it. E.g. dedicate the next two sprints to mitigating risk. You can take your burndown chart and risk log with you when meeting the stakeholders – this helps them understand the need to dedicate time to it.