Agile Risk Management Approach
PRINCE2 Agile Risk Management Approach
Introduction
This document describes how to manage risk within an agile/PRINCE2 project environment.
Risk management procedure
Tools and techniques
Identify risks using the PRINCE2 Agilometer
Records
The risk register should be visible and clear for all to see and use, like this one:
Each risk should be written on a post-it note and put onto the whiteboard in it’s appropriate grid location, depending on the probability/impact assessment
Reporting
Risks will be discussed during daily standup meetings or with the project board when they visit the project room.
Timing of risk management activities
At the end of management stages, after any significant release, a re-assessment of the environment using the agilometer will help. However, risks could be identified and discussed at any time.
Roles and responsibilities
Everyone is responsible for identifying risks and everyone collectively should help the manage risks, however, some would need escalating for further help, see the risk tolerances below.
Proximity
How close a risk might happen is referred to as its proximity they can be categorised as:
Imminent - will potentially happen within a sprint,
Within the management stage,
Within the project,
Beyond the project - after release into operations
Risk responses
We can respond to risks this way:
Early warning indicators
The project manager and board could monitor the behaviours of the team and look to see if they are appropriate, and the team should monitor their own behaviours openly and honestly.
Risk tolerance
The team can manage risks that are in the purple boxes themselves.
Risks in the blue boxes should be raised and discussed with the project manager.
Risks in the yellow boxes should be discussed with the project manager and project board.
Risks in the red boxes should be discussed with corporate management.
Security risks should be raised with the cyber security team no matter where they are on the grid.
Health and safety risks should be raised to the department H&S officers.
Reputation risks should be funnelled through the communication management team.
Risk budget
Due to the low risk to delivery, a risk budget is not necessary.
Here’s some links to simple tips on how to make your project or programme office more agile (simply)