As organizations adopt agile, it is typical (and often necessary) to go through an extended “hybrid” phase, where agile coexists with traditional waterfall or project-based delivery. This period of transition presents a great opportunity for organizations to reexamine their approach to risk and issue management.
The shift to agile, particularly in a regulatory context, demands a more dynamic, responsive approach to managing risks and issues. Traditional methods, while structured, may not fully align with the agility and flexibility required in a fast-paced agile environment. In addition, foundational challenges start to emerge. Where in the traditional world we would simply manage risk against a project, in the new world we must adjust our framework to encapsulate risk that should be managed at the Value Stream, ART and Epic level.
This blog serves as a guide to some of the best practice and key points to consider when designing a risk management framework that is fit for purpose in these circumstances, whether you’re fully agile, still in the waterfall world, or navigating the hybrid in-between.
Balance data quality and quantity
In the pursuit of comprehensive risk management, there is a common misconception that more data equals more insight. However, there is an inverse correlation between the volume of data a organization seeks to collect, and its quality, especially where that data collection requires manual human effort.
Seeking the “goldilocks” balance is key. The balance between not enough information to effectively manage the organization’s risk profile, and seeking so much data that the quality of your data is too poor to use.
The chart below illustrates this relationship.
“there is a common misconception that more data equals more insight”
Ongoing monitoring and alerting of stale risks
Risk management can quickly become a “wood for the trees” problem. One easy tactic to avoid this is to track stale risks. These are risks that have not been reviewed or updated within a specific timeframe (e.g. 30 days). Automated alerts that identify risks that are going stale provides a quick easy method for teams to keep risk logs contemporary.
Contextual Risk Tracking
Ensuring that the framework (and tooling) you use to manage risks and issues captures the context in which the risk or issue exists will help to streamline your risk oversight controls.
In the traditional world, this is straightforward. Risks and issues are raised and managed against projects.
However, in an agile environment, teams should be able to raise risks against a Value Stream, an ART or an Epic. Where the risk has been raised against the ART, it should be visible at the Value Stream level, as well as on the ART. Where a risk has been raised against an Epic, it should be visible at the Epic level, against the ART that owns the Epic, and against the Value Stream to which it is aligned as well.
Core "Manual" Fields
Manual fields describe the data that teams must manually maintain on an ongoing basis. These are the fields that are most affected by the law of inverse data quality to quantity described further above.
Therefore its important to focus on the data you must capture, rather than the data you would like to capture.
Additional "Meta Data"
Meta data should be captured passively by your tooling. This means that teams should not be wasting time maintaining this data. It should be automatically maintained in the background.
Effective risk and issue management requires balancing detail with agility, embracing the right technological tools, and adapting practices to fit the project context. By focusing on essential data, automating routine tasks, and maintaining an up-to-date risk landscape, organizations can navigate the complexities of project and agile initiative delivery with confidence.
