Discussion:
[SCRUMDEVELOPMENT] Scrum Master and Risk Management
hennadii.omelchenko@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 19:51:14 UTC
Permalink
Hi,


Recently I've been told that a really good scrum master among other things should be responsible for Risk Management. So far I haven't been able to get an answer on what exactly Risk Management meant there (other than, well, you know what risk management is, don't you).


Scrum Guide doesn't say much about risks generally. That is my question is: should SM be responsible for risk management, and what that meant in the context of Scrum?
Adam Sroka adam.sroka@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 20:45:20 UTC
Permalink
The whole point of having a process in place is to manage risk. In Scrum
the whole team has some responsibility for this, but the SM is often the
mediator/facilitator of process discussions (e.g. retrospectives) so he/she
has some special responsibility in a sense.

Everything we do in Scrum, from iterating in short sprints, to having daily
scrum meetings, to holding demo and retrospective meetings, etc. are about
managing risks inherent in software development (primarily that you will
build something customers can't or won't want to use.) Hopefully, your team
is also doing things to manage technical risk such as Test-Driven
Development, Continuous Integration, and Pair Programming.
Post by ***@gmail.com [SCRUMDEVELOPMENT]
Hi,
Recently I've been told that a really good scrum master among other things
should be responsible for Risk Management. So far I haven't been able to
get an answer on what exactly Risk Management meant there (other than,
well, you know what risk management is, don't you).
Scrum Guide doesn't say much about risks generally. That is my question
is: should SM be responsible for risk management, and what that meant in
the context of Scrum?
hennadii.omelchenko@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 20:53:32 UTC
Permalink
Adam,

Thanks for you answer. I more or less understand how Scrum is supposed to manage risks inherent to software development.


My question is rather about SM role specifically: what risks can (or should) be managing a SM?


Product scope (not PO)? Schedule (not development team)? Releases (again, not PO)? Don't know what else can be in that list.
Adam Sroka adam.sroka@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 21:32:54 UTC
Permalink
Post by ***@gmail.com [SCRUMDEVELOPMENT]
Adam,
Thanks for you answer. I more or less understand how Scrum is supposed to
manage risks inherent to software development.
You're welcome :-)
Post by ***@gmail.com [SCRUMDEVELOPMENT]
My question is rather about SM role specifically: what risks can (or
should) be managing a SM?
The usual process of the SM removing obstacles is one way he/she
systematically manages risk. Capturing risks that are identified during the
retro and following up as needed is also something that I encourage SMs to
do systematically.

Otherwise, having an agreed upon process and following it is the main way
we manage risk and is the responsibility of the whole team including the SM
(In fact, firms that audit risk are mostly looking for that: do you know
what your process is? and are you following it?) However, the SM is often
seen as a mediator when the process seems to fail (although if there is a
coach this is likely where he/she would step in.)
Adam Sroka adam.sroka@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 20:56:31 UTC
Permalink
P.S. you can find a lot of information on the discipline of risk management
online, but it is very jargony and mostly not that interesting. Risks are
just things that might prevent you from being successful, and managing them
means knowing and keeping track of what they are and having feedback
mechanisms in place to detect and mitigate or avoid them.
Post by ***@gmail.com [SCRUMDEVELOPMENT]
Hi,
Recently I've been told that a really good scrum master among other things
should be responsible for Risk Management. So far I haven't been able to
get an answer on what exactly Risk Management meant there (other than,
well, you know what risk management is, don't you).
Scrum Guide doesn't say much about risks generally. That is my question
is: should SM be responsible for risk management, and what that meant in
the context of Scrum?
Tim Wright tim@tfwright.co.nz [SCRUMDEVELOPMENT]
2015-04-24 21:05:59 UTC
Permalink
It also depends on the type of risk. Generally there are two types of risk
in any project: delivery and delivered. Delivery risks (risks to delivering

the product) can usually be managed by the team or the scrum master can try
to deal with them like they do other obstacles (because they're just
potential obstacles that are not in control of the team). Delivered risks
are risks to the business after the project is in production (fraud, etc).
I believe that these are the responsibility of the product owner to
manage/mitigate/monitor.


Tim
Post by Adam Sroka ***@gmail.com [SCRUMDEVELOPMENT]
P.S. you can find a lot of information on the discipline of risk
management online, but it is very jargony and mostly not that interesting.
Risks are just things that might prevent you from being successful, and
managing them means knowing and keeping track of what they are and having
feedback mechanisms in place to detect and mitigate or avoid them.
Post by ***@gmail.com [SCRUMDEVELOPMENT]
Hi,
Recently I've been told that a really good scrum master among other
things should be responsible for Risk Management. So far I haven't been
able to get an answer on what exactly Risk Management meant there (other
than, well, you know what risk management is, don't you).
Scrum Guide doesn't say much about risks generally. That is my question
is: should SM be responsible for risk management, and what that meant in
the context of Scrum?
--
Tim
021 251 5593
http://www.linkedin.com/in/drtimwright
Adam Sroka adam.sroka@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 22:00:37 UTC
Permalink
That's a good point. Sometimes that is also the responsibility of the team
if it is maintaining a product that has grown very complex or in a startup
environment where "ops" and "dev" are not differentiated (or both.) But
often, especially in larger companies, these types of risks are managed
separately.
Post by Tim Wright ***@tfwright.co.nz [SCRUMDEVELOPMENT]
It also depends on the type of risk. Generally there are two types of risk
in any project: delivery and delivered. Delivery risks (risks to delivering
the product) can usually be managed by the team or the scrum master can try
to deal with them like they do other obstacles (because they're just
potential obstacles that are not in control of the team). Delivered risks
are risks to the business after the project is in production (fraud, etc).
I believe that these are the responsibility of the product owner to
manage/mitigate/monitor.
Tim
Post by Adam Sroka ***@gmail.com [SCRUMDEVELOPMENT]
P.S. you can find a lot of information on the discipline of risk
management online, but it is very jargony and mostly not that interesting.
Risks are just things that might prevent you from being successful, and
managing them means knowing and keeping track of what they are and having
feedback mechanisms in place to detect and mitigate or avoid them.
Post by ***@gmail.com [SCRUMDEVELOPMENT]
Hi,
Recently I've been told that a really good scrum master among other
things should be responsible for Risk Management. So far I haven't been
able to get an answer on what exactly Risk Management meant there (other
than, well, you know what risk management is, don't you).
Scrum Guide doesn't say much about risks generally. That is my question
is: should SM be responsible for risk management, and what that meant in
the context of Scrum?
--
Tim
021 251 5593
http://www.linkedin.com/in/drtimwright
steve@ootac.com [SCRUMDEVELOPMENT]
2015-04-24 21:55:08 UTC
Permalink
Hi


Risks and issues still exist and need to be 'managed' by someone - in my world it is the Scrum Master or Agile Project Manager. In fact that takes up most of their time.


The only Agile Framework that I know of that addresses risk 'adequately' is DSDM.


They have a Project Approach Questionaire (PAQ) which used to be called the Project Risk List; see it at:


Appendix B project Approach Questionnaire (PAQ) | DSDM CONSORTiUM http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq.




http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq

Appendix B project Approach Questionnaire (PAQ) | DS... http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq


View on www.dsdm.org http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq
Preview by Yahoo




There is also a new pocketbook at:


Agile Risk Management and DSDM | DSDM CONSORTiUM http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm



http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm

Agile Risk Management and DSDM | DSDM CONSOR... http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm We are delighted to announce the publication of this new pocketbook written by Dr. Alan Moran of the Agile Risk Management Institute. To quote from ...



View on www.dsdm.org http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm
Preview by Yahoo






Just replace 'DSDM' with Scrum, Kanban etc; the points are valid for all Agile Frameworks including bespoke ones


I just add the PAQ to the project risk log and 'crunch the numbers' just like any other 'normal' risks; some 'normal' risks disappear because you are Agile, in fact some Agile and normal risks contradict each other ie in Waterfall it is a risk NOT to have a detailed requirements spec 'upfront', whereas in Agile, it is a specific risk to have a detailed spec.


The risk log/PAQ MUST be looked at by the Dev Team, SM and PO every Sprint Planning event to remind themselves of changes in risks discovered and any that may become issues during the Sprint and plan accordingly.


Who should be responsible? Well the Dev Team have the joint responsibility but they should be getting on with the development; the PO usually will not have the skills or time; so that leaves the SM who as 'servant leader' is best placed to do the risk mangement.


Hope this helps


Steve
Adam Sroka adam.sroka@gmail.com [SCRUMDEVELOPMENT]
2015-04-24 22:04:44 UTC
Permalink
Yeah, you can certainly add another framework to Scrum for this kind of
stuff if you need to to suit your context. However, a small team that is
actively identifying and removing impediments is probably doing all of the
risk management that it needs to.
Post by ***@ootac.com [SCRUMDEVELOPMENT]
Hi
Risks and issues still exist and need to be 'managed' by someone - in my
world it is the Scrum Master or Agile Project Manager. In fact that takes
up most of their time.
The only Agile Framework that I know of that addresses risk 'adequately' is DSDM.
They have a Project Approach Questionaire (PAQ) which used to be called
Appendix B project Approach Questionnaire (PAQ) | DSDM CONSORTiUM
<http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq>
.
[image: image]
<http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq>
Appendix B project Approach Questionnaire (PAQ) | DS...
<http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq>
View on www.dsdm.org
<http://www.dsdm.org/dig-deeper/book/appendix-b-project-approach-questionnaire-paq>
Preview by Yahoo
Agile Risk Management and DSDM | DSDM CONSORTiUM
<http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm>
[image: image]
<http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm>
Agile Risk Management and DSDM | DSDM CONSOR...
<http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm>
We are delighted to announce the publication of this new pocketbook
written by Dr. Alan Moran of the Agile Risk Management Institute. To quote
from ...
View on www.dsdm.org
<http://www.dsdm.org/dig-deeper/news/agile-risk-management-and-dsdm>
Preview by Yahoo
Just replace 'DSDM' with Scrum, Kanban etc; the points are valid for all
Agile Frameworks including bespoke ones
I just add the PAQ to the project risk log and 'crunch the numbers' just
like any other 'normal' risks; some 'normal' risks disappear because you
are Agile, in fact some Agile and normal risks contradict each other ie in
Waterfall it is a risk NOT to have a detailed requirements spec 'upfront',
whereas in Agile, it is a specific risk to have a detailed spec.
The risk log/PAQ MUST be looked at by the Dev Team, SM and PO every Sprint
Planning event to remind themselves of changes in risks discovered and any
that may become issues during the Sprint and plan accordingly.
Who should be responsible? Well the Dev Team have the joint
responsibility but they should be getting on with the development; the PO
usually will not have the skills or time; so that leaves the SM who as
'servant leader' is best placed to do the risk mangement.
Hope this helps
Steve
Continue reading on narkive:
Loading...