4 min read Risk

Risk management techniques with agile.

Cartoon character falling to his doom.
Don't panic everyone can manage risk - image from Midjourney v6.1

The world is a dangerous place. Whether we are crossing the street or sitting in an office cubical reviewing contracts does not matter. Everything we do contains an element of risk. Evolutionary biologists point out that humans developed intelligence because we needed to assess risk better than other animals. We do an excellent job of weighing the risks we face. A crosswalk at midnight has less traffic than one during rush hour. However, when we begin dealing with complex systems and risks distributed over those systems, humans struggle. I see this all the time in business and politics. As leaders, how do we manage risk and know when it is good to take a chance and when we should exhibit caution? Today, I want to begin my exploration of risk management.  

When you look at the research, you will see that humans are imperfect at estimation and risk management. If we were casinos, we would lose money. We can make good risk calculations for ourselves, but we begin to struggle when discussing risk distributed over hundreds of thousands of people. I suspect this is because we can see immediate threats to our safety and security, but issues outside our experiences or grasp are more obscure.

Unfortunately, contemporary business environments are complicated chains of expertise and experience, so there is no way for anyone to understand the system's operation. It also hides risks in plain sight. Eventually, you wind up with two outcomes. First, fear, uncertainty, and doubt paralyze a person or organization. Nothing gets done until there is a virtual promise of a predicted outcome. The other path is recklessness with no concern for the safety or money of others. The challenge is how to navigate those two extremes and accomplish work.

Modern risk management comes into play here. The Scaled Agile Framework, or SAFe, has one approach, and the Project Management Institute has another. Each approach is different, but it can help people identify risks.

The most important thing you can do as an agile leader is highlight that risk management is another way to increase transparency in a team. The concepts are the same, from a small UI/UX team building screens for a phone application to a monstrous enterprise building earth-moving equipment.

The most important thing to do is list the risks that come to mind when starting a project. For instance, if you are building an electric car, you can immediately put together a few risks.

  • Batteries catch fire when wet.
  • Batteries do not operate at temperatures below zero degrees Fahrenheit.
  • The quiet nature of the drive train forces pedestrians to ignore electric vehicles.
  • Hostility from gas power vehicle drivers

and so on.

Let us attempt to track the likelihood of some of these risks. According to government data, electric cars catch fire at a lower rate than internal combustion cars, with about 25 fires per 100,000 vehicles. Internal combustion care catches file at a higher rate of approximately 1,529 fires per 100,000 vehicles. The exception occurs when hurricanes, like Hurricane Ian in Florida, submerge electric cars in salt water. So, if we treat the data seriously, the likelihood of an electric vehicle fire is less than half of a percentage point. Suppose we would rate the likelihood of a vehicle fire on a scale of one to five. A reasonable faith estimate would be a one. Since a car fire is more likely with internal combustion cars, we can give it a likelihood of two. The next thing we need to do with those risks is rate the impact of a fire on a vehicle. A car fire is pretty catastrophic, so it is easy to rate the effect at four or five. Electric vehicle fires, while less likely, are more dangerous because they burn hotter with temperatures over a thousand degrees Fahrenheit and can restart due to their chemical nature. Side by side, the electric vehicle has an impact of five, while a combustion engine has an effect of four.

The next step is to multiply the impact by the likelihood.

  • Electric Car Fire = 1 * 5 = 5
  • Internal Combustion Fire = 2 * 4 = 8

Doing the math, the risk of a car fire is higher with an internal combustion engine, so it should be a higher priority for the car company to address. This simple arithmetic is often good enough for business people and employees to decide what to concentrate on. The devil, of course, is in the details. If electric cars catch fire 100% of the time when flooded with seawater, the risk jumps to the figure below.

  • Electric Car Fire from seawater = 5 * 5 = 25

It means that the company engineers should give this risk their full attention.

If you are doing risk management correctly, you should have a possible list of all the risks you can think of and then quantify the impact and likelihood of these risks. The team should periodically revise the list by adjusting the values based on experience. The Project Management Institute calls this a risk matrix, and it helps people see what things might jeopardize the project.

Often, the matrix looks like this.

Example of a risk matrix
From the following website: https://bigpicture.one/blog/project-risk-assessment-examples/

The last column shows the group of people working to address that risk. At a large company, this might be a team. On a scrum team, it might be an individual. As my new colleague Chris Luz says, "Everyone is responsible for risk," but attaching a person or team to a risk assures that an individual or group is working to address the issue.

Creating a risk matrix is a helpful tool for managing projects and teams. Next time, we will explore how SAFe deals with risk and how you can leverage both approaches.

Until next time.

 

 

Edward J Wisniowski

Edward J Wisniowski

Ed Wisniowski is a software development veteran. He specializes in improving organization product ownership, helping developers become better artisans, and attempting to scale agile in organizations.
Sugar Grove, IL