Roger Swannell

Tag: risk

Risk assessment by certainty of cost and value

When assessing the risks of a new piece of work the questions should be around how certain are we about the cost and value of the work. The more certain we are about the cost of a piece of work and the value of the outcomes, the lower risk of the work. This leads to prioritising more certain work over less certain, and making more uncertain work less uncertain.

Agile Risks Meetup

I went to a meetup with a group of Agile practitioners discussing Agile ways of dealing with risks. It gave me lots of interesting things to think about:

  • Get close to the customer, really understand their needs, to reduce the risk of building the wrong thing.
  • Users who are choosers give helpful feedback because they can decide not to use the solution. If not, feedback is superficial.
  • Explore possible solutions concurrently before going on to build a single solution.
  • Ignore the likelihood of the risk and focus on impact.
  • Communicate risks and issues sooner rather than waiting until they become big problems. Don’t pretend to be green if things are really amber.
  • Deal with risks as you go along rather than identifying and only intending to deal with only if they arise.
  • Risk reduction = knowledge acquisition.
  • Learning about the risky things is building business value.
  • Traditional risk management focuses on ‘known unknowns’, but misses the ‘unknown unknowns’.
  • Unknown things often get put to bottom of the list but maybe they should be dealt first.

From working with an agency to working with a freelancer

Another example of figuring out how to work in a more Agile way in a risk-averse culture.

When you’re risk-averse, finding the right agency takes months. You follow the Procurement Policy, go out to tender to get five responses, do Dun & Bradstreet assessment, negotiate the contract, and then eventually you get to work.

When you embrace the uncertainty, finding a freelance developer takes days. You message a few on LinkedIn, have an informal phone interview, pick which one can do what you need and get them started.

There’s risk in moving from building a website with a reliable agency who you can have faith will be there tomorrow and next week and next month when you need them, to using freelance developers who can move on and take their knowledge with them at any time. So, how can you manage this risk?

Embracing the uncertainty, you make decisions quickly with what information you have, you break the work into small chunks, do a few pieces of work and then decide what’s next rather than creating a plan at the beginning of the project.

Will it work? We’ll find out over the next few months.

Handling risk in an Agile way

I’ve been thinking a lot about how an organisation with such a strong tendency towards risk-aversion could become more Agile in how it deals with risks associated with projects and programmes.

For a charity, risks come in all shapes and sizes, from risks associated with spending supporters money to risks of fines from the ICO. Risks to reputation that affect public opinion and supporter’s trust are important, so the objective here isn’t to ignore the risks and be reckless, the objective is to find better ways of reducing risks where possible and handling where necessary.

 

Risk-averse decision-making

In a risk-averse culture, risks are mitigated in two ways; 1) attempt to make the risk as known as possible by getting as much information up front as possible, and 2) involve as many people as possible to use their knowledge and experience, and to spread the blame if something goes wrong.

 

Making risks known

The first step to making decision in a risk-averse culture is about getting as much information about the risks up front in an attempt to make decisions about which direction a project should go. It seems to make sense that the more information we have the better decisions we’d make, but research suggests that experienced decision makers don’t make significantly better decisions with significantly more information provided they already have good domain knowledge.

So perhaps the lessons here is that you don’t need all the information in order to make a decision, and that the experts should be the ones making the decisions.

 

Involving lots of people

In a risk-averse organisation the number of people involved in making a decision is often in double figures. But if everyone knows and everyone agrees, then no one gets the blame if something goes wrong.

But this way of spreading the risk only really fits if the risk is considered as one big risk. If the risks were considered as lots of small risks, then they could be tackled in a different way, with the right people taking responsibility for the right risks rather than everybody taking responsibility for the whole risk.

So maybe the lesson here is that risks can be dealt with better by breaking up into many smaller risks.

 

Agile controls risk by accepting uncertainty

Managing risk in an Agile way means accepting that all the information isn’t known up front, and that more information can be brought to light throughout the project by performing small tests along the way to find out what happens when the idea meets reality. This is instead of the more traditional risk management approach of identify all the risks up front, make decisions about the future direction of the project, and only find out if the idea survives contact with reality when the project goes live.

Modern Agile says to ‘Experiment and learn rapidly’. This fits. We can de-risk projects by testing small and testing early, and using the learning to make any course corrections.

Copyright © 2018 Roger Swannell

Up ↑