According to the new PMI-RMP Exam content outline that was published in April, 2022, predictive, agile, and hybrid approaches will be found throughout the five PMI-RMP Exam domain areas and are not isolated to any particular domain or task. Also, the second task of the first domain in the PMI-RMP Exam content outline, is about assessing project environment for threats and opportunities, which includes determining which OPA / EEF / project methodology is needed (e.g., agile, waterfall, hybrid, etc.). Based on this information, while you are preparing for the PMP® Certification Exam, or PMI-RMP® Certification Exam, you need to consider the practices, tools, and techniques used in managing risks within an Agile environment.
Risk is anti-value, therefore, managing risk is critical for value-driven delivery. As a result, agile teams need to balance the goals of delivering business value and reducing risk each time they select a new batch of features or stories to work on. As the project continues, the team will also need to continually assess the severity of the project threats and monitor their overall project risk profile. Agile teams manage threats and issues, by examining three tools – the risk adjusted backlog, risk severity, and risk burndown graphs. Bear in mind that in agile, “risk” generally refers to threats and issues that could negatively impact the project. As opposed to the PMBOK Guide definition, which include positive risks, or “opportunities”.
1. Risk-Adjusted Backlog
In planning each iteration, agile teams seek to balance delivering the highest-value features and mitigating the biggest risks that remain on the project. They do this by moving the items which the greatest value and risk to the top of their backlog. The backlog might start out as just a list of the business features involved in the project, divided into practical bundles of work – but once the risk response activities are added and prioritized (based on their anti-value), it can be referred to as a “risk-adjusted backlog”. This list will help agile team to focus on both value delivery and risk reduction activities. Most project teams are comfortable with ranking customer requirements on the basis of business value and risk level.
Agile teams will start building the risk-adjusted backlog by using the return on investment per feature. After business representatives have attributed a dollar value to each of the product features, we can prioritize those features based on business value. Here is an example of a product backlog features prioritized as per the value.
Next, we need some way to monetize the risk avoidance and risk mitigation activities. To get this figure, we can calculate the expected monetary value of each risk by multiplying the risk probability (%) by the risk potential impact ($).
After prioritizing the backlog items with the risks, you can have the risk adjusted backlog shown below.
2. Risk Severity
Risks are generally assessed via two measures – risk probability (a measure of how likely a risk is to occur) and risk impact (a measure of the consequences to the project should the risk actually occur). Agile teams need to continue to monitor risks and track the effectiveness of their risk reduction efforts. There is a drawback to using EMV. It can be tempting to focus too much on the exact dollar amounts rather than the relative value of the risks. To help us avoid the problem, there is another metric we can use to rank risks and determine risk response priorities – risk severity. To calculate Risk Severity, instead of using risk’s probability percentage and dollar impact, we instead rank its probability and impact on a simple scale – such as low (1), medium (2), high (3). Then we multiply those probability and impact rankings to calculate the risk severity. Risk Severity = Risk Impact * Risk Probability.
For example, let’s say we decide to rank the probability and impact of our risks on a three-point scale, as low (1), medium (2), or high (3). Using this scale, a risk that has a high probability and a high impact will have a risk severity of 3*3=9. On the other hand, a risk that has high probability and low impact will have a risk severity of 3*1=3. We start by doing an analysis of the risks so that we can assign a probability and impact score to each one. Then we use those scores to calculate the severity of each risk. As the project progresses, the team can expand the initial analysis to record how their attempts to manage the project risks are working. The next chart shows the progress of the risks over the first four months of the project.
During these four months, many of the project risks were mitigated or avoided. For example, the first risk ended up not being a problem and risk severity went from 6 to 0.
3. Risk Burndown Charts
Due to the long lists of risks identified, and to make the data easier to grasp at a glance, we can convert numbers into a risk burndown graph. Risk burndown graphs are essentially staked area graphs of cumulative project risk severity. The severity scores for each risk are plotted one on top of another to show the project’s cumulative severity profile.
When risks and their history of severity are displayed in this format, it is much easier to interpret the overall risk status and trends of the project. Risk burndown graphs quickly inform stakeholders whether the risks are moving in the right direction (downward), or if they are escalating. Although project risk is not a core metric like features delivered, it is useful to track. Agile teams need to actively control their risks, since the effectiveness of their risk reduction efforts ultimately impacts whether they successfully maximizing value.
These are the three tools and techniques that you can heavily rely on while you are managing threats in an agile environment. You should expect 3-5 questions in the PMI-RMP Exam about the mentioned above tools and techniques. If you are preparing for the PMI-RMP Certification Exam, we highly recommend you check our PMI-RMP Exam Preparation workshop: 30 Contact Hours for PMI through the link here.
.jpg)
.jpg)
.jpg)
