SlideShare una empresa de Scribd logo

Agile risk management in regulated industry

Descargar como PPTX, PDF
M
Mads Hermann

This presentation look into how to implement Agile risk management in a highly regulated industry. The presentation focus not only on project risk, but also compliance, legal and reputational risks.

Liderazgo y gestión
1 de 32
Agile Risk Management
Agile Risk Management in Largest Nordic bank Executive Summary - Complete digital transformation program - More than 680 employees working on project - 100 M EUR + project Challenge How do you implement Agile Management and still manage risk in a highly regulated industry? Solution - Implementation of risk log - Implementation of Agile risk management process -Implementation of pre release check points Result -Clear overview and prioritization of risks - All releases are compliance tested before release
What is Agile Risk Management? • How does Agile Risk Management reduce risk? • How do you incorporate Agile Risk management into a highly regulated industry? • What tools can you use on a day to day basis to manage your risk?
Content  Background  How does Agile development reduce risk?  Key points from Agile Risk management transformation  Key learning points
How does Agile reduces risk?
Traditional Risk Management  Agile Risk management
Agile Risk Mangement Transformation Strategy Process Organisation & People Tools & applications  Agile Risk mgt is proactive, not reactive
Align Strategy Strategy Process Organisation & People Tools and applications 9 •  Align with Executive mgt  Create backlog  Use KANBAN to prioritize
Align Process Strategy Process Organisation & People Tools & applications 10 •  Find trigger to Agile risk processes (PI, Release etc) “follow the agile beat”
Align Organisation & People Risk train Teams 2nd LoD 11 • Strategy Process Organisation & People Tools & applications  Create a Risk Train to align methodology  Define who is risk owner  Align metric & reporting
Align Tools & applications 12 • Strategy Process Organisation & People Tools & applications EA Agile Risk mgt  Have a (integrated) risk tool
Agile SAFe  http://www.scaledagileframework.com/#
Structure and backlog
How to build a backlog
Key learning points  Agile Risk Mgt team should have a mandate and be proactive  Follow the “Agile beat”  Make a “Agile Risk mgt Train”  Find the Agile trigger for risk process  Have a backlog  Use a public KANBAN board  Work in the same Agile tool  Define clear ownership of risks and mitigation actions
What is Agile Risk Management? • How does Agile Risk Management reduce risk? • How do you incorporate Agile Risk management into a highly regulated industry? • What tools can you use on a day to day basis to manage your risk?
Core process Risks • Project risk • Strategic risk • Compliance risk • Legal risk • Business risks • Technical risk Agile risk management • Set Risk appetite • Identify risks • Analyse and report risks • Find mitigation actions Mitigated risks • Mitigated • Accepted • Closed
How to set risk appetite in Agile  Risk appetite is set by the organization and should be SMART Risk Open Risk Closed
How to identify risks in Agile? Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings
How to identify risks in Agile? Top Down Risk identification Scenario risk assessment Business risk assessment Compliance risk assessment
How to identify risks in Agile? - Daily Scrum Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “Daily stand up meeting”  Duration: 0,5 - 1 hour  Participants:  Scrum master  Developers  Sometimes architect, business and PO  Scope is to identify:  Impediments (something that is slowing you down)  Dependencies (Something that you are dependent on to move forward)  Blockers (Roadblocks that makes it impossible for you to to move on)  Risks (Things that you believe that impact the project negatively in future) Identify • Make MOM • Confirm with RTE and SM Analyse & Report • Introduce in Risklog and Jira • Evaluate risk picture Mitigate • Close follow up with risk owner • Follow up in Jira Risk management process
How to identify risks in Agile? - Product Owner meeting Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “PO meeting”  Duration: 1 hour  Participants:  Product owners  Sometimes architect and business  Scope is to identify:  Understand specifications  Align features with business Identify • Make MOM • Confirm with Product mgt and PO Analyse & Report • Check if feature is in conflict with compliance • Evaluate risk picture Mitigate • Escalade to compliance (2nd LoD) if needed Risk management process
How to identify risks in Agile? - Pre-release risk assessment Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: NA  Duration: 1- 2 hours (at least 3 weeks before release)  Participants:  2nd LoD (Business, compliance, legal, risk)  1st LoD  RTE (Should be able to invite)  Product manager  Product owners  Sometimes architect  Scope is to identify:  Get a risk overview where all aspects are evaluated.  All potential risks related to the release Identify • Introduce main new features • Structure session according to technical, legal and business risk to identify risk Analyse & Report • Look for critical risks and evaluate the impact. • Share with all who attended and mgt. Mitigate • Ensure mitigation or risk acceptance of critical risks before release Risk management process
How to identify risks in Agile? - Planning event Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “PI”  Duration: 1-3 days  Participants:  All teams at all level  Scope:  Align planning between teams  Identify Dependencies  Identify Risks  Vote of confidence Identify • Risk boards • Walk the boards with mgt. • Be proactive and have questions ready Analyse & Report • Collect ALL risks • Use categorization to get an overview Mitigate • Issues and Risk should mainly be solved in the PI • Make conclusions if possible. Risk management process
How to analyse risks Agile?  Two risk logs  General risk log (see example)  Risk that can kill you (see example)  Use 4 categories to evaluate risks  Financial impact  Reputational impact  Process impact  Legal impact  Use algorithm to see what the SUM of less critical risks
How to share analysis in Agile?  Weekly report (see example)  Monthly report (see example)
How to set mitigation actions in Agile?  Set mitigation strategy during the risk identification  Set a deadline  Set a owner (only one)  Make integrated alerts  Consider risk mitigation tool
Example of dashboard
Roadmap 31 Highlighting the current PI commits, PI forecast and subsequent prioritised backlog • One liner Prioritised backlogPI n • One liner Committed Forecast PI n+1 • One liner • One liner ------- Stretch objectives ------- • One liner PI n+2 • One liner Release Milestone Stopper Release example Milestone example Stopper example
Logs 32 Main actions, risks and dependencies in release train Action Action and impact description Status Raised date Due date Owner Impacting Supplier Supplier delivery Required date Status Owner sadfadsf Risk/Issue Risk/Issue description and mitigating action Criticality Update date Owner sadfadsf

Recomendados

Enterprise Risk Management for Projects, Programs and Portfolios: A Primer
Enterprise Risk Management for Projects, Programs and Portfolios: A PrimerEnterprise Risk Management for Projects, Programs and Portfolios: A Primer
Enterprise Risk Management for Projects, Programs and Portfolios: A Primer
Seshadri Venkataraman
 
Database Project management
Database Project managementDatabase Project management
Database Project management
Amin Chowdhury
 
process groups and knowledge areas
process groups and knowledge areasprocess groups and knowledge areas
process groups and knowledge areas
Universitas Bina Darma Palembang
 
Project management
Project managementProject management
Project management
Atul Shetty
 
Project Management
Project ManagementProject Management
Project Management
Saikat Ghosh
 
Ancora 6Sigma - 3. la metodologia DMAIC
Ancora 6Sigma - 3. la metodologia DMAICAncora 6Sigma - 3. la metodologia DMAIC
Ancora 6Sigma - 3. la metodologia DMAIC
Manager.it
 
Introduction to project management
Introduction to project managementIntroduction to project management
Introduction to project management
Stefan Csosz
 
Project Management in 12 Slides
Project Management in 12 SlidesProject Management in 12 Slides
Project Management in 12 Slides
Pam Pauley
 

Recomendados

Enterprise Risk Management for Projects, Programs and Portfolios: A Primer
Enterprise Risk Management for Projects, Programs and Portfolios: A PrimerEnterprise Risk Management for Projects, Programs and Portfolios: A Primer
Enterprise Risk Management for Projects, Programs and Portfolios: A Primer
Seshadri Venkataraman
 
Database Project management
Database Project managementDatabase Project management
Database Project management
Amin Chowdhury
 
process groups and knowledge areas
process groups and knowledge areasprocess groups and knowledge areas
process groups and knowledge areas
Universitas Bina Darma Palembang
 
Project management
Project managementProject management
Project management
Atul Shetty
 
Project Management
Project ManagementProject Management
Project Management
Saikat Ghosh
 
Ancora 6Sigma - 3. la metodologia DMAIC
Ancora 6Sigma - 3. la metodologia DMAICAncora 6Sigma - 3. la metodologia DMAIC
Ancora 6Sigma - 3. la metodologia DMAIC
Manager.it
 
Introduction to project management
Introduction to project managementIntroduction to project management
Introduction to project management
Stefan Csosz
 
Project Management in 12 Slides
Project Management in 12 SlidesProject Management in 12 Slides
Project Management in 12 Slides
Pam Pauley
 
How To Manage and Mitigate Risk in Medical Device New Product Development
How To Manage and Mitigate Risk in Medical Device New Product DevelopmentHow To Manage and Mitigate Risk in Medical Device New Product Development
How To Manage and Mitigate Risk in Medical Device New Product Development
Greenlight Guru
 
Topic 1 - Risk Auditing 1-17.pdf
Topic 1 - Risk Auditing 1-17.pdfTopic 1 - Risk Auditing 1-17.pdf
Topic 1 - Risk Auditing 1-17.pdf
Javier138365
 
Presentation qrm shc
Presentation qrm shcPresentation qrm shc
Presentation qrm shc
Peter Schellinck
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best Practices
PMILebanonChapter
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Praneet Surti
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdf
HimanshuMishra203021
 
ISO 31000.pdf
ISO 31000.pdfISO 31000.pdf
ISO 31000.pdf
ssuser840a78
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
Rohit Chawda
 
Adaptive RiskPro
Adaptive RiskProAdaptive RiskPro
Adaptive RiskPro
LN Mishra CBAP
 
Project risk management
Project risk managementProject risk management
Project risk management
Dewang Agrawal
 
Dealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand AgileDealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand Agile
TechWell
 
Agile-Risk-Management in Project Management
Agile-Risk-Management in Project ManagementAgile-Risk-Management in Project Management
Agile-Risk-Management in Project Management
Najmul Hussain
 
PECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk AssessmentPECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk Assessment
PECB
 
All About PMI - RMP Certification
All About PMI - RMP CertificationAll About PMI - RMP Certification
All About PMI - RMP Certification
passyourcert
 
Software testing - Risk management
Software testing - Risk managementSoftware testing - Risk management
Software testing - Risk management
PractiTest
 
A Guide to Risk Management
A Guide to Risk ManagementA Guide to Risk Management
A Guide to Risk Management
ProjectCon
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
Infosys
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Risk Management Institution of Australasia
 
Managing Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t MagicManaging Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t Magic
TechWell
 
Six sigma
Six sigmaSix sigma
Six sigma
Jitesh Gaurav
 
Deltagerbevis mads hermann
Deltagerbevis mads hermannDeltagerbevis mads hermann
Deltagerbevis mads hermann
Mads Hermann
 
Big Data - Black Belt - Customer experience Analysis
Big Data - Black Belt - Customer experience AnalysisBig Data - Black Belt - Customer experience Analysis
Big Data - Black Belt - Customer experience Analysis
Mads Hermann
 

Más contenido relacionado

Similar a Agile risk management in regulated industry

RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
Rohit Chawda
 
Dealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand AgileDealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand Agile
TechWell
 
Agile-Risk-Management in Project Management
Agile-Risk-Management in Project ManagementAgile-Risk-Management in Project Management
Agile-Risk-Management in Project Management
Najmul Hussain
 
A Guide to Risk Management
A Guide to Risk ManagementA Guide to Risk Management
A Guide to Risk Management
ProjectCon
 
Managing Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t MagicManaging Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t Magic
TechWell
 

Similar a Agile risk management in regulated industry (20)

How To Manage and Mitigate Risk in Medical Device New Product Development
How To Manage and Mitigate Risk in Medical Device New Product DevelopmentHow To Manage and Mitigate Risk in Medical Device New Product Development
How To Manage and Mitigate Risk in Medical Device New Product Development
 
Topic 1 - Risk Auditing 1-17.pdf
Topic 1 - Risk Auditing 1-17.pdfTopic 1 - Risk Auditing 1-17.pdf
Topic 1 - Risk Auditing 1-17.pdf
 
Presentation qrm shc
Presentation qrm shcPresentation qrm shc
Presentation qrm shc
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best Practices
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdf
 
ISO 31000.pdf
ISO 31000.pdfISO 31000.pdf
ISO 31000.pdf
 
RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016RiskIndia.com-Profile-01072016
RiskIndia.com-Profile-01072016
 
Adaptive RiskPro
Adaptive RiskProAdaptive RiskPro
Adaptive RiskPro
 
Project risk management
Project risk managementProject risk management
Project risk management
 
Dealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand AgileDealing with Auditors: Helping Them Understand Agile
Dealing with Auditors: Helping Them Understand Agile
 
Agile-Risk-Management in Project Management
Agile-Risk-Management in Project ManagementAgile-Risk-Management in Project Management
Agile-Risk-Management in Project Management
 
PECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk AssessmentPECB Webinar: QMS Risk Assessment
PECB Webinar: QMS Risk Assessment
 
All About PMI - RMP Certification
All About PMI - RMP CertificationAll About PMI - RMP Certification
All About PMI - RMP Certification
 
Software testing - Risk management
Software testing - Risk managementSoftware testing - Risk management
Software testing - Risk management
 
A Guide to Risk Management
A Guide to Risk ManagementA Guide to Risk Management
A Guide to Risk Management
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Managing Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t MagicManaging Risk in Agile Development: It Isn’t Magic
Managing Risk in Agile Development: It Isn’t Magic
 
Six sigma
Six sigmaSix sigma
Six sigma
 

Más de Mads Hermann

recommendation from CUHK
recommendation from CUHKrecommendation from CUHK
recommendation from CUHK
Mads Hermann
 
Recommendation from Stanford University
Recommendation from Stanford UniversityRecommendation from Stanford University
Recommendation from Stanford University
Mads Hermann
 

Más de Mads Hermann (6)

Deltagerbevis mads hermann
Deltagerbevis mads hermannDeltagerbevis mads hermann
Deltagerbevis mads hermann
 
Big Data - Black Belt - Customer experience Analysis
Big Data - Black Belt - Customer experience AnalysisBig Data - Black Belt - Customer experience Analysis
Big Data - Black Belt - Customer experience Analysis
 
Net Promoter Score presentation
Net Promoter Score presentation Net Promoter Score presentation
Net Promoter Score presentation
 
Agile Risk Management Case
Agile Risk Management Case Agile Risk Management Case
Agile Risk Management Case
 
recommendation from CUHK
recommendation from CUHKrecommendation from CUHK
recommendation from CUHK
 
Recommendation from Stanford University
Recommendation from Stanford UniversityRecommendation from Stanford University
Recommendation from Stanford University
 

Último

Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
Nimot Muili
 
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelGautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Nitya salvi
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Riyadh +966572737505 get cytotec
 
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalW.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
William (Bill) H. Bender, FCSI
 
internship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamrainternship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamra
AllTops
 
The Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownThe Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard Brown
SandaliGurusinghe2
 
How Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxHow Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptx
Aaron Stannard
 

Último (14)

Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot ModelGautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Gautam Buddh Nagar Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime SiliguriSiliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
Siliguri Escorts Service Girl ^ 9332606886, WhatsApp Anytime Siliguri
 
Information Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docxInformation Technology Project Management, Revised 7th edition test bank.docx
Information Technology Project Management, Revised 7th edition test bank.docx
 
Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.Persuasive and Communication is the art of negotiation.
Persuasive and Communication is the art of negotiation.
 
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professionalW.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
W.H.Bender Quote 62 - Always strive to be a Hospitality Service professional
 
digital Human resource management presentation.pdf
digital Human resource management presentation.pdfdigital Human resource management presentation.pdf
digital Human resource management presentation.pdf
 
internship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamrainternship thesis pakistan aeronautical complex kamra
internship thesis pakistan aeronautical complex kamra
 
The Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard BrownThe Psychology Of Motivation - Richard Brown
The Psychology Of Motivation - Richard Brown
 
How Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptxHow Software Developers Destroy Business Value.pptx
How Software Developers Destroy Business Value.pptx
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
Marketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docxMarketing Management 16th edition by Philip Kotler test bank.docx
Marketing Management 16th edition by Philip Kotler test bank.docx
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 

Agile risk management in regulated industry

  • 2. Agile Risk Management in Largest Nordic bank Executive Summary - Complete digital transformation program - More than 680 employees working on project - 100 M EUR + project Challenge How do you implement Agile Management and still manage risk in a highly regulated industry? Solution - Implementation of risk log - Implementation of Agile risk management process -Implementation of pre release check points Result -Clear overview and prioritization of risks - All releases are compliance tested before release
  • 3. What is Agile Risk Management? • How does Agile Risk Management reduce risk? • How do you incorporate Agile Risk management into a highly regulated industry? • What tools can you use on a day to day basis to manage your risk?
  • 4. Content  Background  How does Agile development reduce risk?  Key points from Agile Risk management transformation  Key learning points
  • 5. How does Agile reduces risk?
  • 6.
  • 7. Traditional Risk Management  Agile Risk management
  • 8. Agile Risk Mangement Transformation Strategy Process Organisation & People Tools & applications  Agile Risk mgt is proactive, not reactive
  • 9. Align Strategy Strategy Process Organisation & People Tools and applications 9 •  Align with Executive mgt  Create backlog  Use KANBAN to prioritize
  • 10. Align Process Strategy Process Organisation & People Tools & applications 10 •  Find trigger to Agile risk processes (PI, Release etc) “follow the agile beat”
  • 11. Align Organisation & People Risk train Teams 2nd LoD 11 • Strategy Process Organisation & People Tools & applications  Create a Risk Train to align methodology  Define who is risk owner  Align metric & reporting
  • 12. Align Tools & applications 12 • Strategy Process Organisation & People Tools & applications EA Agile Risk mgt  Have a (integrated) risk tool
  • 15.
  • 16. How to build a backlog
  • 17. Key learning points  Agile Risk Mgt team should have a mandate and be proactive  Follow the “Agile beat”  Make a “Agile Risk mgt Train”  Find the Agile trigger for risk process  Have a backlog  Use a public KANBAN board  Work in the same Agile tool  Define clear ownership of risks and mitigation actions
  • 18. What is Agile Risk Management? • How does Agile Risk Management reduce risk? • How do you incorporate Agile Risk management into a highly regulated industry? • What tools can you use on a day to day basis to manage your risk?
  • 19. Core process Risks • Project risk • Strategic risk • Compliance risk • Legal risk • Business risks • Technical risk Agile risk management • Set Risk appetite • Identify risks • Analyse and report risks • Find mitigation actions Mitigated risks • Mitigated • Accepted • Closed
  • 20. How to set risk appetite in Agile  Risk appetite is set by the organization and should be SMART Risk Open Risk Closed
  • 21. How to identify risks in Agile? Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings
  • 22. How to identify risks in Agile? Top Down Risk identification Scenario risk assessment Business risk assessment Compliance risk assessment
  • 23. How to identify risks in Agile? - Daily Scrum Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “Daily stand up meeting”  Duration: 0,5 - 1 hour  Participants:  Scrum master  Developers  Sometimes architect, business and PO  Scope is to identify:  Impediments (something that is slowing you down)  Dependencies (Something that you are dependent on to move forward)  Blockers (Roadblocks that makes it impossible for you to to move on)  Risks (Things that you believe that impact the project negatively in future) Identify • Make MOM • Confirm with RTE and SM Analyse & Report • Introduce in Risklog and Jira • Evaluate risk picture Mitigate • Close follow up with risk owner • Follow up in Jira Risk management process
  • 24. How to identify risks in Agile? - Product Owner meeting Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “PO meeting”  Duration: 1 hour  Participants:  Product owners  Sometimes architect and business  Scope is to identify:  Understand specifications  Align features with business Identify • Make MOM • Confirm with Product mgt and PO Analyse & Report • Check if feature is in conflict with compliance • Evaluate risk picture Mitigate • Escalade to compliance (2nd LoD) if needed Risk management process
  • 25. How to identify risks in Agile? - Pre-release risk assessment Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: NA  Duration: 1- 2 hours (at least 3 weeks before release)  Participants:  2nd LoD (Business, compliance, legal, risk)  1st LoD  RTE (Should be able to invite)  Product manager  Product owners  Sometimes architect  Scope is to identify:  Get a risk overview where all aspects are evaluated.  All potential risks related to the release Identify • Introduce main new features • Structure session according to technical, legal and business risk to identify risk Analyse & Report • Look for critical risks and evaluate the impact. • Share with all who attended and mgt. Mitigate • Ensure mitigation or risk acceptance of critical risks before release Risk management process
  • 26. How to identify risks in Agile? - Planning event Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “PI”  Duration: 1-3 days  Participants:  All teams at all level  Scope:  Align planning between teams  Identify Dependencies  Identify Risks  Vote of confidence Identify • Risk boards • Walk the boards with mgt. • Be proactive and have questions ready Analyse & Report • Collect ALL risks • Use categorization to get an overview Mitigate • Issues and Risk should mainly be solved in the PI • Make conclusions if possible. Risk management process
  • 27. How to analyse risks Agile?  Two risk logs  General risk log (see example)  Risk that can kill you (see example)  Use 4 categories to evaluate risks  Financial impact  Reputational impact  Process impact  Legal impact  Use algorithm to see what the SUM of less critical risks
  • 28. How to share analysis in Agile?  Weekly report (see example)  Monthly report (see example)
  • 29. How to set mitigation actions in Agile?  Set mitigation strategy during the risk identification  Set a deadline  Set a owner (only one)  Make integrated alerts  Consider risk mitigation tool
  • 31. Roadmap 31 Highlighting the current PI commits, PI forecast and subsequent prioritised backlog • One liner Prioritised backlogPI n • One liner Committed Forecast PI n+1 • One liner • One liner ------- Stretch objectives ------- • One liner PI n+2 • One liner Release Milestone Stopper Release example Milestone example Stopper example
  • 32. Logs 32 Main actions, risks and dependencies in release train Action Action and impact description Status Raised date Due date Owner Impacting Supplier Supplier delivery Required date Status Owner sadfadsf Risk/Issue Risk/Issue description and mitigating action Criticality Update date Owner sadfadsf