Risk is defined as an uncertain event that can affect the objectives of a project and may contribute to its success or failure. Risks with a potential for positive impact on the project are called opportunities, whereas threats are risks that could negatively impact a project. Managing risk must be done proactively, and it is an iterative process that should begin at project inception and continue throughout the life of the project. The process of managing risk should follow some standardized steps to ensure that risks are identified, evaluated, and a proper course of action is determined and acted upon accordingly.
Risks with a high probability and impact rating should be addressed before those with a lower rating. In general, once a risk is identified, it is important to understand the basic aspects of risk with regards to the possible cause, the area of uncertainty, and the potential effects if the risk occurs.
One major step to manage risk is correctly identifying the risk. The Scrum Body of Knowledge (SBOKTM) explains the process of identifying a risk in detail. According to SBOK, the scrum team members should attempt to identify all risks that could potentially impact the project. Risk identification is done throughout the project and identified risks become inputs to several scrum processes. The following techniques are commonly used to identify risks:
- Review lessons learned from retrospect sprint: Learning from similar projects and earlier sprints in the same project and exploring the uncertainties that affected those sprints and projects can be a useful way to identify risks.
- Risk checklist: Risk checklists can include key points to be considered when identifying risks, common risks encountered in the Scrum project, or even categories of risks that should be addresses by the team. Checklists are a valuable tool to help ensure comprehensive risk identification.
- Risk prompt lists: Risk prompt lists are used in stimulating thoughts regarding the source from which risks may originate. Risk prompt lists for various industries and project types are available publicly.
- Brainstorming: Sessions where relevant stakeholders and members in the scrum core team openly share ideas through discussions and knowledge sharing sessions, which are normally conducted by a facilitator.
- Risk breakdown structure: One of the key tools used in identifying risks is a risk breakdown structure. In this structure, risks are grouped based on categories or commonalities. For example, risks may be categorized as financial, technical, or safety related. This allows the team to better plan for and address each risk.