As software specialists, we understand that every project entails some level of risk. It influences every decision we make, as well as every line of code we write or evaluate. But, as a team, are we truly equipped to assess risk and take action based on our findings?

It’s easy to say you’ve addressed risk, but you need to officially analyze it before you can legitimately say you have, much as you do when estimating story points or refining your backlogs. You can set yourself up for a greater sprint and a stronger team by analyzing risk wisely and formally.

One of the most frequently asked questions is how to begin making a habit of formally assessing risk—of conducting risk assessment sessions. Here are three stages to teach your team how to conduct risk assessments and analyze the results, as well as how to assess risk and develop a plan to mitigate it.

Introduce risk as a concept

The first step is to begin exposing your team to danger. You want to make sure everyone understands what risk is and how it could affect your team’s decisions. The definition of risk that I find most useful is that risk is the impact of failure as well as the likelihood of that failure occurring.

You want to be sure that everyone on your team is using the same definition of risk. This one works well because it’s straightforward, and it’s simple to add layers as your team need.

Depending on your squad, this can take a variety of shapes. Your team will have a working knowledge of risk and how it relates to software projects. This comprehension could be perfectly aligned, or it could be ambiguous enough to be useless.

First and foremost, you must agree on the definition of risk. The best approach to do so is to inquire!

Start communicating

You may frequently start this in your team’s favorite communication platform with a team that has a culture of openness and inquiry. Slack, Teams, Hangouts, or anything else might be used.

“How do you define risk?” is a good way to start a topic or a discussion. “What do you believe is the riskiest aspect of our project?” or “What do you think is the riskiest aspect of our project?” This allows people a place to express themselves while also giving you a sense of how your team thinks and works.

This is a perfect time to bring up risk if your team is doing a refining session. I’ve had a lot of success implying that a certain story is risky and explaining why. This requires some planning; you’ll want to be familiar with the stories ahead of time and have done an initial risk assessment on them.

This means that before you come to the refining session, you should have considered the failure conditions and the chance of these failures occurring. This allows you to develop your own risk definition and become a subject-matter expert, as well as prepare you for the formal risk assessment session.

You may be asked to explain why you believe a formal risk assessment session is worthwhile for the team. People are prone to the “too many meetings” syndrome and may scoff at the prospect of another. This is when you’ll need to use your persuading skills!

What makes risk assessment worthwhile?

Our experience as software engineers, testers, and other members of the software development team has given us a general sense of risk. However, just like anything else, if we don’t calibrate and discuss our gut sensations, they will become out of sync and unbalanced. Redefining risk allows us to communicate more effectively as a team and have a deeper understanding of our project—something we can all benefit from!

You can start your reasoning with points and pointing if your team does. If it doesn’t, any type of estimation will suffice. To be able to add a ticket to your workload, you must estimate the amount of work involved. In a similar spirit, you must have a thorough understanding of the projected risk involved before proceeding with work.

You may think of it as roof workers: they know it’s dangerous to be up there, but they’ve considered the risk and weighed it against the benefit. Then they take appropriate efforts to protect themselves from the hazards they’ve taken on. As software developers, we should follow suit.

Decide how to evaluate risk

You’ll want to assess the risk of the individual items in question after your team is on board. You can conduct a thorough risk assessment, have an informal discussion about it, or simply ignore it.

Obviously, I do not advise using the third option.

I do propose that you consider if a full risk assessment has a place on your team. You’ll have a more cohesive team that’s well prepared for the challenges of the software development lifecycle if you have buy-in and can manage a session as stated.

Having said that, even a casual meeting that is announced to your staff can be quite beneficial. They’ll grasp how you see risk and how they might begin to consider it for themselves. Of course, if they differ, it will be time to discuss holding a full-team or partial-team risk assessment meeting.

Make a plan for risk

What happens when you’ve received a sense of the danger associated with the goods you’re considering? Having a page of numbers that you never look at again isn’t really useful.

You want to start acting on the identified risks when you’ve looked at them, evaluated them, and reached an agreement with your team. Depending on how you use and recognize risk, this can take numerous forms.

Risk can be used to decide which stories to play in a sprint if you’re in a refinement session. It can also assist assess how much risk your team can endure in a sprint or a body of work over a long enough time frame. These assessments will only get stronger as you continue to evaluate risk with your team.

Risk assessments can also be used to uncover dangers that you weren’t aware of before and for which you wish to have a specific plan in place. On my teams, this usually entails describing the risk and then discussing a mitigation strategy.

One example of a risk plan

The application had to be extremely reliable on a team that I recently headed. The risk we recognized was that if our users didn’t trust the app, they wouldn’t utilize it, leaving our client in a bad situation. For this, we identified three mitigation strategies:

  • Make sure consumers don’t have any cause to doubt the app.
  • Make sure the app has a strong and consistent voice.
  • Small flaws should be avoided at all costs.

We could deliver an app that matched our client’s expectations if we kept these three points in mind.

Get better at making software

Introducing risk to your team, analyzing it, and devising a plan to minimize it will help you develop a better team dynamic and a better end product.

You can teach yourself to think about risk strategically over the course of a sprint or the life of a product, which will improve everyone’s performance at all stages of software development.

Jenny will be lecturing on “Running Risk Assessment Sessions,” “Building Automation Engineers from Scratch,” and “Making and Managing Mind Maps” at the STAREAST Virtual+ conference session. The conference will take place from October 5-8.

For more info:

Also Read: