Explicit Risk Management in Agile Processes

  • Christopher R. Nelson
  • Gil Taran
  • Lucia de Lascurain Hinojosa
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 9)


This paper explores the implicit nature of risk management in agile processes. It discusses why current techniques for managing risks in agile processes are not sufficient and how the processes can benefit from more explicit techniques. This is supported by the authors’ experience with an industry project that was managed using Scrum. Initially, risks in the project were managed implicitly as is typical with agile processes, but more explicit techniques were adopted as the project progressed. The paper will discuss these techniques, mechanisms for incorporating them into agile processes, and lessons learned.


Scrum Risk Management Software Risk Evaluations 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Architecture Analysis and Design Language (Aadl), SAE Standard AS5506 (November 2004)Google Scholar
  2. 2.
    Barbacci, M., Ellison, R., Lattanze, A., Stafford, J., Weinstock, C., Wood, W.: Quality Attribute Workshops (QAWs), Third Edition, CMU SEI Technical Report CMU/SEI-2003-TR-016. Software Engineering Institute, Carnegie Mellon University (2003)Google Scholar
  3. 3.
    Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 2nd edn. Addison-Wesley, Reading (2003)Google Scholar
  4. 4.
    Beck, K.: eXtreme Programming Explained: Embrace Change. Addison-Wesley, Reading (1999)Google Scholar
  5. 5.
    Carr, M.J., Konda, S.L.: Monarch, Ira, Ulrich, Carol F., and Walker, Clay F. Taxonomy-Based Risk Identification (CMU/SEI-93-TR-6, ESC-TR-93-183). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University (1993)Google Scholar
  6. 6.
    Cockburn, A.: Agile Software Development. Addison-Wesley, Reading (2002)Google Scholar
  7. 7.
    Concha, M., Visconti, M., Astudillo, H.: Agile Commitments: Enhancing Business Risk Management in Agile Development Projects. In: Concas, G., et al. (eds.) XP 2007. LNCS, vol. 4536, pp. 149–152. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Conrow, E.H., Shishido, P.S.: Implementing Risk Management on Software Intensive Projects. IEEE Software 14(3), 83–89 (1997)CrossRefGoogle Scholar
  9. 9.
    Dorofee, et al.: Continuous Risk Management Guidebook. Carnegie Mellon University (1996)Google Scholar
  10. 10.
    Garlan, D., Gluch, D., Tomayko, J.: Agents of Change: Educating Software Engineering Leaders. Computer 30(11), 59–65 (1997)CrossRefGoogle Scholar
  11. 11.
    Gluch, D.P.: A Construct for Describing Software Development Risk (CMU/SEI-94-TR-14, ESC-TR-94-014). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University (1994)Google Scholar
  12. 12.
    IEEE1540, IEEE 1540 Standard for Lifecycle - Processes-Risk Management. IEEE, New York (2001)Google Scholar
  13. 13.
    Lu, X.N., Ma, Q.G.: Risk Analysis in Software Development Project with Owners and Contractors. In: International Engineering Management Conference (October 2004)Google Scholar
  14. 14.
    McMahon Paul, E.: Bridging Agile and Traditional Development Methods: A Project Management Perspective, Crosstalk (May 2004)Google Scholar
  15. 15.
    Nyfjord, J., Kajko-Mattsson, M.: Commonalities in Risk Management and Agile Process Models. In: ICSEA 2007, Cap Esterel France (August 2007)Google Scholar
  16. 16.
    Paulk, M.: Agile Methodologies and Process Discipline. Crosstalk (October 2002)Google Scholar
  17. 17.
    Preston, G.: Smith and Roman Pichler, Agile Risks/Agile Rewards, Software Development, pp. 50–53 (April 2005) Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBoK), 3rd Ed. ANSI/PMI 99-001-2004, Project Management Institute, Newton Square, PA (2004)Google Scholar
  18. 18.
    Schwaber, K.: Agile Project Management with Scrum. Microsoft Press (2004)Google Scholar
  19. 19.
    Williams, R.C., Pandelios, G.J., Behrens, S.G.S.: Method Description (Version 2.0) & SRE Team Members Notebook (Version 2.0) (CMU/SEI-99-TR-029). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University (1999)Google Scholar
  20. 20.
    Williams Ray, C., Walker, J.A., Dorofee, A.J.: Putting Risk Management into Practice. IEEE Software 14(3), 75–82 (1997)CrossRefGoogle Scholar
  21. 21.
    The Eclipse Development Platform,
  22. 22.
    The Society for Automotive Engineers Architecture Analysis & Design Language,

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Christopher R. Nelson
    • 1
  • Gil Taran
    • 1
  • Lucia de Lascurain Hinojosa
    • 1
  1. 1.Institute for Software ResearchCarnegie Mellon UniversityPittsburghUnited States

Personalised recommendations