Integrating Risk Management in Agile Projects: A Comparative Analysis of PRINCE2 and Scrum, Study notes of Project Management

The lack of formal risk management techniques in Agile software development methods, specifically Scrum. The authors conducted a survey to understand current practices in agile project management and propose the integration of PRINCE2 risk management framework with Scrum. The document also highlights the importance of risk management in software projects and the benefits of aligning these two frameworks.

Typology: Study notes

2021/2022

Uploaded on 09/27/2022

rechel--
rechel-- 🇬🇧

4.6

(10)

229 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
International Journal of Software Engineering & Applications (IJSEA), Vol.6, No.1, Januar y 2015
DOI : 10.5121/ijsea.2015.6107 81
P
ROJECT
R
ISK
M
ANAGEMENT
M
ODEL
B
ASED ON
PRINCE2
AND
S
CRUM
F
RAMEWORKS
Martin Tomanek and Jan Juricek
Department of Systems Analysis, University of Economics, Prague, Czech Republic
A
BSTRACT
There is a lack of formal risk management techniques in agile software development methods Scrum.
The need to manage risks in agile project management is also identified by various authors. Authors
conducted a survey to find out the current practices in agile project management. Furthermore authors
discus the new integration framework of Scrum and PRINCE2 with focus on risk management. E nrichment
of Scrum with selected practices from the heavy-weight project management methodology PRINCE2
promises better results in delivering software products especially in global development project s.
K
EYWORDS
Project Management, Risk Management, PRINCE2, Scrum, Agile
1.
I
NTRODUCTION
Agile methods grew out of the real-life project experiences of leading software professionals who
had experienced the challenges and limitations of traditional waterfall development
methodologies on projects after projects. The agile development frameworks are widely used and
they don’t contain any risk management techniques because it is believed that short iterative
development cycles will minimize any unpredictable impact related to product development [1],
[2]. However in larger projects or during development of complex products, especially in the
global environment, the need of proper risk management is required. From the audit perspective,
there is the clear control requirement “BAI01.10 Manage programme and project risk“ defined by
COBIT 5 that requires that project risks should be systematically identified, analysed, responded
to, monitored and controlled. Additionally the risks should be centrally recorded [3, p. 125].
Additionally, controlling risk in software projects is considered to be a major contributor to
project success [4].
The need to manage risks in agile project management is also identified by various authors.
The SOA principles from the agile project management perspective were used to create
a framework for understanding agile risk management strategies for global IT projects [5]. Main
risk models and frameworks used by software engineers are discussed with conclusion that
the risk management steps are required for delivery of quality software [6], [7]. Agile
methodologies don’t cover the risk management knowledge area that can be taken from project
management frameworks like PMBOK [8]. Risks related to global software development projects
using Scrum have been researched and a conceptual framework to mitigate them designed [9].
Also the increasing variety of security threats should be managed as risks in the agile
development projects [10], [11].
pf3
pf4
pf5
pf8

Partial preview of the text

Download Integrating Risk Management in Agile Projects: A Comparative Analysis of PRINCE2 and Scrum and more Study notes Project Management in PDF only on Docsity!

DOI : 10.5121/ijsea.2015.6107 81

PROJECT RISK MANAGEMENT MODEL BASED ON

PRINCE2 AND SCRUM FRAMEWORKS

Martin Tomanek and Jan Juricek

Department of Systems Analysis, University of Economics, Prague, Czech Republic

ABSTRACT

There is a lack of formal risk management techniques in agile software development methods Scrum. The need to manage risks in agile project management is also identified by various authors. Authors conducted a survey to find out the current practices in agile project management. Furthermore authors discus the new integration framework of Scrum and PRINCE2 with focus on risk management. Enrichment of Scrum with selected practices from the heavy-weight project management methodology PRINCE promises better results in delivering software products especially in global development projects.

KEYWORDS

Project Management, Risk Management, PRINCE2, Scrum, Agile

1. INTRODUCTION

Agile methods grew out of the real-life project experiences of leading software professionals who had experienced the challenges and limitations of traditional waterfall development methodologies on projects after projects. The agile development frameworks are widely used and they don’t contain any risk management techniques because it is believed that short iterative development cycles will minimize any unpredictable impact related to product development [1], [2]. However in larger projects or during development of complex products, especially in the global environment, the need of proper risk management is required. From the audit perspective, there is the clear control requirement “BAI01.10 Manage programme and project risk“ defined by COBIT 5 that requires that project risks should be systematically identified, analysed, responded to, monitored and controlled. Additionally the risks should be centrally recorded [3, p. 125]. Additionally, controlling risk in software projects is considered to be a major contributor to project success [4].

The need to manage risks in agile project management is also identified by various authors. The SOA principles from the agile project management perspective were used to create a framework for understanding agile risk management strategies for global IT projects [5]. Main risk models and frameworks used by software engineers are discussed with conclusion that the risk management steps are required for delivery of quality software [6], [7]. Agile methodologies don’t cover the risk management knowledge area that can be taken from project management frameworks like PMBOK [8]. Risks related to global software development projects using Scrum have been researched and a conceptual framework to mitigate them designed [9]. Also the increasing variety of security threats should be managed as risks in the agile development projects [10], [11].

The authors of this paper prove that this lack of risk management techniques in agile development can be fixed by aligning risk management techniques between project management framework PRINCE2 and agile product development framework Scrum. However the traditional risk management is heavily centred on documentation and agile development principles tries to avoid any unnecessary documentation and focus more on people iteration [12].

2. PRINCE2 RISK MANAGEMENT PROCESS

Prince2 provides a disciplined environment for implementation of risk responses based on identifying and assessing project risks. Lack of the proper risk management is the one of the leading factor, why the projects failed [13]. Risk management within PRINCE2 methodology contains three dimensions: risk management strategy (how risk management will be embedded in the project management activities, what is the risk tolerance and when is the exception triggered); Risk register as a tool for capturing and maintaining information of identified threads and opportunities (Project Support will typically maintain the Risk Register on behalf of the Project Manager); and a risk management procedure [14].

The project risk management process recommends 5 steps: identify, assess (estimation and evaluation), plan, implement and communicate. The first four steps are sequential, with the ’Communicate’ step running in parallel; As well as techniques for identification, risk estimation and evaluation techniques and thread responses (avoid, reduce, fallback, transfer, share, accept). In the implement step, the risk owner and the risk actionee roles are defined. The risk owner is a named individual who is responsible for the management, monitoring and control of a risk, while the risk actionee is an individual assigned to carry out a risk response action or actions to respond to a particular risk or a set of risks. They support and take direction from the risk owner.

3. RISK MANAGEMENT IN SCRUM

Scrum doesn’t define the formal risk management process or even the risk owner. However every Scrum artefact or meeting potentially help to identify or mitigate risks. The list of artefacts and meetings with related risks is described for example in [15]. If the Scrum master, the product owner or the development team want to manage risks in a more formal or in a more proactive way then they can use for example a simple risk register [1] or a risk burn-down chart [16]. If they do so then it will be recommended to prioritize the highest-value and highest-risk requirements first in the upcoming sprint [15].

In the Scrum guide [17] there is a concept of impediments. The impediment can be anything that keeps a team from being productive. From risk management perspective the impediment is equal to an issue (a materialized risk). The Scrum master is responsible to solve these impediments and let the development team work in effective environment.

The other risk management model, mentioned in [18], combines the PMBOK approach with Scrum. The author suggests using a risk board with two kinds of notes. The red notes are used to describe the risks and the yellow ones to describe the risk responses. Another good example how risks can be potentially mitigated in Scrum (such an intrinsic schedule flaw, specification breakdown, scope creep, and personnel loss and productivity variance) is mentioned by [19].

Some techniques have been developed to support the story prioritization based on inherit risks, for example the story-risk prioritization matrix [20] or the risk burn-down technique [21].

Figure 2. Risk Meetings. Source: The survey conducted by authors.

The last question was formulated as “Do you think that agile development frameworks should be enriched by the risk management techniques from the project management framework?” The majority of respondents (60%) think that the enrichment would be helpful and 40% think that there is no value in this enrichment.

5. TAILORING OF PRINCE2 PROJECT AND RISK MANAGEMENT TO MEET

THE SCRUM APPROACH

At first, integrated process model should be created for tailoring the PRINCE2 project management process model to meet the Scrum approach. This conceptual model has been developed and it is described in [22]. In this paper this model was further reviewed, slightly modified and key meetings (ceremonies) and documents highlighted in red, see the Figure 3.

Corporate orProgramme

Project Board

Project Manager

Scrum master

Project Mandate

Starting Up a Project

Initiating a Project

Directing a Project

Controling a Stage

Managing a Stage Boundary Closing a Project

Closure Notification

Project Brief & Business Case

Project Plan

Authorization

Development Team

Product Owner

Facilitating Scrum

Creating Initial Requirements

Delivering an Increment

Sprint Planning

Daily Sprint

Sprint Review

Product Backlog

Spring Backlog

Defining, Prioritizing and Communicating Requirements

Burndown report

Sprint Retrospective

Product Increment

HighlightReport End Stage Report End Project Report

Weekly Status Meeting

Figure 3. Process model integrating PRINCE2 and Scrum frameworks with highlighted risk meetings. Source: Authors.

5.1. Key meetings and documents

The sprint planning meeting is the key meeting where the risks are identified. These risks are mostly related to the stories/software features that will be developed in the coming sprint. Based on the risk-story prioritization technique [20], the high-risk stories should be selected first and developed first. All the risks related to the developing features should be adequately assessed and evaluated by the development team. The risk attributes that are mostly used are: risk exposure, mitigation actions, likelihood, responsible person and financial impact (based on authors’ survey).

The weekly status meeting should contain the review of the current sprint risks. This meeting should be led by the project manager. The Scrum master should also participate in this meeting because he/she has the overview of the risks and other impediments the development team is facing to. It is a good practise to invite also risk actionees who can comment on progress for the critical risks or risks with the lowest risk proximity. As a suitable technique for reviewing the total sprint risk exposure can be the risk burndown chart [21].

conceptual framework is extended by mandatory or optional risk related tasks that are done during the Scrum meetings. The major Scrum meetings and their relations to risk management activities have been discussed. The benefits of agile – scrum risk management include improving capacity to manage project uncertainties on the product delivery level and enhance communication of risks within the entire project organization.

REFERENCES

[1] D. G. Edzreena Odzaly, “Lightweight Risk Management in Agile Projects,” Proc. Int. Conf. Softw. Eng. Knowl. Eng., vol. 26, pp. 576–581, Jul. 2014. [2] R. L. Rick Dove, “Fundamentals of Agile Systems Engineering – Part 1 and Part 2,” Int. Counc. Syst. Eng. Int. Symp. 2014, 2014. [3] ISACA, COBIT 5 - Enabling Processes. Rolling Meadows, IL 60008 USA: ISACA, 2012. [4] P. L. Bannerman, “Risk and risk management in software projects: A reassessment,” J. Syst. Softw., vol. 81, no. 12, pp. 2118–2133, Dec. 2008. [5] O.-K. D. Lee and D. V. Baby, “Managing Dynamic Risks in Global It Projects: Agile Risk- Management Using the Principles of Service-Oriented Architecture,” Int. J. Inf. Technol. Decis. Mak., vol. 12, no. 6, pp. 1121–1150, Nov. 2013. [6] S. S. Limkar and V. P. Bhosale, “Software Project Risk Management,” in Proceedings of the 5th National Conference; INDIACom-2011, New Delhi, 2011. [7] S. C. Misra, U. Kumar, V. Kumar, and M. A. Shareef, “Risk management models in software engineering,” Int. J. Process Manag. Benchmarking, vol. 2, no. 1, pp. 59–70, Jan. 2007. [8] M. N. Brohi, “Embedding project management into XP, SCRUM and RUP,” Eur. Sci. J., vol. 10, no. 15, pp. 293–307, 2014. [9] M. A. B. Emam Hossain, “Risk Identification and Mitigation Processes for Using Scrum in Global Software Development: A Conceptual Framework.,” Softw. Eng. Conf. 2009 APSEC 09 Asia-Pac., pp. 457–464, 2009. [10] R. B. M. Siponen, “Integrating Security into Agile Development Methods,” Syst. Sci. 2005 HICSS 05 Proc. 38th Annu. Hawaii Int. Conf. On, p. 185a – 185a, 2005. [11] I. G. Zulkarnain Azham, “Security backlog in Scrum security practices,” Softw. Eng. MySEC 2011 5th Malays. Conf., pp. 414 – 417, 2011. [12] K. Beck, M. Beedle, A. van Bennekum, A. Cockburn, W. Cunningham, M. Fowler, J. Grenning, J. Highsmith, A. Hunt, R. Jeffries, J. Kern, B. Marick, R. C. Martin, S. Mellor, K. Schwaber, J. Sutherland, and D. Thomas, “Manifesto for Agile Software Development,” 2001. [Online]. Available: http://agilemanifesto.org/. [Accessed: 16-Dec-2012]. [13] N. Cerpa and J. M. Verner, “Why did your project fail?,” Commun. ACM, vol. 52, no. 12, p. 130, Dec. 2009. [14] OGC, Managing Successful Projects with PRINCE2: 2009 Edition, 2009th ed. Stationery Office Books, 2009. [15] M. C. Layton, “How to Manage Risk within Agile Management - For Dummies,” Agile Project Management For Dummies, May-2012. [Online]. Available: http://www.dummies.com/how- to/content/how-to-manage-risk-within-agile-management.html. [Accessed: 18-Mar-2014]. [16] S. T. Veethil, “Risk Management in Agile,” Scrum Alliance, 03-May-2013. [Online]. Available: http://www.scrumalliance.org/community/articles/2013/2013-may/risk-management-in-agile. [Accessed: 18-Mar-2014]. [17] K. Schwaber and J. Sutherland, “The Scrum Guide: The definitive guide to Scrum: The rules of the game.” SCRUM.org, Jul-2013. [18] V. Ylimannela, “A model for risk management in agile software development,” 16-Mar-2012. [Online]. Available: http://www.cloudsw.org/under-review/a6f468c9-4857-4206-96ee- f67df0583d41/file_initial_version. [Accessed: 18-Mar-2014]. [19] V. Morris, “Managing Risk in Scrum, Part 1,” SolutionsIQ, 28-Oct-2011. [Online]. Available: http://www.solutionsiq.com/resources/agileiq-blog/bid/70560/Managing-Risk-in-Scrum-Part-1. [Accessed: 18-Mar-2014]. [20] A. Arora and C. Naresh, “A Risk Based Story Prioritization Technique In An Agile Environment,” Int. J. Adv. Found. Rese Arch Comput. IJAFRC, vol. 1, no. 7, pp. 16–25, 2014.

[21] M. Singh and R. Saxena, “Risk Management in Agile Model,” IOSR J. Comput. Eng., vol. 16, no. 5, pp. 43–46, 2014. [22] M. Tomanek, R. Cermak, and Z. Smutny, “A Conceptual Framework for Web Development Projects Based on Project Management and Agile Development Principles,” 10th Eur. Conf. Manag. Leadersh. Gov. ECMLG 2014, vol. 10, pp. 550–558, Nov. 2014.

AUTHORS

Martin Tomanek graduated from applied informatics at the Faculty of Informatics and Statistics, University of Economics, Prague. Currently, he is PhD student at the Department of Systems Analysis, Faculty of Informatics and Statistics, University of Economics, Prague, where he develops the integrated framework based on PRINCE2, Scrum and other best practices used in SW development area.

Jan Juricek graduated from applied informatics at the Faculty of Informatics and Statistics, University of Economics, Prague. Currently, he is PhD student at the Department of Systems Analysis, Faculty of Informatics and Statistics, University of Economics, Prague, where he deals with agile principles, objectives and benefits in project management.