Proceedings of the 9th INDIACom; INDIACom-2015; IEEE Conference ID: 35071 2015 2 International Conference on “Computing for Sustainable Global Development”, 11th - 13th March, 2015 Bharati Vidyapeeth's Institute of Computer Applications and Management (BVICAM), New Delhi (INDIA) nd
Risk Based Scrum Method: A Conceptual Framework Nitin Uikey
Ugrasen Suman
School of Computer Science & IT DAVV Indore, INDIA Email Id:
[email protected]
School of Computer Science & IT DAVV Indore, INDIA Email Id:
[email protected]
Abstract – With rapid advancements in agile methodologies, the inclusion of risk assessment in projects has become an important challenge for practitioners to successfully execute projects. This paper presents a conceptual framework, called Risk Based Scrum Method (RBSM), which aims to incorporate risk management processes to improve the Scrum method. Employing RBSM as a framework in Scrum keeps organizations competitive within the business environment. The proposed framework can be helpful for management and development teams to identify the best strategic option for the Scrum software projects. Besides, it can be useful for better project planning and control and for evaluating various planning and performance schemes. Therefore, it provides critical insights into managing risk related to the software development in Scrum. Keywords – Agile Methods, Process Framework, Project Management, Risk Management, Scrum, Strategic Decision. NOMENCLATURE RBSM: Risk Based Scrum Method I. INTRODUCTION Among agile methodologies, Scrum is the most widely used lightweight process framework. It is recognizedfrom other agile processes by specific concepts and patterns. It is frequently applied to handle complex software and product growth, using iterative and incremental practices. Scrum enables organizations to adjust the rapidly-changing requirements, and develop a product that conforms to business objectives. Due to Scrum’s iterative and incremental character, the risk management is an implicit part of the process. While researchers argue that explicit risk management is also required and questions how the risk management should be done. The lack of systematic approach motivates us to suggest a structured approach for managing risk in Scrum, which can be beneficial for beginners and non-agile organizations to implement successful Scrum projects. In today’s ever-shifting technological and market environment, technical and managerial decisions in software development
require more strategies to face competition. Accordingly, organizations and teamsnecessitate various strategic decisions based on risk elements that are decisive for the efficient and effective management along with growing software activities. Software organizations have to arrive at strategies regarding the risks in projects, where every riskholds a changing degree of impact along the project variablesatvariousstages of the task. Therefore, the expression of accurate strategies applied to programs, akey responsibility of commercial enterprise and project managers to formulate a plan, carry through and implement it accordingly is required [1, 28]. The goal of strategyy implementation is to focus on project schemes management and the steering of the software development phases to achieve success [2]. So, Scrum software projects must also deliver strategic project management plans to assure the successful execution of the strategic decisions [1, 3]. Risk is managed ina variety ofapplication domainssuch as defense, aeronautics, construction industry and financial management [4]. Risk management is important as the organizations through risk awareness, actively manage not only potential problems but also potential opportunities and provide them with a competitive advantage. The fact that the bulk of the software development organizations perceives risk in a diverse way and notin an organized waywhich contributes to an increase instability and ineffectiveness of projects. Risk managementis identified as the minimum applied field amongst the diverse fields of software project management [5]. Recent research says that sufficient attention in respect to risk management does not seem to be assuming inside the software engineering community [6, 7, 29]. Hence, there is a demand to incorporate risk management in Scrum software development tasks. The paper conceptualizes an RBSM framework, which will facilitate teams and the sponsors to visualize easily and interpret the function of risk management in the project. The objective of the paper is the foundation of aninnovativemodelthat can be applied to evaluate various theoretical elements and their associations. The paper will serve to attain a fuller and more perfect understanding of risk management as an organizational process in Scrum methodology. Further, the literature review related to risk management and agile is discussed in Section 2. Scrum and risk processes along with the proposed framework and its
Copy Right © INDIACom-2015; ISSN 0973-7529; ISBN 978-93-80544-14-4
4.120
Risk Based Scrum Method: A Conceptual Framework
modules are described in Section 3. The concluding remarks and future research work are presented in Section 4. II. LITERATURE REVIEW Threats in an organization can vary from natural disasters to unbalanced commercial environs and venture failures. Risk is unsure incident or state thaton happening, features a negative or a positive result onat least one development objective, like quality, time, cost, or scope.Risk conditions such as short project management practices, simultaneous multiple tasks, lack of integrated management systems, or depending on external participants who is unable to maintained in line, might embody characteristics of the organization's or project's setting which will further add to project risk [8, 27]. Furthermore, risk concerns to all actions, incidences and activities that mightpreclude the business and the team from comprehending its dreams, plans and objectives. Irrespective of the result, risk identification, evaluation of the risk occurrence probability and risk impact estimation is necessary. The risk is any factor in the project that reasonsthe projectto failure [9]. Nevertheless, on that point is a collective thoughtamongscholars, that the risk is associated with probability feature. The feature in some definitions is called the event likelihood, probability of occurrence and frequency of that event [10, 11]. Over the recent decades,risk management has grown speedily as an important and an intact component of project management [12]. It deals with the operations involved with risk identification,risk management planning, risk analysis, available responses, and monitoring and control of a project [8]. It refers to approaches, methods to categorize and control risk to atolerable level [13]. Risk management is a discretearea, which assimilatesfacts from various corporateareas. It is a subject where knowledge and diversities of methodologies are fetched to work on a particular problem. The goal of risk management is to discover all valid risks in a product or project. To control the identified risks, it calls for placing the risk factors based on their rank, regularity of occurrence, impact and then installing the essential processes required [14]. As it is difficult to predict the losses, the objective of risk management is to assure that no danger will happen during the implementation and project uphold to minimum losses to a satisfactory degree. However, if a major loss happens, then the objectives of undergoing risk management areunsuccessful to reach the objectivespreventing the business from pursuing its goals. Agile refers to a collection of lightweight software development methodologies, includingExtreme Programming, Scrum, Crystal Clear, Feature Driven Development, Dynamic Systems Development Method andAdaptive Software
Development [15]. Studying the literature discover two complementary views regarding risk management in agile. The first claim is about inherent risk-driven approach and risk management is implicitly supported by agile methods. The advocates suppose, no demand exist to enhance risk management in agile methods. While, another claim considers that agile does not differ significantly from other traditional modelswith respect to the risk management. Moreover, enhancement to balance the needfor risk management in the agile projects is required [16]. The proponents of the subsequentoutlook believe that in some situations like project dealing with life-critical devices,the inherent risk management in agile is insufficient [17]. Besides, on that point are a lack of written reports that seek to examine the phases of risk management mapped to Scrum project management and how various risk parameters and the degree of risk can affect the project development [18, 19, 20, 29]. Therefore, risk management practices can be introduced to accelerate effective development and management process. III. SCRUM PROCESS WITH RISK METHODOLOGY A Scrum is a project management framework for developing software products and systems and is an agile development methodology. Scrum uses a lean iterative and incremental approach with empirical process control. The developmentis organized in cycles that are called sprints. The length of a sprint usually lasts between two and four weeks. During a sprint, the team breaks the most important customer requirements to a prioritized list. Therefore, the parts that possess the highest benefits for the client are carried out first. At the finish of each sprint,the teamdelivers the potentially shippable product increment. The customer requirements can here be changed or prioritized for the next sprint [21]. While, software risk management includes risk identification, risk analysis or risk clarification and quantification, risk response planning, risk monitoring and control, and risk review, which are discussed in subsequent paragraphs. In this paper, we extend the Scrum process with risk management issues as shown in Fig. 1. The proposed RiskBased Scrum Method (RBSM) Framework demonstrates the function of risk management processes to achieve successful Scrum projects by facilitating the model with risk identification, analysis, response planning and execution. The aim is to get a guideline for the organizations with the traditional mindset and beginners to execute this conceptual framework to several Scrum software projects. Therefore, it requires understanding of the Scrum process and how the risk management process is incorporated to achieve the goal.
Copy Right © INDIACom-2015; ISSN 0973-7529; ISBN 978-93-80544-14-4
4.121
Proceedings of the 9th INDIACom; INDIACom-2015; IEEE Conference ID: 35071 2015 2 International Conference on “Computing for Sustainable Global Development”, 11 th - 13th March, 2015 nd
Fig. 1. Risk Based Scrum Method (RBSM) Framework
The framework describes various new components added to the existing Scrum model such as product risk identification, revised product backlog, risk assessment chart and various processes of risk management. The components of RBSM framework are described in subsequent subsections. A. Product Backlog It is a prioritized list of the work necessary to bring the product into existence. Its details can include the customer needs or diverse technological selections, an explanation of functional and non-functional requirements, the activities essential to set up the product, and various items, such as environmental setup. The product owner is a person accountable for managing the product backlog in contribution with the Scrum master, team, and stakeholders. Together, they find a product's functionality. B. Product Backlog Risk Identification It involves identifying various risks that can affect the project any time from development to deployment and to document the attributes related to each identified risk. The output of this activity is the development of a risk register. Here the whole team should do the exercise on the iterative basis. Causes of danger and possible outcomes are needed to be recognized as to mitigate the risk [22]. The team can apply a system analysis approach to identify various factors and elements involved in the project.The product backlog risk identification phase evaluates every one of the risks since previous project report; business case, lessons learned, other comparableevent and
significantarticles as explicit knowledge.While, for tacit knowledge, the risk identification process captures the risks identified by team membersbased on their knowledge, understanding, past experiences and their analytical expertise [27]. As well, during this phase the previous and current risk management situation and risk state information are gathered. The consequence of the identification process includes a list of all the risks identified and is readily accessible to teams through a shared knowledge repository. The list facilitates in making a project risk outline containing the sum of all the risk statements and risk condition. The risk register maintained is a simple document with to the point information, as excessive details may confuse the procedure as well as its management. A risk register for agile methods may consist of the following elements: Risk description: Aneasy understandableshortoverview of the risk. Identifieddate: Day the risk is identified by the team. Likelihood: Estimated probability of risk occurrence. Severity: Assessed based on the impact of the undesired event. Revised Priority: Value as a product of priority of the product backlog, probability and impact. Owner: The person who administers and act in response to the risk. Action: The act performed to mitigate the risk.
Copy Right © INDIACom-2015; ISSN 0973-7529; ISBN 978-93-80544-14-4
4.122
Risk Based Scrum Method: A Conceptual Framework
Status: Current position of risk (available, has been worked upon). The risk register should be available to the teams to manage collaboratively and monitor the risk. In the risk register and on every sprint meeting, the team must reexamineand update any new data received over the sprint. C. Revised Product Backlog In this phase, risk analysis facilitates converting data related to riskinto informationto be used for decision making [23]. Every risk identified is evaluatedin the product risk identification stage. Experience and ideas are shared among team members corresponding tothe risksidentified. This phase collectively evaluates risk probability, which imply the possibility of events happeningalong with the risk impact, which states the risk severity [24, 27]. Based on the backlog decided by the team in product backlog phase, risk probability and risk impact, the stakeholders and the team can decide the new priority of the story. These prioritized stories can be gluedon a risk assessment chart (Fig. 2) for visualization of the tasks to be completed in further sprints.
Prioritization is part of product backlog grooming, and it leads the team’s work by focusing the team on the most important details. It also freezes the backlog contents progressively. As stories are detailed according to their priority, lower priority items are delayed. This delay supports the Scrum team to value choices, gather feedback from customers, and gain more knowledge, resulting in more beneficial decisions and a more serious product. The tool used to visualize the prioritized items is displayed through a Risk Assessment and Visualization Chart (Fig. 2). The chart is based on four sections; the revised product backlog, risk probability and risk impact. The chart helps the team to identify tasks easily with minimal, normal and maximum risks respectively. As the risk influences the success of the project, greater risk items should be of highest priority. Handling greater risk items early in the sprint may enforce early failures, allowing the Scrum team to alter track, such as modifying the architecture or to change the team structure, while there is still the chance to produce the desired product.
The risk value of revised product backlog can be calculated as shown in equation given below: Revised Product Backlog = Prioritized Product Backlog x Risk Impact x Risk Probability (1) The above elements in (equation 1) are measured as follows: Prioritized product backlog as decided by the product owner, Risk Impact and Risk Probability on the scale of 5, where 1 stands for low and 5 for high. For instance, team members must identify the level of risk involved in using off-the-shelf packages or risk the outsourcing as part of software development. The team needs to know what, if the commercial off-the-shelf packages may not fill the need as required. This confusion could potentially have problems later if not judged correctly to consider if all prerequisites are satisfied. Also, the team needs to evaluate outsourcing cost may be more than for a full-time equivalent and can affect the overall cost of the project. The project manager might not have direct and full control over the teams, which can result in schedule problems. Another example can be risks associated with the management of hardware and software usedduring project development, e.g., isa hardware and software capable of managing the workload of successful project completion? Here also, the team needs to evaluate as per the past experiences or resources available to back up a contingency plan if something goes unexpectedly. As, the hardware and software used while development may be vulnerable to bugs or can slow the system. The problem can affect the development, particularly during the implementation phases. D. Prioritizing Stories using Risk Assessment Chart
Fig. 2. Risk Assessment and Visualization Chart
E. Risk Response Planning Risk response planning aids in changing the information related to risk into activities and opinions. It calls for developing activities engaged with each risk, prioritizing steps and establishing a risk mitigation plan [23]. This procedure requires the gathered info to devise strategies and activities, with the goal to subdue the chance of risk occurrence and the level of loss [13]. The risk response planning process advocates the risk treatment activities required in the lateral phases and recommends taking the adequate safety control measures as per the impact and the possibility of hazards. In Sprint planning, the team through their knowledge contributes on picking out the best option for risk management in risk action requests. Whenever a risk handling option is recommended, the assessment should be performed by the product owner to settle for risk acceptance. If the stakeholders determine the risk to be acceptable, then a risk treatment alternative should be executed with the help of required resources and supervised with further project activities. In
Copy Right © INDIACom-2015; ISSN 0973-7529; ISBN 978-93-80544-14-4
4.123
Proceedings of the 9th INDIACom; INDIACom-2015; IEEE Conference ID: 35071 2015 2 International Conference on “Computing for Sustainable Global Development”, 11 th - 13th March, 2015 nd
order to lower the risk, specific reactions can be developed as per the situation of the project, the danger, the resources needed for a response and response cost.Usually, the aim of risk response strategies is to either cut down or wipe out the threat occurring likelihood; if realized bound the risk impact; or a compounding them together. These schemes are developed and executed in reply to new identified and valued as a menace risks and that should be contained. The literature identifies four general selections for responding to any project; risk avoidance, risk transference, risk mitigation and risk acceptance.
through mapping of risk management procedures, which can aid in reaching quality and trusted product. Also, it adds to the agile methodologies through Scrum by providing a conceptual framework and activities involved in deploying risk management processes within agile organizations. The model is limited to the generic model rather than dissecting and elaborating every aspect of risk management in Scrum. Future research will focus on risk incorporation in remaining agile methodologies and implementing the RBSM framework as pilot studies in various agile organizations.
F. Risk Monitor and Control Monitoring and Controlling risk engage accomplishing the risk management processes to act in response to the risk events. Risk management execution means making sure that the risk awareness activity is performed by the whole project team and throughout the project development. As the project advances, new risks are identified, resulting in an iterative process of risk management.
[1]
G. Risk Review Risk review is a function of the risk learning process. In risk review, the teams should capture all the learning at the time of development. A document prepared at the time of sprint review and sprint retrospective, and all the lessons learned is documented and stored in the knowledge repository for future projects. H. Knowledge Repository In software development organizations, the shortage of stored documentation related to the accomplishment or failure of a project is one of the causes for incompetent risk management. The knowledge is essential for project managers in planning and handling the risks for upcoming projects [25]. The experience eventually provides decision-support by signifying risks and processes that may bear on particular new projects. The knowledge repository should be formed in such a way as to support in finding historical risks or an experienced member with skills to manage certain risks. Furthermore, knowledge repository provides a tool to offer up to date project related information [26]. In risk monitoring, the synchronized examination can assist in evaluating the risk execution process to keep up an updated risk list. New risks emerging throughout the development would be directed instantaneously through the database to assist in managing risk competently. Therefore, knowledge repository can be imagined as a warehouse of data captured from the software management know-how, lessons learned, business cases, best approaches and technology standards [27]. IV. CONCLUSION AND FUTURE SCOPE The market competition has shaped the need for improving agile practices. This paper proposes Scrum methodology with risk management processes and recommends a risk-based Scrum method framework (RBSM) that resolves the difficulty of a Scrum project. The purpose is to enhance the methodology
[2] [3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
REFERENCES B. Jacques and B. Andre, “The link between project management and strategic management: realising strategy success”, AFRICON, Windhoek, pp. 1–8, 2007. V. Papadakis and P. Barwise -Strategic Decisions;FirstEdition: Springer, 1998. A. Shenhar, “Strategic project management: the new framework”,International Conference on Management of Engineering and Technology, Technology and Innovation Management, PICMET’99, Portland, vol. 2, pp. 382–386, 1999. J. H. Iversen, L. Mathiassen and P. A. Nielsen, “Managing Risk in Software Process Improvement: An Action Research Approach,” MIS Quarterly, Vol. 28, No. 3, pp. 395-433, 2004. Y. H. Kwak and C. W. Ibbs, “Calculating Project Managements Return on Investment,” Project Management Journal, Vol. 31, No. 2, pp. 38-47, 2000. K. M. Adams and C. A. Pinto, “Software Development Project risk management: A Literature Review”, Proceedings of the 26th National Conference, Organizational Transformation: Opportunities and Challenges, American Society for Engineering Management, Rolla, pp. 635-641, October 2005. F. M. Dedolph, “The Neglected Management Activity: Software risk management”, Bell Labs Technical Journal, Vol. 8, No. 3, pp. 91-95, 2003. Project Management Institute - A guide to the project management body of knowledge: PMBOK guide; Third Edition. Project Management Institute, 2004. Padayachee andKeshnee. "An interpretive study of software risk management perspectives",Annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology.South African Institute for Computer Scientists and Information Technologists, pp. 118-127 2002. T.A. Carbone and D.D. Tippett. "Project risk management using the project risk FMEA",Engineering Management Journal 16, no. 4 (2004): 28-35. R. Olsson, "Risk management in a multi-project environment: An approach to manage portfolio risks", International journal of quality& reliability management 25, no. 1 (2008): 60-71.
Copy Right © INDIACom-2015; ISSN 0973-7529; ISBN 978-93-80544-14-4
4.124
Risk Based Scrum Method: A Conceptual Framework
[12]
A. Del Cano and MP de la Cruz. "Integrated methodology for project risk management." Journal of construction Engineering and Management 128, no. 6 (2002): 473-485. [13] RM. Bruckner, B. List and J. Schiefer. "Riskmanagement for data warehouse systems",Data Warehousing and Knowledge Discovery, pp. 219-229. Springer Berlin Heidelberg, 2001. [14] P Cule, R Schmidt, K Lyytinen and M Keil. "Strategies for heading off IS project failure." Information Systems Management 17, no. 2 (2000): 65-73. [15] V. Szalvay, - An Introduction to Agile Software Development, Technical report, Danube Technology, 2004. [16] J. Miller and J. Grski - A Method of Software Project Risk Identification and Analysis, Ph.D. Thesis, Faculty of Electronics, Telecommunications and Informatics, Gdansk University Of Technology, 2005. [17] A. Schmietendorf, E. Dimitrov, and R. Dumke, “Process Models for the Software Development and Performance Engineering Tasks,” Proceedings of the 3rd International Workshop on Software and Performance, pp. 211-218, 2002. [18] C. Jones - Assessment and Control of Software Risks, Yourdon Press, Englewood Cliffs, 1994. [19] L. Wallace, M. Keil and A. Rai, “Understanding Software Project Risk: A Cluster Analysis,” Journal of Information and Management, Vol. 42, No. 1, 2004, pp. 115-125. [20] A. M. Aladwani, “IT Project Uncertainty, Planning and Success: An Empirical Investigation from Kuwait,” Information Technology and People, Vol. 15, No. 3, 2002, pp. 210-226. [21] N. Uikey, and U. Suman. "An empirical study to design an effective agile project management framework." CUBE International Information Technology Conference, pp. 385-390. ACM, 2012. [22] Kayis, B., M. Zhou, S. Savci, Y. B. Khoo, A. Ahmed, R. Kusumo, and A. Rispler. "IRMAS–development of a risk management tool for collaborative multi-site, multipartner new product development projects." Journal of Manufacturing Technology Management 18, no. 4 (2007): 387-414. [23] Higuera, R. P., & Haimes, Y. Y. - Software risk management. Pittsburgh, PA: Carnegie Mellon University, 1996. [24] Alhawari, S., F. Thabtah, L. Karadsheh, and W. M. Hadi. "A risk management model for project execution." 9th International Business Information Management Association Conference (IBIMA), Conference on Information Management in Modern Organizations: Trends & Challenges, Marrakech, Morocco, January 46, pp. 887-893. 2008. [25] L de Landa Farias, GH Travassos, AR Rocha. "Managing organizational risk knowledge." Journal of Universal Computer Science 9, no. 7 (2003): 670-681.
[26]
[27]
[28]
[29]
SL Cornford. "Managing Risk as a Resource using the Defect Detection and Prevention Process." 4th International Conference on Probabilistic Safety and Management, International Association for Probabilistic Safety Assessment and Management, pp. 1609-1614. 1998. S. Alhawari,, K. Louay, N. Amine, and M. Ebrahim. "Knowledge-based risk management framework for information technology project." International Journal of Information Management, VOL 32, No. 1 pp. 50-65 (2012). M. Uzzafer. "A simulation model for strategic management process of software projects." Journal of Systems and Software Vol. 86, no. 1pp. 21-37 (2013). L. Sarigiannidis, and C. Prodromos. "Software development project risk management: A new conceptual framework."Journal of Software Engineering and Applications, Vol. 4, no. 05, pp. 293 (2011).
Copy Right © INDIACom-2015; ISSN 0973-7529; ISBN 978-93-80544-14-4
4.125
