Views of Risk

Risk is uncertainty. To reduce risk must remove uncertainty. To remove risk faster you must attack uncertainty earlier, quicker, and with continuing consistency. In linear approaches the uncertainty is attacked on a slow but steady basis. During requirements we confirm as many as we can along with as much confirmation of the problem domain as we can which of course removes uncertainty. We do the same thing during design and coding. Where most of the risk of failure of the application occurs is in the testing which in the linear approach is typically at the end. The uncertainty in terms of whether the final product can be successful, that is generate the business anticipated, reduce cost as projected, be easy enough for those who need the solution to actually use it to solve the problem, generally does not come until after the delivery. Thus we have a continuing level of uncertainty and risk which must be dealt with through artificial means such as risk registers and contingency plans.

In an agile we attack the uncertainty immediately. We get parts of the complete solution done, tested, and demonstrated in a short timeframe. As both the developers and the business see what is being developed, and how it will work, the uncertainty of application failure is removed through the continuous testing, and the uncertainty of appropriate business use and achievement of business objectives is removed by the business inspecting and verifying little pieces as it goes so that at any time the product can be modified, adjusted, changed, or even discarded if it does not seem to be in alignment with meeting the business objectives. As long as it is, uncertainty has been diminished, and thereby so has the risk of product failure or implementation failure.