O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Agile risk management in regulated industry

76 visualizações

Publicada em

This presentation look into how to implement Agile risk management in a highly regulated industry. The presentation focus not only on project risk, but also compliance, legal and reputational risks.

  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Agile risk management in regulated industry

  1. 1. Agile Risk Management
  2. 2. Agile Risk Management in Largest Nordic bank Executive Summary - Complete digital transformation program - More than 680 employees working on project - 100 M EUR + project Challenge How do you implement Agile Management and still manage risk in a highly regulated industry? Solution - Implementation of risk log - Implementation of Agile risk management process -Implementation of pre release check points Result -Clear overview and prioritization of risks - All releases are compliance tested before release
  3. 3. What is Agile Risk Management? • How does Agile Risk Management reduce risk? • How do you incorporate Agile Risk management into a highly regulated industry? • What tools can you use on a day to day basis to manage your risk?
  4. 4. Content  Background  How does Agile development reduce risk?  Key points from Agile Risk management transformation  Key learning points
  5. 5. How does Agile reduces risk?
  6. 6. Traditional Risk Management  Agile Risk management
  7. 7. Agile Risk Mangement Transformation Strategy Process Organisation & People Tools & applications  Agile Risk mgt is proactive, not reactive
  8. 8. Align Strategy Strategy Process Organisation & People Tools and applications 9 •  Align with Executive mgt  Create backlog  Use KANBAN to prioritize
  9. 9. Align Process Strategy Process Organisation & People Tools & applications 10 •  Find trigger to Agile risk processes (PI, Release etc) “follow the agile beat”
  10. 10. Align Organisation & People Risk train Teams 2nd LoD 11 • Strategy Process Organisation & People Tools & applications  Create a Risk Train to align methodology  Define who is risk owner  Align metric & reporting
  11. 11. Align Tools & applications 12 • Strategy Process Organisation & People Tools & applications EA Agile Risk mgt  Have a (integrated) risk tool
  12. 12. Agile SAFe  http://www.scaledagileframework.com/#
  13. 13. Structure and backlog
  14. 14. How to build a backlog
  15. 15. Key learning points  Agile Risk Mgt team should have a mandate and be proactive  Follow the “Agile beat”  Make a “Agile Risk mgt Train”  Find the Agile trigger for risk process  Have a backlog  Use a public KANBAN board  Work in the same Agile tool  Define clear ownership of risks and mitigation actions
  16. 16. What is Agile Risk Management? • How does Agile Risk Management reduce risk? • How do you incorporate Agile Risk management into a highly regulated industry? • What tools can you use on a day to day basis to manage your risk?
  17. 17. Core process Risks • Project risk • Strategic risk • Compliance risk • Legal risk • Business risks • Technical risk Agile risk management • Set Risk appetite • Identify risks • Analyse and report risks • Find mitigation actions Mitigated risks • Mitigated • Accepted • Closed
  18. 18. How to set risk appetite in Agile  Risk appetite is set by the organization and should be SMART Risk Open Risk Closed
  19. 19. How to identify risks in Agile? Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings
  20. 20. How to identify risks in Agile? Top Down Risk identification Scenario risk assessment Business risk assessment Compliance risk assessment
  21. 21. How to identify risks in Agile? - Daily Scrum Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “Daily stand up meeting”  Duration: 0,5 - 1 hour  Participants:  Scrum master  Developers  Sometimes architect, business and PO  Scope is to identify:  Impediments (something that is slowing you down)  Dependencies (Something that you are dependent on to move forward)  Blockers (Roadblocks that makes it impossible for you to to move on)  Risks (Things that you believe that impact the project negatively in future) Identify • Make MOM • Confirm with RTE and SM Analyse & Report • Introduce in Risklog and Jira • Evaluate risk picture Mitigate • Close follow up with risk owner • Follow up in Jira Risk management process
  22. 22. How to identify risks in Agile? - Product Owner meeting Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “PO meeting”  Duration: 1 hour  Participants:  Product owners  Sometimes architect and business  Scope is to identify:  Understand specifications  Align features with business Identify • Make MOM • Confirm with Product mgt and PO Analyse & Report • Check if feature is in conflict with compliance • Evaluate risk picture Mitigate • Escalade to compliance (2nd LoD) if needed Risk management process
  23. 23. How to identify risks in Agile? - Pre-release risk assessment Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: NA  Duration: 1- 2 hours (at least 3 weeks before release)  Participants:  2nd LoD (Business, compliance, legal, risk)  1st LoD  RTE (Should be able to invite)  Product manager  Product owners  Sometimes architect  Scope is to identify:  Get a risk overview where all aspects are evaluated.  All potential risks related to the release Identify • Introduce main new features • Structure session according to technical, legal and business risk to identify risk Analyse & Report • Look for critical risks and evaluate the impact. • Share with all who attended and mgt. Mitigate • Ensure mitigation or risk acceptance of critical risks before release Risk management process
  24. 24. How to identify risks in Agile? - Planning event Bottom up Risk identification Daily Scrum PI event Risk assessment before release Product Owner meetings  Agile name of meeting: “PI”  Duration: 1-3 days  Participants:  All teams at all level  Scope:  Align planning between teams  Identify Dependencies  Identify Risks  Vote of confidence Identify • Risk boards • Walk the boards with mgt. • Be proactive and have questions ready Analyse & Report • Collect ALL risks • Use categorization to get an overview Mitigate • Issues and Risk should mainly be solved in the PI • Make conclusions if possible. Risk management process
  25. 25. How to analyse risks Agile?  Two risk logs  General risk log (see example)  Risk that can kill you (see example)  Use 4 categories to evaluate risks  Financial impact  Reputational impact  Process impact  Legal impact  Use algorithm to see what the SUM of less critical risks
  26. 26. How to share analysis in Agile?  Weekly report (see example)  Monthly report (see example)
  27. 27. How to set mitigation actions in Agile?  Set mitigation strategy during the risk identification  Set a deadline  Set a owner (only one)  Make integrated alerts  Consider risk mitigation tool
  28. 28. Example of dashboard
  29. 29. Roadmap 31 Highlighting the current PI commits, PI forecast and subsequent prioritised backlog • One liner Prioritised backlogPI n • One liner Committed Forecast PI n+1 • One liner • One liner ------- Stretch objectives ------- • One liner PI n+2 • One liner Release Milestone Stopper Release example Milestone example Stopper example
  30. 30. Logs 32 Main actions, risks and dependencies in release train Action Action and impact description Status Raised date Due date Owner Impacting Supplier Supplier delivery Required date Status Owner sadfadsf Risk/Issue Risk/Issue description and mitigating action Criticality Update date Owner sadfadsf

×