The Agile Manifesto, also called the Manifesto for Agile Software Development, is a formal proclamation of four key values and 12 principles to guide an iterative and people-centric approach to software development.
The four key values of the Agile Manifesto are also important values for significantly improving risk management practices in organisations:
- Individuals and interactions over processes and tools.
- Working software over comprehensive documentation.
- Responding to change over following a plan.
- Collaborating with customers over contract negotiation.
These agile values put people before processes, get the software out the door fast, collaborates with customers and end-users, and continuously adjust plans as needed to suit the changing environment.
Individuals and interactions over processes and tools
No matter how formalised your risk management processes and tools are, it’s the people and the team that you work with and the way you work together and communicate with each other that will determine your success.
Your team and its ability to communicate effectively and efficiently is more valuable than the processes they follow or the tools they use. People drive processes and respond to business needs on the fly.
The result – informal risk management trumps formal risk management.
We know that too much formalised risk management can hurt the organisation, according to research on Risk Culture and Risk Management in the Australian Public Sector. This is counter-intuitive but real.
This isn’t to say that agile philosophies discourage formalised processes or tools. Both can help provide structure for your team and facilitate interactions – only until a certain limit.
But at the end of the day, they must come second. After all, processes and tools are worthless if people can’t communicate and interact effectively to deliver a positive outcome.
Put a smart, motivated team up to a task without any processes or tools (and even bureaucracies) and chances are they’ll find some way to get it done!
Today, more than ever, with more than 90% of jobs are categorised as ‘service roles’ — roles that require human ingenuity or empathy.
We need organisation models, structures, and processes that empower individuals, clarify what’s important, and assign accountability and responsibility in a way that works effectively and efficiently for cross-functional teams, projects, and solutions.
This is where we need good organisation design that excites and engages people, and gives them a sense of autonomy, ownership, and encourages continuous innovation and creativity.
Working software over comprehensive documentation
Traditional development processes often required extensive documentation before a single line of code was written.
Agile shifts the team’s focus from the process and documentation itself to what must be done to get the desired results or outcomes – i.e., the actual working software.
Getting the right solution in the hands of the end-users is the highest priority. After all, how are you going to improve your product (or service) if you don’t get it out in the wild and collect reliable feedback from real customers or users?
To embed risk management into the culture and fabric of the organisation where it becomes an integral part of all organisational activities, get the skill and competence of identifying and managing risks and opportunities into the hands of every employee in the organisation.
Make risk management work specifically for them, from their perspective, in their language, at their level of competence.
And make risk management practical, real, and relevant to them, as customers and users of risk management, in the flow of work and to achieve the outcome that they are seeking to achieve.
Refrain from developing extensive risk management documentation (i.e., death by risk documentation) or rolling out over-engineered risk management processes (i.e., death by compliance) that do not work effectively for your employees. Help them apply right-sized risk management in their work so that they can be successful, noting that documentation is not a bad thing if you don’t overdo it.
Move risk management beyond compliance.
Responding to change over following a plan
Agile embraces change. It is focused on releasing a minimum viable product that can be constantly evaluated and adjusted from iteration to iteration based on end-user feedback.
Product managers in agile environments will need to learn to present their dynamic roadmaps to stakeholders in a transparent manner that reflects the likelihood of change based on new learnings and end-user feedback. They act, learn from their actions, adapt to changing conditions, and iterate and grow for a better outcome that truly meets the requirements of their end-users.
An important benefit of the agile methodology is that it encourages frequent reviewing and retooling of current plans based on new information that the team is continually gathering and analysing.
Similarly, organisational strategies, plans, and even risks are no longer static. They are dynamic and ever-changing in today’s uncertain and fast-moving operating environment.
The agile methodology enables organisations to continuously pivot or change their business and operational models, strategies and plans to the ever-changing operating environment.
There are technical challenges, team challenges, and changes in the business environment that make following long-term plans a risky approach. More so when you don’t periodically re-evaluate your plans. Strict adherence to plans that only look good on paper is a business risk.
Agile lets every team in the organisation adjust their work and job designs; organisational and team structures; and priorities and plans whenever doing so makes strategic sense. People and teams must not get stuck in outdated plans simply because they have committed to seeing them through.
Practically, we cannot identify and manage risk by trying to anticipate problems, plan for these known unknowns, and then move slowly to avoid the unexpected. The speed of events occurring, and the lack of information are some causes of greater uncertainties organisations face today.
Unfortunately, plan-driven approaches are focused on minimising losses (i.e., what can go wrong or what can stop us from achieving our objectives) rather than maximising gains (i.e., what must we do to succeed).
Team members can’t be agile unless they acknowledge that there will always be uncertainties. And that they cannot plan for everything.
Rather than taking comfort in a written plan, they take comfort in the knowledge that they can (or must) adapt to change and still be successful thanks to the agile mindset.
Customer collaboration over contract negotiation
In Agile, the end-user becomes an important collaborator throughout the development process. This occurs frequently throughout the process. It ensures end-users input is constantly incorporated and the result meets their needs and requirements along the way.
This culture and mindset of continuous close collaboration and constant pivoting with feedback from real end-users help you deliver effective, useful solutions to your customers. When you are talking to your customers often and building continuous feedback into your process, you will reduce the risk and eliminate guesswork and ultimately poor outcomes.
Unfortunately, traditional product-centric processes have allowed contracts to dictate what is to be delivered at the end, which left a lot of room for mismatched expectations and failures.
The agile mindset requires risk professionals to work closely alongside people in the organisation to ensure that they continuously and unconsciously identify and manage risks and opportunities to increase the likelihood and extent of their success.
By moving beyond compliance and practising informal risk management, they collaborate and work closely with people to take calculated risks or seek out greater opportunities to deliver better outcomes that are within board-approved boundaries (i.e., within the organisation’s risk appetite and tolerance).
Remember: Agile values are not rules
Agile is a mindset. It is not a set of strict rules to follow and comply with.
These values are up for interpretation and customisation. They are not solid instructions set in stone.
Moving beyond formality and compliance are keys to embedding or integrating informal risk management into organisational culture and activities through the application of agile values and mindset.
The journey to agile is a conscious shift in operating mindset and actions. It put employees and customers first. It drives personal accountability for the outcomes.
Professional bio
As a Chartered Accountant with over 25 years of international risk management and corporate governance experience in the private, not-for-profit, and public sectors, Patrick helps individuals and organizations make better decisions to achieve better results as a corporate and personal trainer and coach at Practicalrisktraining.com.
He is also the co-founder of Skillsand.org, an organisation dedicated to helping people acquire in-demand job skills and preparing them for the future of work. The goal is to create a convenient learning experience that’s as easy as making any other purchase on Amazon.
Patrick has authored several eBooks including Strategic Risk Management Reimagined: How to Improve Performance and Strategy Execution.