Agile Project Management Processes–Process 5.1 Organizational Practices

The Agile Project Management Processes Grid has been created by John Stenbeck in his book “PMI-ACP and Certified Scrum Professional Exam Prep and Desk Reference.”   He divides the 87 processes used in agile project management into five process groups and seven knowledge areas.

This post covers the first of three processes in the block of processes that are used in the Initiate process group and the Risk Management knowledge area:  Organizational Practices.

A Failure of Imagination

The NASA program that eventually took three Americans to the moon in 1969 had a very disastrous beginning.   Apollo 1 was designed to take the Saturn rocket that would eventually take men to the moon and to test it out in Earth orbit.   The three astronauts, Gus Grissom, Edward White, and Roger Chaffee, were doing a routine test on the launch pad on January 27th, 1967, when a fire broke out in the cockpit which killed all three of them.

There was an investigation which showed that the origin of the fire was a spark that came from a faulty electrical connection, which was exacerbated by the highly oxygenated environment in the cockpit of the Command Module.    However, the chairman of the Congressional Committee that investigated the incident asked a fellow astronaut Frank Borman, “what do you think caused the fire?   I’m not talking about wires or oxygen here==what do you think was the underlying cause of the fire?

Frank Borman answered that it was a failure of imagination.   In doing risk analysis on the Apollo program, NASA put their focus almost entirely on the dangers to the astronauts due to the hazardous vacuum conditions that exist in outer space.   NASA didn’t, however, consider the risks to the astronauts that could be caused on a routine training exercise that took place on the ground.   That was the reason for the fire.


Risk analysis can be divided  into two categories:

  1. Generic risks–these are risks that are common to all projects that are particular to the organization itself
  2. Unique risks–these are risks that are particular to the project itself

The first approach to risk analysis in both categories is brainstorming, where the team member and the customer/proxy get together and create a list of possible catastrophic events that could impact the project negatively.

There are way of doing this which add an element of fun, which counteracts the negative nature of the content.   Try giving awards for those that come up with various nightmare scenarios such as

  • “Academy Award for Best Screen Play” goes to the person who describes the negative scenario in the most dramatic fashion.
  • “Pulirzer Prize in Investigative Reporting” that describes the negative scenario in the most matter-of-fact way as if it was the subject of a 60 Minutes investigative report.

These are just examples, but you get the idea.   You want to encourage people’s imagination and creativity.

Risk Analysis

The next step after coming up with the negative scenarios in the brainstorming session is to analyze them and, in each case, come up with the root cause of the scenario.  You can group the root causes of the risks in something called a Risk Breakdown Structure that categorizes the various sources of the risks.

Prioritizing Risks

The next step in risk analysis after you’ve analyzed the root causes is to prioritize risks using the following process.

  1. Estimate on a rough numerical scale (1 to 10) the probability of the risk occurring
  2. Estimate on a rough numerical scale (1 to 10) the impact of the risk occurring
  3. Create a risk matrix that shows the probability of a risk occurring and its impact if it does occur, and graph the estimates done in the first two steps.
  4. Decide which sectors of the matrix correspond to a HIGH, MEDIUM, and LOW level of risk.   Usually the lower-left corner is LOW, the upper-right corner is HIGH, and MEDIUM is somewhere in an area in between these two other areas.

This basic risk profile will be expanded upon and detailed in the planning process group.

Some of the risks are going to come not from the organization, but from outside the organization; in particular, from government regulations.  The next process 5.2 Regulatory Discovery deals with risks that come from this source.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: