Author Archives: tonygrout

About tonygrout

Striving to make things better

Kicking Risk Down the Road Jeopardizes Success

It’s 1230 and you have a report to write, an international flight to catch at 1600 and at least an hours drive to get to the airport. What do you do first?

Most of us assess the risk and realize that there are many more ways we can be late for the flight than on time. The journey to the airport has the most uncertainty so we complete this first. We can then write the report relaxed at the gate. We call this risk management approach nothing more than common sense.

Common Sense Uncommonly Applied
We have the same opportunity to use risk management in our planning process when we order our backlog. But most of us don’t. Why?

Most product owners now prioritize the backlog order based on short term value rather than taking risk in to account. One of the key risks they reasons is the loud legacy of too many late projects due to engineering choosing to implement the product in bleeding edge technology and this not working out so well.

In this move to focus on shorter term value in our products we’re now failing to acknowledge that we can’t just mitigate the risks of technical novelty by scoping it out. Technical novelty has to happen for reasons of competitive advantage or deprecated technologies. So we need to bring that common sense back in to our planning process.

One of the ways to address this is to bring technical risk into the prioritization process.

A Way of Using Risk to Prioritize the Backlog
So how can we think about this from a backlog priority perspective?

One way is to create a matrix of technical risks to be addressed on the y axis and user stories on the x axis. See below:-

Risk to Story Matrix

The user stories are true user stories, if they’re delivered a user can do something valuable in their process. I put a cross at the intersection of a risk and user story where it shows that if we build and appropriately test that user story it demonstrates that we’ve mitigated the risk. I then look at the user stories with most crosses, balanced with the least effort and the largest value and prioritize those to the top of the backlog. In the above example I’d want to build and test user story 3 as early possible.

This approach is an aid not the answer to your backlog prioritization. We still have to make the trade offs in terms of prioritization between building and maintaining market credibility and building a sustainable solution. We reserve the right to make short term trade offs by building “sparkler” features to keep market interest, preferably those with high value and low technical risk. We may even decide to build “sparkler” features early that have high technical risk but either cut the capability back to manage the risk or accept the risk; then rework when we have time. This way we go in clearly understanding that we’re taking on debt in terms of rework and/or risk in terms of market credibility to realise the additional value of reduced time to market.

Most organisations I’ve come across have little recognition of how to actively manage technical risk.

Ordering your backlog by taking into account those user stories that if built would address most technical risk is one way to increase schedule predictability

It can be argued that the value I describe above is a positive way of stating market risk and that I could have one combined list of technical and market risks. That leads on to the next post…

Why we need Managers in the Agile Enterprise

So you’re a manager in an organisation with 500 or more people and you build product that in some way involves software. We could spend a lot of time discussing whether organisations need tens to hundreds of teams. The reality is that a considerable number of organisations operate at this scale. Even if they decided to downsize, that’s not going to happen fast and they’re still looking to improve their agility. The organisation has drank the kool aid around agile and lean startup. From reading the agile literature you imagine an org chart with the CEO at the top, the teams underneath and nothing between. No mention of manager, only self-organising teams.


So is it time for that career change into frozen yoghurt making?

Unfortunately not. The reality is that the organisation still needs you and others like you.

So why do we need managers?

Managers in agile organisations have a different perspective to developers and managers in a traditional organisations. They need to look at the organisation as a system. They help increase the value the system delivers by managing the systemic risks

The team handles mitigating or implementing contingency for any risks it is able to. However, the team has to function as a component of the larger enterprise. Now Deming’s statement on component selfishness kicks in.

“A system must be managed. It will not manage itself. Left to themselves in the Western world, components become selfish, competitive, independent profit centres, and thus destroy the system. . . . The secret is cooperation between components toward the aim of the organization. We can not afford the destructive effect of competition.”

via W. Edwards Deming – Wikiquote

So at best teams won’t be in a position to see the organisation risks that could occur. At worst they’ll attempt to optimise for their own efficiency at the detriment of the organisation. I use the example that we have the constructs of government, states and local councils in everyday life to prevent individual or tribal selfishness harming society as a whole. We can argue that some are more effective than others but in general we’ve yet to come up with a better model. So in software development this is where managers come in.

Managers are able to stand back and look at the organisational system and see risks at this level. They help balance team, product, organisational and customer risks. Risks such as regulatory compliance, key person dependencies, funding risks, contract risks, third party dependency risks and market competition risks. The managers role is to harvest and manage these risks. Yes, the team could mitigate some of these systemic risks, but they don’t. Why? Because the resolution would be wasteful for them as a team.

So the manager protects the system from this selfishness by applying constraints on teams. These constraints describe what needs to be done but not how. Some call them “guard rails” for the organisation. The team then works out the best way to deal with the constraint. The manager can help here by using Socratic questioning to help their teams come to better ways of addressing the constraint.


Development organisations that employee hundreds to thousands of developers exist and want to become more agile. Their ability to deliver a project or product has many more ways of failing than succeeding.

An agile manager’s job is supporting the CEO in reducing the likelihood of events that can cause systemic failure to happen, or shepherd the organisation around them.