Effective risk management is critical to the success of any project, but SAFe® doesn’t offer a clear-cut solution for how to go about it in a scaled Agile environment. Here’s how ROAM risk management can help ensure that you’re effectively managing risks at every level of your Agile organization.
Why Risk Management?
The importance of effectively, proactively identifying and managing risks cannot be overstated. Even if the projects you’re working on are not safety- or mission-critical, a lack of proper risk management can seriously derail even the best laid plans.
And if you are working on safety- or mission-critical projects, poor risk management can have serious consequences, not only within the scope of the project, but also in the long-term, in the reputation of the company.
Of course, from a business perspective, effective risk management is also a form of insurance — protecting your bottom line from costly, preventable errors.
Effective risk management can help to keep your projects on track, on budget, and within scope. Teams can usually handle their own risk management using fairly simple methods, but challenges arise when organizations try to practice risk management at scale. With more and more companies embracing Agile at scale, the need for a scalable approach to risk management has become increasingly common.
SAFe and Risk Management
The Scaled Agile Framework (SAFe®) does not provide a turn-key solution for scaling risk management across the various levels of the organization. (Before SAFe 5.0, these levels included the Team, Program, Large Solution, and Portfolio levels. The newest version of SAFe modifies this to the Essential, Large Solution, and Portfolio levels.)
However, most practitioners have found that identifying and categorizing risks as part of a collaborative exercise is the best approach for practicing risk management at scale.
What is ROAM Risk Management?
Many Agile organizations have turned to the ROAM risk management model to identify and categorize risks. ROAM provides Agile organizations with a collaborative, actionable, proactive approach to practicing risk management at scale.
What Does ROAM Stand For?
ROAM is an acronym that stands for Resolve, Own, Accept, and Mitigate — four potential actions for how to handle a potential risk. The goal of the ROAM risk management approach is to help organizations make sure all potential risks are being dealt with appropriately.
Once a risk has been identified, it is assigned into one of the following categories:
- Resolved: The risk is determined to not be a threat at this time. No further action is required.
- Owned: The risk cannot be resolved within the meeting, so a member of the team is selected to ‘own’ the handling of that risk. This person is responsible for making sure that this risk is appropriately managed.
- Accepted: The risk cannot be resolved, so it must be accepted as-is and dealt with as necessary.
- Mitigated: A plan needs to be formulated to eliminate the threat of the risk.
After the risks are organized into these categories, a vote of confidence is taken, to decide which risks are worth working on or not.
If a risk is Resolved, Accepted, or Mitigated, it is effectively dealt with during the course of the PI planning session. The only exception to this is Owned, which requires further action on behalf of the “owner” of that risk. It’s important to have procedures in place to follow up on any risks that fall into the “Owned” category, to make sure that these risks are effectively planned and executed.
Tip: If your Agile organization is already using an enterprise Kanban tool to visualize and manage its work, then consider visualizing your risk management efforts in the same place! Create a ROAM Board to use during PI planning, where you brainstorm and categorize risks. Then, move any outstanding risk management-related tasks to the appropriate execution boards so that they are visualized!
Of course, risks can also emerge after work has already started. If (and when) this happens, the ROAM risk management model can be used to decide how to adequately handle these risks.
ROAM Risk Management at Every Level
The ROAM model can be used within Agile teams, but it can also be helpful for managing risks at higher levels. Most practitioners agree that team-level risks should be handled at the team level, ideally during PI planning. But risks that could affect the whole Agile Release Train (ART) should be escalated to the Program level.
Having effective escalation practices in place means that teams don’t have to worry about facing or managing the same risk more than once. It also means that mitigation practices for higher-level risks are more likely to be successful, because they’ll take the entire scope of the risk into account.
Benefits of ROAM Risk Management
Collaboration is an essential ingredient for effective risk management. With the ROAM model, the entire Agile organization is called to help identify and prioritize risks, and make sure they are handled adequately.
The ROAM risk management method creates a system of accountability for risk management that can save your organization time, money, effort, and stress. If you’ve been looking for a more effective method for managing risk in your Agile organization, give the ROAM model a try!
To learn more about how Planview Agile Program Management supports ROAM, check out the webinar The ROI of Agile Scaling and Transformation where we discuss how Planview LeanKit allows you to track and resolve risks in one place.