Editor's Note: This article was originally published by Built In Chicago, Author Madeline Hester, on June 12th, 2020.

The beauty of Agile methodologies is that it allows for built-in flexibility during the software development lifecycle. Unlike the alternative waterfall methodology, which requires stakeholder and customer input upfront for a then linear process, Agile allows for continuous learning so small adjustments can be made to the original concept without the launch date going off-course. 

To remain Agile, engineering leaders must implement built-in practices for identifying potential risks in order to streamline their development cycles. 

At integrated risk management software company Sphera, CTO David Schur asks his team to look for and identify the “unknowns” during daily standups. These unknowns could be red flags or small fixes. Either way, giving unknowns attention is better than assuming they are nothing to worry about. From there, engineers address the unknowns in a sprint or assign them to a manager to oversee and quickly correct course. 

“One of the big pros of an Agile methodology for risk management is that accepting uncertainty is a core tenant.”

–David Schur, CTO at Sphera

For more insight into the best practices that help Chicago tech teams mitigate risks with Agile software development, read below.


Devbridge 

Aurimas Adomavicius, President and Co-Founder

President and Co-founder Aurimas Adomavicius said he trusts Agile as the best and most sustainable methodology to de-risk digital platforms at a software design and development company Devbridge. Its continuous learning allows his team to course-correct micro failures and steers away from building unnecessary features. 

What best practices do you follow in order to identify and plan for potential risks in software development? Who else do you work with to develop and implement this plan? 

Risks in software development fall into three distinct categories. The first being a weak product-market fit, which can be remedied by eliminating stakeholder bias, testing the product with customers, prototyping and testing assumptions, and releasing early and often. 

The second risk is technical feasibility, which can be remedied by identifying dependencies, validating technical design and architecture, and establishing engineering organizational maturity such as continuous delivery, DevOps best practices, etc. 

Lastly, planning and delivery, which can be remedied by establishing healthy funding techniques, measurable product goals as well as a mature product practice that allows the business to get more value out of the investment.  

Our cross-functional teams provide domain expertise (e.g. product design, product management, testing) to create and implement development plans that mitigate risk. We’ll partner with clients and users to inform and validate plans. 

What steps do you take to monitor for issues throughout the development process? What tools or technologies do you use to make this process more efficient?  

We gauge the success of product development using three types of metrics. First, product goals evaluate if the product is achieving intended outcomes as it is iteratively released to the market. Having achievable, specific, and measurable goals help the team course-correct when necessary. 

Second, product quality metrics test coverage, escaped defects, the health of the CI/CD pipeline, infrastructure fragility, and more to inform the team if the product and technical debt are actively managed.

Third, product delivery metrics measure velocity, volatility, and the ability to ensure milestones are met. 

One product we use to monitor project health is our PowerUp application. The application provides a clear snapshot of the project status with more than 30 KPIs ranging from velocity to individual time entries in Jira and reporting. 

“Our cross-functional teams provide domain expertise to create and implement development plans that mitigate risk.”

– Aurimas Adomavicius, President and Co-Founder at Devbridge

What are the pros and cons of an Agile methodology when it comes to risk management? How does your team factor these pros/cons into your development process? 

There are no Agile cons. Agile is the only sustainable and iterative method to de-risk large digital programs. Agile is the only framework that supports the build, measure, learn loop, which is essential for maximizing ROI for the business. Without continuous learning, teams build features that may not be needed by users. Agile provides a way to course-correct when micro failures surface or changes to original assumptions are necessary. 


Sphera

David Schur, Chief Technology Officer

Schur said part of using expertise during SDLC at integrated risk management software company Sphera is knowing how to identify the “unknowns,” whether they be technical or resource-based. From there, teams can do a further dive into these areas through sprints or asking in-house experts to weigh in.

What best practices do you follow in order to identify and plan for potential risks in software development? Who else do you work with to develop and implement this plan?

I’ve learned through my experiences that clearly and transparently identifying the “unknowns” early in a project is crucial to managing risks in the plan. Often this can be addressed by early technical proof-of-concept stories in a sprint and seeding an expert resource into a squad to mentor others. 

Sometimes we may also plan a “reserve sprint” to be drawn upon if the risks are significant and cannot be mitigated through the normal course. Managing these risks with me is a cross-functional effort, and transparency across teams is key. Everyone involved should have a clear and simple understanding of the risks and what is being done to address and manage them. 

In my team, this involves the development lead, product owner, and product management working in concert with an independent program management office assisting to communicate and track the risks to resolution, including communicating to all stakeholders across the go-to-market team and company leadership.

What steps do you take to monitor for issues throughout the development process? What tools or technologies do you use to make this process more efficient?

Our teams work in an Agile methodology wrapped in a well-defined, full SDLC. Monitoring issues are accomplished with daily standups where blockers are identified early, while carefully monitoring velocity, tracking story carry-over, and measuring burn-up. We utilize Azure DevOps extensively to empower the teams to track and monitor the entire process and Power BI to bring together visualizations and dashboards of the overall progress.

“One of the big pros of an Agile methodology for risk management is that accepting uncertainty is a core tenant.”

– David Schur, Chief Technology Officer

What are the pros and cons of an Agile methodology when it comes to risk management? How does your team factor these pros/cons into your development process?

One of the big pros of an Agile methodology for risk management is that accepting uncertainty is a core tenant. We know we will discover more info as we go on and prioritize early discovery and experimentation to drive out the uncertainties. Agile also gives us an incredible ability to respond to change versus a traditional waterfall methodology where everything must be accounted for upfront with perfection, lest the project immediately goes off plan. The individual empowerment and shared accountability in Agile also lead to the grassroots ability to manage and resolve risks before they become big. 

On the flip side, teams need to be careful of the flexibility in Agile since crossing stories over sprints, leaving incomplete work, and not having a closely understood velocity can send a project awry. We wrap Agile artifacts in additional tracking and visualization to address the lack of predictability and give organizational transparency to those not directly in the Agile teams.


ThoughtWorks

Cassie Shum, Head of Cloud Partnerships, North America

In most situations, change is a good thing, but at software consultancy company ThoughtWorks, Head of Cloud Partnerships Cassie Shum said standardization and stability are best practices for identifying potential software development risks. Automation and pipelines are baked into her team’s development processes to identify risks early on. 

What best practices do you follow in order to identify and plan for potential risks in software development? Who else do you work with to develop and implement this plan?

Stability is one of the foundational pieces of an effective and evolving platform to address risks in software development. Better stability through automation for the common platform provides an immediate return on investment through increased customer satisfaction, higher revenue, decreased risk, and cost management. 

At ThoughtWorks, our key principles lie in automation, continuous delivery, and monitoring capabilities to lessen site outages and support rapid rollout and experimentation. Standardization and consistency of these practices and methodologies are required for all teams to ensure architecturally and practice governance.

“Stability is one of the foundational pieces of an effective and evolving platform to address risks in software development.”

– Cassie Shum, Head of Cloud Partnerships, North America at ThoughtWorks

What steps do you take to monitor for issues throughout the development process?

Taking an evolutionary approach allows us to push cross-functional items like performance, security, and reliability to the left as guardrails to drive engineering teams effectively and efficiently build highly reliable systems. 

What are the pros and cons of an Agile methodology when it comes to risk management? How does your team factor these pros/cons into your development process?

Using automation and pipelines is one of the fundamentals of Agile development to drive a very iterative process.  This is the main pro that we bake into every one of our development processes so we can identify risks early and often.