Skip to content

A ‘traditional’ Risk Manager’s adventures in the world of Agile

Added to your CPD log

View or edit this activity in your CPD log.

Go to My CPD Only APM members have access to CPD features Become a member Already added to CPD log

View or edit this activity in your CPD log.

Go to My CPD
Login to bookmark this
Added to your Saved Content Go to my Saved Content

The SWWE Regional Network were very pleased to welcome Claire Mills to speak at the event at BAWA on 17 June 2025. Claire is Group Project and Programme Risk Manager for QinetiQ, and the SWWE RN Corporate Liaison Lead.

Claire took us through her adventures as a dyed in the wool waterfall risk manager in the world of Agile delivery, and shared what she has learned.

Claire shared her experiences and lessons learned as a waterfall risk manager trying to navigate risk management when using an Agile Delivery Methodology, against a back drop of waterfall corporate process, methods and tools. The opening question was can you even do risk management within Agile and throughout the next 45 mins Claire demonstrated how to do this in a practical way. 

Firstly, was an overview of the differences between Waterfall (linear) and Agile (iterative) methodologies to set the scene as well as Hybrid (or Wagile).  Claire then highlighted that there are different ways to de-risk projects (not just managing a risk register) starting with ensuring that you are using the right delivery methodology for successful delivery of the project.  One way of doing this is using a Delivery Methodology checklist which along with an Agile Commercial Playbook looking at Agile Terms & Conditions can be used by both the project and Customer to ensure expectations are understood and managed on both sides to ensure successful delivery of objectives and benefits.  Then we delved into the detail……Risk Management cannot be looked at in isolation so an overall Project Controls approach was defined, taking into account scheduling, estimating as well as risk for processes and tools to ensure alignment.  A good discussion was had around the air gap between Corporate Risk tools and Agile tools e.g. JIRA and how that can be addressed – trust was the key message and proportionality between Programme (strategic) risks and those at the Sprint level (tactical, likely to be issues and much shorter time horizons).  But there must be opportunities for escalation where required. 

Claire then raised the question around Monte Carlo and Quantitative Cost and Schedule Risk Analysis – can you, are they worth it??  The conclusion was yes, QCRA’s can be run at Programme level as cost impacts can be three-point estimated using additional sprints, QSRA’s – not value add for a project delivering using Agile only (fixed duration), but can be useful when using a hybrid methodology. 

Governance and Assurance were also covered (definitely a must have, not a nice to have) with the emphasis being on how these can be tailored and applied practically for Decision Gates and Assurance, without negating the benefits of delivering using Agile but ensuring that the project remains on track (this might be where you want to add you overall Business Case / Governance review observations). 

Claire finished by showing the Agile Knowledge NetworQ that QinetiQ have set up as a useful community and knowledge repository and a summary of her aha moments going through this process.  The key takeaway was Just because you’re delivering using Agile does not mean that you either can’t or don’t have to do risk management – you just have to tailor the approach.

The event concluded with a lively and informative Q&A session. A key point made was that change management is still needed for scope changes, even with an agile project approach.

Copies of the presentation slides can be made available via a request to the SWWE RN contact form on the APM website.

Martin Gosden and Claire Mills

SWWE RN

0 comments

Join the conversation!

Log in to post a comment, or create an account if you don't have one already.