A Risk is an uncertain event or condition that, if it occurs, has an effect on at least one objective.
There are four steps to conduct risks in Agile environment:

  1. Identify
  2. Assess
  3. Response
  4. Review


Risk identification is an iterative process to create a register of risks. All Scrum events: Sprint Planning, Daily Scrums, Sprint Review, and Sprint Retrospective allow identifying supposed risks.
One of useful technique is Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis in order to identify risks


Once risks have been identified, they should be evaluated and prioritized. One of the most useful ways of prioritizing risks is using an impact vs. likelihood matrix.
An impact vs. likelihood matrix is a two-dimensional representation of the amount of impact a risk has on the project and how likely that impact is to happen. With this knowledge, risks can be prioritized, and the team will know what to focus on preventing, and what to monitor.


After a register of risks has been created and assigned statuses according to Impact vs. Likelihood Matrix (low, medium, high) a team is informed of the potential magnitude of risks. Based on the status of the risk, the following actions are recommended:

  • Mitigate: pre-event actions to reduce the likelihood or impact of a risk
  • Avoid: eliminate the risk by choosing an alternative approach
  • Transfer: risks are transferred to another area
  • Accept: no action taken

High risks need to be mitigated as soon as possible if risks are medium the team can decide it should be avoided or transferred, and low risks could be accepted without taking any actions.


The risk register is reevaluated at every Scrum event (Sprint Planning, Daily Scrums, Sprint Review). During the review, the probability and impact of the risks are re-assessed for better and likewise, new risks are identified.

Risk is a good opportunity to improve your processes and product!

Be Agile!