It is popular to state that Agile IS Risk Management - but that is not correct. Agile software development is a software development process. Risk Management is a process as well. The two - agile and risk management - are well suited for each other. But Agile alone is not Risk Management.
First some principles:
- All risk comes from uncertainty.
- Uncertainty comes in two flavors:
- Reducible - Epistemic uncertainty.
- Irreducible - Aleatory uncertainty.
Risk Management has a set formal processes from the more detailed briefing below. These processes are able managing risk not developing software. They are about identifying, analyzing, planning, tracking, controlling and communicating risks. Agile - in the form of software development Scrum, XP, DSDM, Crystal, etc. contribute to these formal risk management processes. But Agile alone of NOT Risk Management.
Here's how Agile and Risk Management are joined.