Project Management Central

Please login or join to subscribe to this thread

Topics: Agile, Risk Management
Risk buffer management?

On an agile project how is risk buffer managed? For example, if no risk buffer is used during the first sprints does the risk buffer have to be reduced, and if so how? Or should the buffer be kept until the end of the project?
Sort By:
Page: 1 2 next>

What does you mean for "risk buffer"? That is the key definition to take. In Agile environments risk is manage according the method you use or if you do not use a method then risk management is to follow the same process you have defined for other environments.

I am not sure either what is meant by Risk Buffer. Hiliana, can you please elaborate ?

Risk buffer or contingency can be used in estimation such as story points or in the amount of stories the team accepts (or rather doesn't accept due to contingency. This is done in team capacity planning or when they accept stories for the sprint. It is not encourages because the team should get a indication of their true velocity, but the reality is it is done. Buffer is not put away for a rainy day after the risk it was designed to cover has expired. If the event is a non event, the buffer should be released or given back, not added to the final buffer.

Santa, you mean Buffer = Contingency Reserve ? I do no think Hiliana means contingency reserve by saying buffer but I might be wrong.
1 reply by Sante Vergini
Dec 19, 2017 6:09 PM
Sante Vergini
I'm guessing Hiliana does, but like you I can't be sure.

Hiliana -

Similar to waterfall delivery, you could use EMV or some other method to quantify how much contingency reserve schedule & cost-wise would apply to a project being delivered following an agile lifecycle. If your team sizes the backlog as needing ten sprints for example, you might add one or two sprints based on the quantification of potential risk impacts.

If good prioritization practices are followed, risk will be a key driver for higher requirement priority so it's possible that you could release unused contingency reserves earlier than on a typical waterfall project.


I would rather be flexible and assign a Risk Buffer or Contingency Buffer to the entire project if I know that the project will have four sprints for example.

If I don't use any of the risk buffer in one sprint , I will simply look at rolling over the unused funds to the next sprint and wait until the project is nearing completion before looking at returning unused buffer.

Dec 19, 2017 4:44 PM
Replying to Rami Kaibni
Santa, you mean Buffer = Contingency Reserve ? I do no think Hiliana means contingency reserve by saying buffer but I might be wrong.
I'm guessing Hiliana does, but like you I can't be sure.

Risk contingency or reserve is use when a risk materialize.
For any types of projects you should re-evaluate risk at regular interval.
Risk reserve or contingency requirement should be link to you risk register.
If after a sprint you revisit your risk, you may reduce or increase the risk accordingly.

Please my answer and reply from Shadav who mentioned "Risk Buffer" as follows,

- Discussion Title: 5 Strategies for threats in project risk management.
- Answer from Shadav Mohammad Ansari:
1-Risk buffering (or risk hedging) is the establishment of some reserve or buffer that can absorb the effects of many risks without jeopardizing the project. A contingency is one example of a buffer.
2-Risk avoidance is the elimination or avoidance of some risk, or class of risks, by changing the parameters of the project.
3-Risk control refers to assuming a risk but taking steps to reduce, mitigate, or otherwise manage its impact or likelihood.
4-Risk Transfer and Contracting re is a common adage about risk management that the owner should allocate risks to the parties best able to manage them.
5-Risk Mitigation includes reduction of the likelihood that a risk event will occur and/or reduction of the effect of a risk event if it does occur.
- My reply:
Hi Shadav, the 4 strategies are exactly match with yours as follows.
1-Risk buffering - Accept
2-Risk avoidance - Avoid
4-Risk Transfer - Transfer
5-Risk Mitigation - Mitigate
"3-Risk control" seems contingency for "unkown risk"; "assuming a risk". Thank you for your comment.

You only release risk buffer when the risk no longer exists.
Page: 1 2 next>  

Please login or join to reply

Content ID:

"I know the meaning of life - it doesn't help me a bit."

- Howard Devoto