Many find it challenging to combine the management of operational risks with an agile environment. But there are clear synergies as the agile approach also focuses on minimizing risk and therefore should be seen as an enabler rather than an obstacle.
An agile organization is characterized by an open and transparent culture where the starting point is continuous improvement and to create the ability to adapt the business to changing conditions.
Our experience is that many financial organizations today suffer from inefficient management of risks and incidents without clear processes. For example, it could be that the person who discovers the incident emails a handful of people with a hope that someone else will solve the problem. A much more effective method is instead to work with a planning board where identified risks and incidents are continuously written down. In this way, critical incidents can be resolved immediately, while others are prioritized, resource set and remedied in the agile team or with the support of necessary skills outside the team. With the help of direct feedback and personal interactions, a culture of risk awareness is created while transparency is increased in the organization for employees at all levels.
Risk management must be a natural part of daily work
In order for the financial organization to be able to quickly adapt to changes while proactively preventing operational risks, risk identification and risk management must be a natural part of the entire process, from idea to implementation.
With an agile model, the risk perspective can be an integral part of the ongoing change work because the agile team is constantly asking itself; What do we do in the next iteration to reduce the risk of delays, defects or anything else that may adversely affect our customer? This means that risks will be a part of most dialogues that the team has. Most agile teams meet regularly for short reconciliations, plans and so-called demos where they reconcile the planned change with users and clients. An active dialogue about risks on these occasions not only creates value for the customer, it increases the entire organization's understanding of operational risks.
Smart prioritization of risks is A and O to maximize value
Common challenges associated with the work with operational risk management are that far too little progress is made. The reason may be that you try to solve everything at once. By prioritizing risks based on estimated loss for the delay and the size of the job, in the same way as prioritizing in agile frameworks, resources can be prioritized to minimize risks where the most effect is achieved.
The work of an agile team is built around short intervals, so-called sprints. The purpose is to get feedback from the customer and users with a certain frequency that the intended change supports their needs. By integrating the business's risk processes into the team's prioritization of work in the sprints, it is ensured that the team has the conditions to maximize the value they deliver to the customer.
Basically, the agile working methods and risk control have the same goal - to identify, proactively prevent, and minimize risks. By integrating risk management with the agile way of working, risk management becomes a natural part of the everyday work in financial organizations. Choose an area with a high risk concentration in combination with a team that has a committed leadership and a high probability of success. The team then becomes a good ambassador for new ways of working when these are scaled up in the rest of the organization. Start small and scale up quickly.
Jan Hanika, operational risk expert and Charlotte Löjdqvist, agile expert at PA Consulting