In a note of the References section of “Waltzing with Bears” (DeMarco & Lister 2003), there is a note on “Planning Extreme Programming” (Beck & Fowler 2001) which says “When viewed as a set of [Risk Management] strategies, XP makes all kinds of sense.” This made me review how XP (or Agile more generally) is a risk management technique.
The incremental approach of XP reduces risk of late delivery or wrong delivery. The demo, planning and retrospective meetings seem to be an implicit risk analysis/mitigation exercise. It might be beneficial to make this more explicit.
One place where XP doesn’t line up with DeMarco & Lister’s thoughts on risk management is their advice that there should be sizable up-front design and estimation. XP eschews this. XP argues that the cost of up-front design & estimation of higher than the risk that they mitigate. It seems a reasonable risk vs. cost choice. Adding some explicit up-front brainstorming should be sufficient to cover the problem of missing large-impact risks. Furthermore the iterative nature of the methodology allows for a just-in-time approach to the costs and risks.
The book also contains a quote from Tom Glib who said (paraphrased) ‘Be ready to pack up whatever you’ve got any given morning and deliver it by close of day’. This is very fitting with the idea in XP that the result of every iteration should be deliverable and producing value. While a one-day iteration, as implied in the quote, is perhaps too extreme for many teams; the exercise of determining what it would take to deliver value in shorter and shorter iterations is valuable.