Agile Risk Management in the Game Studio

Reshape your approach towards game project risk for avoiding pitfalls and embracing opportunities for greater success.

Image by DALL-E.

Understanding and excelling in agile risk management is a transformative journey that reshapes our approach to potential challenges and how we envisage and mould the future of our projects and studios. Agile risk management is about navigating uncertainty and aligning our strategies with our core objectives and values. This pursuit is about dodging pitfalls and embracing opportunities that could lead to tremendous success and achievement.

In game development projects, a prevalent question is the effective handling of project risks within the agile framework adopted by studios. Surprisingly, this aspect receives scant attention in Agile certification courses like Scrum. The primary reasons for this omission are twofold:

Firstly, these courses tend to concentrate solely on team-level agile methodologies. The focus here is on the dynamics of small groups of individual contributors collaborating under agile principles. Such teams usually engage in smaller tasks requiring minimal coordination, rendering formalised risk management processes redundant.

Secondly, agile methodology inherently incorporates risk management due to its empirical nature. Agile’s iterative and incremental development model allows teams to confine their work to short, manageable periods. This approach facilitates rapid and frequent cycles of building, testing, fixing, deploying, evaluating, and modifying the product and the methods. Each iteration in delivering value presents numerous opportunities to confront and manage risks promptly, effectively dispersing risk management throughout development.

However, the complexity escalates significantly when it comes to large-scale game projects involving multiple teams/pods and organisational collaborations. Such projects carry more significant risks, heightening the need for a structured approach to risk management for project sponsors and stakeholders.

So, what distinguishes a formalised Agile risk management strategy? It closely resembles traditional risk management but with three key distinctions:

1. Agile risk management is more flexible and adaptive, as opposed to being purely predictive.

2. Agile projects undertake risk management activities more frequently and rapidly than conventional projects.

3. In Agile projects, risk management activities are more intimately linked with project execution than in traditional project settings.

Agile methodology allows development teams to assess their output and methods. This approach facilitates adaptive planning, empowering sponsors, stakeholders, and teams to modify requirements, plans, and strategies. An integral part of this process involves teams incorporating risks into their work backlogs and prioritising them accordingly. This seamless integration of risk-handling actions into their workflows is a crucial feature of Agile.

Moreover, the shorter development cycles characteristic of Agile, coupled with frequent deliveries and releases, yield significant benefits in risk management. Firstly, these frequent cycles provide earlier and more regular warnings of potential emerging risks. Secondly, they offer ample feedback, enhancing the ability to measure the effectiveness of the implemented risk management strategies. Collectively, these elements contribute to a more dynamic and responsive approach to handling risks in Agile projects.

The Anatomy of a Risk:

Risk in the context of a game project or feature is a multifaceted concept. It can be seen as any uncertain event or situation that, if it occurs, will impact the project’s objectives. This encompasses both negative and positive impacts, opening a broader perspective that risk is about foreseeing and avoiding dangers and recognising and seizing opportunities for enhanced performance and outcomes.

The concept of ‘positive risk’, or viewing risk as an opportunity, presents a more unconventional and sometimes contentious viewpoint. Traditionally, risks are perceived negatively as potential threats derailing a project. However, the idea of positive risk introduces the possibility that certain events, if they occur, could benefit a project’s objectives. This notion challenges the standard risk avoidance or mitigation approach and opens avenues for leveraging risks as potential drivers of growth and innovation. Some might find this perspective counterintuitive, even inaccurate, as it contradicts the typical risk-averse mentality. Yet, embracing this concept can be transformative, encouraging a mindset that seeks to manage risks and harness them for positive outcomes. This approach reframes how we think about risks, shifting from a purely defensive stance to actively seeking opportunities for advancement and success within the landscape of uncertainty.

The distinction between risk and uncertainty is pivotal in this context. While all risks carry an element of uncertainty, not all uncertainties can be classified as risks. Identifying which uncertainties significantly affect our projects and businesses is crucial, allowing us to channel our energies and resources where they matter most. This discernment is a fundamental aspect of effective agile risk management.

Understanding the distinction between risks and issues is crucial for effectively handling potential challenges. Risks are essentially uncertainties that can be planned and strategised for. They represent probable future events or conditions that, if they materialise, could impact the project. The management of risks typically involves strategies like avoidance, mitigation, sharing, or transfer, each tailored to address these potential uncertainties before they become actual problems proactively.

On the other hand, issues are current events or conditions that have already occurred or are happening. These are tangible problems that need to be addressed in the present. Managing issues requires a different set of strategies compared to risks. It involves analysing the issue, consulting with relevant stakeholders, determining the appropriate treatment or response, prioritising actions based on the severity and impact of the issue, and ensuring clear and effective communication throughout the process.

The critical difference lies in their temporal nature; risks are about the future and require anticipatory strategies, while issues are about the present and necessitate responsive actions. This distinction is pivotal in ensuring that risks and issues are managed effectively within the context of a project, with appropriate strategies and responses that align with their unique characteristics​.

The types of risks we encounter are as diverse as the projects, ranging from financial and operational to technological and market-related. Each type demands its unique management and mitigation strategy, underscoring the need for a comprehensive, tailor-made agile risk management plan. Recognising these varied risks is the first step towards a more holistic management approach.

Proactive Agile Risk Management in the Studio:

One intriguing aspect of agile risk management is the ‘Iceberg of Ignorance’. This concept suggests that senior leaders are often only aware of a fraction of the actual problems within a studio, while frontline employees see the entire spectrum. This highlights the importance of fostering open communication channels and inclusive strategies, ensuring that all levels of the studio play a part in identifying and managing risks.

Proactive, agile risk management offers numerous benefits, including better-informed decision-making, reduced likelihood of unpleasant surprises, more focused teams, and a higher expectation of project success. This approach involves identifying potential risks early, thoroughly analysing their impact and probability, and devising appropriate action plans. Proactively managing risks transforms the process into a strategic tool, elevating it beyond mere reactive measures.

Typically, the agile risk management process includes a series of essential steps, starting with the crucial task of identifying potential risks that could hinder the accomplishment of project goals. This initial phase is not just about listing these risks; it involves effectively communicating them to all team members. The process is greatly enhanced by the collective input, offering a wealth of diverse insights and experiences from different team members.

Identifying risks in game projects is a fundamental, proactive measure that plays a significant role in the overall success of a game or feature. This vital stage systematically discovers potential risks that may prevent the team from meeting its objectives. It involves a comprehensive examination of potential issues, delving into all the uncertainties that could emerge throughout the project’s lifespan.

The identification process starts with acknowledging that risks can emerge from various sources and manifest in multiple forms. To effectively identify these risks, different techniques and perspectives must be employed. One fundamental method is brainstorming, a collaborative approach where team members collectively explore potential risks. This technique thrives on diverse ideas and experiences, enabling a broad and deep exploration of possible risks.

Another approach involves adopting a pessimistic viewpoint, which can sometimes reveal risks that might be overlooked in a more optimistic outlook. This ‘thinking pessimistically’ approach allows teams to prepare for worst-case scenarios, ensuring that even the most unlikely risks are considered and planned for.

Crucially, risk identification is not a task for a select few but a collective responsibility that involves seeking feedback from all team members. Regardless of their role or level within the project, each member can offer unique insights into potential risks. Their diverse perspectives and experiences can uncover risks that might otherwise remain hidden.

This process of risk identification is not a one-time activity but an ongoing practice throughout the project lifecycle. As the project evolves, new risks might emerge, requiring continuous monitoring, assessment, and adaptation of the agile risk management plan. Documenting and communicating these risks is as important as identifying them and ensuring all team members are aware and prepared to manage them effectively.

In essence, the process of risk identification in agile risk management is a structured, inclusive, and dynamic practice. It requires an open-minded approach, a willingness to consider all potential sources of risk, and active participation from the entire project team. By rigorously identifying risks, teams can better prepare for and mitigate the inherent uncertainties of any project, leading to more successful outcomes and fewer surprises​.

Expanding on how risks are defined, using an “if-then” format is essential. This approach helps to clarify the cause-and-effect relationship inherent in each risk. For instance, if a risk is identified as a potential delay in a project due to a critical resource becoming unavailable, then the impact could be a shift in the project timeline and increased costs. This format helps break down each risk into its fundamental elements, making it easier to understand and manage.

Analysing Impact and Likelihood: 

Once risks are identified, they require detailed analysis to determine their likelihood and potential impact. Scoring the impact and probability of risks is a vital process that enables a deeper understanding and more effective handling of potential issues. This process involves assessing both the likelihood of a risk event occurring and the extent of its impact on the project or studio.

The likelihood scoring is often categorised into levels, each indicating the probability of the risk occurring. For example, a risk with a more than 75% chance of happening is considered in the highest likelihood category. This probability level is typically associated with complex processes with minimal checks and balances and factors outside the studio’s control. At the other end of the spectrum, risks with a much lower probability of occurrence are categorised differently, indicating less frequent or less likely events.

When it comes to impact scoring, risks are evaluated based on the extent of their potential effect on key project areas such as revenue, schedule, performance, and cost. For instance, a risk with an ‘insignificant’ impact level might lead to minimal revenue loss that can be easily absorbed without significant changes to operations or strategy. Such risks have minimal consequences on the project’s schedule, performance, or costs. On the other hand, risks with a ‘minor’ impact level may require some adjustments to the studio’s operations and strategy. Still, they are generally manageable and not expected to significantly impact the organisation’s long-term viability.

Each level of impact scoring reflects the potential severity of a risk’s effect on the project or organisation. This includes considering factors like how much the critical path of the project might be affected, the duration of any service suspension that the risk might cause, and the extent of cost variance that could be expected.

Scoring risks regarding their impact and likelihood is a dynamic and critical aspect of agile risk management. It provides a structured way to understand and prioritise risks, guiding decision-making and resource allocation. This systematic approach helps teams prepare more effectively for potential challenges, ensuring that they are equipped to handle risks to minimise negative impacts while maintaining project objectives and organisational integrity​.

This analysis aids in prioritising the risks and formulating strategies to address them. It’s crucial to remember that risk analysis often involves a degree of subjective judgment and is not always a precise science. This blend of objectivity and subjectivity makes risk analysis both challenging and essential.

A less acknowledged facet in agile risk management is the role of intuition. In a field that often leans heavily on data and analytics, the intuitive insights of experienced professionals can sometimes be overshadowed. Through years of experience and accumulated knowledge, these individuals may have an intuitive ‘sense’ of potential risks that might not be immediately evident in the available data. While difficult to quantify, intuitive judgments offer a valuable perspective in assessing risks. Integrating these instinctive insights can lead to a more well-rounded and comprehensive approach to agile risk management, providing an additional layer of understanding beyond numbers and figures.

Risk Response Strategies:

Developing strategies to manage these identified risks is the next critical step. Various strategies are employed to handle risks, with mitigation being the most common but not the only approach. Mitigation involves analysing the probability and severity of a risk and taking steps to reduce either or both of these factors. This could include simplifying procedures, performing additional testing, increasing resources, extending project timelines, creating detailed prototypes, providing extra training, breaking down the project scope further, or writing more comprehensive specifications. The goal is to decrease the likelihood of the risk occurring or reduce its impact on the project’s critical success factors.

Another strategy is avoidance, which, though not always possible, is the simplest method to eliminate risk. This strategy entails removing the tasks that carry the risk from the project. Sometimes, excluding a small, high-risk portion of the project is feasible. While possibly affecting the project’s scope, resources, or timeline, such a move can be a viable response to manage risks.

On the other end of the spectrum lies acceptance. This strategy is about incorporating the risk into the project plan when no better response strategy can be identified. Accepting risk is a natural part of project management since all projects inherently carry some risk. It’s crucial to itemise and analyse these risks to include them in the project plan with full awareness and agreement from all relevant parties. Management should be informed about the possible implications on cost or time if the risk materialises, and contingencies in terms of time, cost, or resources might be necessary.

Similar to acceptance is the ‘Monitor and Prepare’ strategy, which is helpful for significant risks that the project must accept due to their high probability or severity. This involves creating plans to monitor the risk triggers and building action plans that can be quickly activated if the risk occurs. For example, suppose an unrealistic deadline is imposed by management, causing a high likelihood of schedule overruns. In that case, the project plan might include regular monitoring of schedule variance and prompt notification protocols.

Finally, there is the strategy of transference, which involves shifting the risk to a third party. This often requires a trade-off or cost but can be an effective way to manage risk. Transference might involve purchasing insurance, outsourcing complex work to more experienced firms, adjusting contract terms, or removing warranties and guarantees. It’s a strategy that, while not always straightforward, can provide a viable solution to manage certain types of risks.

Each of these strategies offers a different approach to managing risks, and the choice depends on the nature of the risk, the project’s context, and the potential impact on the project’s objectives.

Monitoring and Control of Risk in the Studio:

Continuous monitoring and control are integral to this process. It involves tracking identified risks, monitoring residual risks, reassessing risk processes, and ensuring effective implementation of risk response plans. This continuous vigilance helps identify new risks and adjust the response strategies as required, ensuring that agile risk management remains a dynamic and responsive process.

Artefacts like risk registers and issue logs play a critical role in agile risk management, offering structured ways to document and track risks and their management strategies. Regular risk meetings complement these tools, providing platforms for team members to discuss, review risks, share insights, and update strategy as needed.

A typical risk register includes:

1. Risk Score: This is a quantified representation of the risk, often calculated by multiplying the likelihood and impact scores. It provides a quick reference to gauge the severity of a risk, helping prioritise which risks need more immediate or intensive management.

2. Risk Number: This unique identifier is assigned to each risk for easy reference and tracking. It helps organise and discuss the risks within the team or with stakeholders.

3. Risk Category: This classification helps group risks into different buckets like operational, financial, strategic, compliance, etc. Categorisation aids in managing risks by their nature and developing specialised strategies for each type.

4. Risk Name: A brief, descriptive title given to the risk briefly summarises its essence. This name should be clear and indicative enough for quick understanding.

5. Risk Description: This section provides a detailed explanation of the risk, including how and why it might occur and its potential effects on the project or studio. It forms the basis for understanding the nature and implications of the risk.

6. Risk Owner: The individual or team responsible for monitoring this risk and implementing mitigation strategies. The owner is accountable for managing the risk and ensuring appropriate actions are taken.

7. Likelihood (1-5): This is a rating that reflects the probability of the risk occurring, typically on a scale from 1 (very unlikely) to 5 (very likely). This score helps assess the risk’s potential to become an issue.

8. Impact (1-5): This rating measures the potential severity of the risk’s consequences on a scale from 1 (minimal impact) to 5 (significant impact). It assesses how significantly the risk could affect the project or organisation.

9. Risk Response Strategy: This outlines the approach or plan for managing the risk. It might include strategies like avoidance, mitigation, transfer, or acceptance, depending on the nature and severity of the risk.

10. Risk Response: This section details the specific actions or steps that will be taken to implement the chosen risk response strategy. It includes what will be done, by whom, and when to manage or mitigate the risk.

In contrast, an issue log contains:

1. Issue Name: This is a brief, descriptive title given to the issue for easy identification. The name should be concise yet descriptive enough to explain the issue clearly.

2. Issue Description: This section provides a detailed explanation of the issue. It includes information on how the problem was identified, its nature, and its potential impact on the project. This description should give all the necessary details to understand the issue entirely.

3. Issue Owner refers to the individual or team responsible for resolving the issue. The issue owner is accountable for taking the necessary actions to address the problem and ensuring it is resolved.

4. Date Reported: The date when the issue was first identified and reported. This helps track the duration of the issue and assess its urgency and impact over time.

5. Reported by: The name of the person or group identifying and reporting the issue. This is important for follow-up questions or additional information regarding the issue.

6. Action Taken: This section details the actions that have been taken or are planned to resolve the issue. It can include immediate steps taken, ongoing efforts, and long-term strategies to address the problem.

7. Valid to [date]: This indicates the date the issue needs to be resolved or reassessed. It sets a timeline for the issue resolution and ensures that the problem is addressed promptly.

8. Update (on date): Regular updates on the issue’s status, including any changes or developments since it was last reviewed. This could be on a specific date or at regular intervals. These updates are crucial for monitoring the progress in resolving the issue and making necessary adjustments to the action plan.

Agile Risk Management Roles and Responsibilities:

Various roles play a pivotal part in ensuring the effectiveness and efficiency of the overall risk strategy. These roles, each with distinct responsibilities, work together to create a cohesive risk management framework.

One of the key roles is that of the Risk Manager. This individual is the central figure in the project’s risk management activities, overseeing the entire process. Typically, this role is filled by producers or project managers. The Risk Manager’s responsibilities include facilitating identifying risks and chairing monthly risk meetings. This role is crucial for maintaining a structured approach to risk management and ensuring that all potential risks are identified, analysed, and addressed promptly and effectively.

Risk Owners are another essential component of the risk management process. These individuals are accountable for specific risks and coordinate efforts to mitigate and manage them. The Risk Owner’s responsibilities include implementing controls and risk response plans, ensuring that risks are managed effectively and do not derail the project’s objectives.

Moreover, every team member plays a role in risk management. Their involvement ranges from periodic reviews of project risk artefacts to participation in risk response planning. Each team member is responsible for reporting any new risks they perceive, contributing to a comprehensive and dynamic risk management process.

These roles collectively ensure the project is monitored for risk triggers, existing risks are reexamined, and residual risks are continually assessed. They also reassess project assumptions, ensure adherence to policies and procedures, and verify the effectiveness of risk response and contingency plans. The integration of these roles forms a robust framework that supports the identification, analysis, response planning, and monitoring of risks, which is vital for the successful delivery of any project​.

Incorporating a RACI (Responsible, Accountable, Consulted, Informed) matrix can significantly enhance the clarity of roles and responsibilities in the risk management process. This tool ensures that everyone involved understands their specific duties and contributions towards managing risks within the project.

A Culture of Effectively Communicating Risk:

Agile risk management also intertwines with studio culture. If a culture of openness and continuous learning is fostered, risks will likely be identified and managed effectively. Conversely, if the culture is closed and punitive, risks might go unreported and unmanaged, leading to potentially catastrophic consequences. Thus, embedding a positive risk management culture is as important as implementing the process.

Effective communication is another cornerstone of agile risk management. If communication channels are open and transparent, information about risks flows freely, enabling timely and effective governance. If communication is hindered, the risk management process becomes stifled, often leading to overlooked or underestimated risks.

When delving into agile risk management, one often overlooks the psychological dimensions that play a crucial role. Beyond strategies and analytical tools, how individuals perceive and respond to risk is a critical aspect that can significantly influence the management process. People’s tolerance for risk varies; some are inherently cautious, while others may have a propensity for taking risks. This diversity in risk perception and bias can affect risk identification and response strategies. Teams attuned to these psychological nuances are better equipped to manage risks effectively. By considering the human element, they can tailor their approach to the project and their unique character characteristics and attitudes.

Closing Thoughts:

In conclusion, embracing risk management is about seeing risk not as a looming threat but as an opportunity for growth, innovation, and proactive change. It requires a strategic and responsive approach backed by effective communication, clear roles and responsibilities, and a culture that supports continuous learning and adaptation. By mastering these principles, organisations can transform risks into catalysts for success, leading to more significant achievements in their projects and business ventures. This holistic view of risk management mitigates potential adverse outcomes and paves the way for seizing opportunities that drive progress and innovation.