The Risk Burndown Chart in Scrum Projects

What is the Risk Burndown Chart and what is it used for? Risks are assessed, categorized and addressed based on severity levels that are established with the following formula: Probability X Impact = Severity. A common way that risks can be managed is with a Cumulative Risk Burndown Chart.  With this chart, the expectation is that risk severity levels should be decreasing during the project life cycle or during a specified time-period. This is an example of proactively managing risk. The Risk Burndown Chart displays several important pieces of information:

  1. Is the overall risk level for the project or program increasing or decreasing over the specified time-period?
  2. Are risk severity levels being reduced or are they increasing?
  3. Is there a specific risk with severity levels that are increasing or decreasing?
  4. Are we seeing the occurrence of new risks during the project or program?

Risk Burndown Chart: Cumulative

Let’s look at how the Cumulative Risk Burndown chart is created.

Step 1:

The first step is to create a risk burndown table for a specified period. Table 1. shows a cumulative risk chart for a four-month period.

Risk CategoryRisk TitleAprilMayJuneJuly
ImpactProbabilitySeverityImpactProbabilitySeverityImpactProbabilitySeverityImpactProbabilitySeverity
TechnicalJava53155420515515
OperationalInadequate Resources339339326313
ScheduleScope changes4312428428400
FinancialVendor dispute000000339313
OperationalPriority Conflicts0000005315000
TechnicalLegacy system stability313313300300
TechnicalBeta testing shows poor results339339339300
OperationalLogistical issues224111100100
TechnicalNew architecture inadequate326326339326
ScheduleCustomer Care tools arrive late44164312428414
ScheduleResource having surgery  74  68  69  21

Table 1. Cumulative Risk Burndown Data Table

Step 2:

The next step is to create a graph in Excel with the data from the Table 1.

Step 3.

The next step is to update the risk burndown data to show that risk mitigation activities have occurred and risk have been monitored. See Table 2. for details. The impact and probability levels are both between (1-5).

Risk CategoryRisk TitleAprilMayJuneJuly
ImpactProbabilitySeverityImpactProbabilitySeverityImpactProbabilitySeverityImpactProbabilitySeverity
TechnicalJava339248111313
OperationalInadequate Resources236339326313
ScheduleScope changes133122122100
FinancialVendor dispute000000339313
OperationalPriority Conflicts000000133000
TechnicalLegacy system stability111111300300
TechnicalBeta testing shows poor results133133339100
OperationalLogistical issues122111100100
TechnicalNew architecture inadequate224326339326
ScheduleCustomer Care tools arrive late248133122111
ScheduleResource having surgery  36  33  41  16

Table 2. Updated Cumulative Risk Data Table

Step 3.

The first thing that is apparent on the updated Risk Burndown Chart is that the risk severity levels have decreased.

Risk Burndown Chart: Assessment

The risk assessment process involves the numerical assignment of values (impact, probability, severity) that are used to measure risk for input to the risk burndown chart. The process also delivers the data that is needed to decide upon risk responses. These responses include, but are not limited to accept, transfer, exploit, avoid, and mitigate. These charts and graphs can be used to track overall project and/or program level risk management. The chart under discussion, is used to show that during the iterations, residual risk can be cumulative. There is also secondary risk that can further increase or decrease the severity level for the Scrum project and/or program. The chart should be added to the list of information radiators so that the Scrum Team (Scrum Master, Product Owner and Development Team) can be proactive and participative with risk identification, monitoring and control.

Our Favourite Agile Books

We found these books great for finding out more information on Agile Scrum:

Risk Management

Agile projects are inclusive of risk management without adding any extra processes. Risks should be evaluated at every iteration and ceremony. It is recommended that during every time-boxed event, risk reviews are addressed. This will result in daily risk monitoring and control. The Agile team can become involved with brainstorming sessions to uncover potential risks and why and when these events might occur. It is also important to mention that the focus should be on both negative and positive risks during team discussions. In addition, it is important to:

  • Fully understand the risk appetite and the tolerance levels for a project.
  • Recognize project level threats and opportunities so that there is a balance between the rewards and risks that are encountered during detection.  
  • Have appreciation for the risk preferences of each of the team members.  There should also be an appreciation of the impact of the social and the cultural influences that effect risk management.
  • Understand the identification and prioritization levels for risk response strategies that are based upon the risk exposure. This should be consistent with the Agile methods (For example, high value and high-risk items have priority in the product backlog).
  • Possess the capability to determine if a has risk been effectively and efficiently managed and monitored.
  • Be aware of residual risk at the sprint / iteration level.  Also be aware of its impact to overall risk levels.

The ‘Agile Scrum Master Training Course With 59 Seconds Training‘ is now available for free. This free Scrum Master Certified Online Training Course provides an in-depth understanding of the Agile Scrum Master roles and responsibilities, where you find out what a Scrum Master does and how to do it. During this free course you will learn all of the tools needed to succeed as an Agile Scrum Master.

Thank you for choosing us to learn about the Agile Scrum Framework.