22 March 2023

How To Deal with Risk When Developing IT Products?


What is IT risk? 

IT risk is defined as any threat to your business data, critical systems, and business processes that may arise when building an IT product. It is the risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an organisation.

Risk is inescapable in IT product development 

According to Tom de Marco, a well-known software engineer, author, and consultant on software engineering topics - "If there are no risks in a project, don't take it."    

I wholeheartedly agree with him. Besides, there are reasons why risk is interesting: 

  • No endeavor to produce a product will ever be without risk 
  • Risks are interesting because they can have both positive and negative influence 
  • In general, the rule of thumb is: “In order to stay relevant in business, you must beat AND outperform the competition by facing significant risks faster than others." 
  • Significant risk is good AND can lead to competitive advantage 

How to deal with risk? 

You must take risks AND keep them in sight until they are handled. Let's start from the beginning. 

Inadequate management is one of the risks. That's why I personally like working in Scrum. Scrum is a framework of conduct useful in the processes of producing, delivering AND maintaining complex products.  

The main and the most important advantage is feedback loop, which is based on: 

  • Transparency 
  • Inspection 
  • Adaptation 

What is feedback loop? 

Scrum allows you to analyze a piece of work for an upcoming sprint, meaning next 2-4 weeks (incomplete and not “perfect” product). - This is accomplished by providing a sufficient product backlog for event planning. 

During a sprint planning event, a plan is created, and it is followed by the development team during the sprint.  At the end of it, the scrum team and stakeholders review the product increment and update the product backlog (requirements) accordingly, then decide if it’s satisfying. This way, you establish a cyclic movement - however, the product still remains complex, although the risk management becomes simpler. 

Steps to IT Risk Management 

To manage risk with confidence, follow these steps:

Identify the Risk 

You need to figure out where and when the risk might arise. Of course, you don't do it alone - yu and your team uncover and recognize any risks together.

Analyze the Risk

Once you’ve identified the risk, you and your team think of ways in which the pace of work, product and outcomes may be impacted.

Evaluate and Rank the Risk

Now that you know the possible impact of found risks, you can prioritize work to keep them under control. This can only be done with understanding of the consequences that the risk means for the project. 

To measure the uncertainty of your environment, take the quiz. 

The team… 

Based on Don McGreal and Ralph Jocham proposition from Professional Product Owner book 


  • 9-13 -> Obvious  
  • 14-23 -> Complicated  
  • 24-35 -> Complex  
  • 36-45 -> Risky 
  • More than 46 -> Very risky  

Respond to the Risk

If you have read my previous article about time management, you will know that I prefer to focus on non-urgent but important issues when I’m working first. Thanks to that, I’m dealing with major turbulences before they become complete crises. 
However, the world is not perfect, and sometimes the risk becomes a real issue - then you need to decide what to do with it. 

Monitor & Review the Risk

Once you've taken action, you should track and review the progress of mitigating the risk. 

Following are some good practices to treat, monitor and review the risk: 

  • Evaluate Early & Often:  
    As I’ve already mentioned, that’s the best practice. There’s no better time to start risk management than the earliest possible. Then it’s best to keep monitoring it all the time.  
    It is a good practice to mark such tasks in the product backlog with an appropriate ticket color,  marking the type of the risk. 
  • Leadership:  
    Everything depends on the risk culture in the organization. In general, it is worth accepting that any risk is a way to gain experience and improve work in the future. It’s better to keep a positive attitude about responding to risks.
  • Communications:  
    I always set up a channel to communicate risk or potential threats. It allows me to respond quicker and more effectively to any problems that may arise. 
  • Policies:  
    If you have a plan to deal with risk, you’re already one step forward.  
  • Involve Stakeholders:  
    Ask the project stakeholders for their opinion. They have a unique perspective and will provide insight into potential risk areas.  
  • Get Signoffs:  
    At every stage of your risk management, get people (and Stakeholders) to sign off on the strategy. Or at least outline the potential problems that may occur. 

Is risk inevitable in IT product development?

The world of IT product development is very complex. Products are typically too difficult to analyze in advance and predicting all the consequences of the functionalities being implemented is simply impossible - if anyone claims otherwise, they are simply lying. It’s important to be familiar with risk and try to control it if you want the work to be more efficient and easier 

Agnieszka Topczewska-Pińczuk
Scrum Master | Project Manager

I believe that anything I do, I do for the end-user. I maximise value by:

- setting a path to the product's goal, helping developers do what they need to do

- frequently inspecting the result of their work to confront assumptions with reality

- adapting to the changing needs of Stakeholders based on feedback and measurable data.

I manage IT products agilely and know how to make your vision a reality. Would you like to work with me?