Managing Risk in the Product Backlog
I recently attended the Agile Coach Camp in Atlanta, and one of the discussions there was about how to manage risks and dependencies in large agile projects. I shared some of my ah-ha's with my peers, and we've been talking more about how risks are managed and made visible in the product backlog; we're exploring the idea because in the past we've been training teams to keep a separate risk log, and we've seen mixed success with that approach.
In addition to possibly adding risk mitigation actions to the product backlog, there's been talk of "rating" the relative risk of stories; Rally's Portfolio Manager includes a "risk score" field for stories. This sparked the conversation of what types of risk should be considered in that risk score: is it just delivery/technical risk, or does it also include the business risk? And is the score determined by the development team or stakeholders?
What are your thoughts on defining a risk score and using it to help prioritize stories? Is this something that could help drive the right conversations and decisions, or is it adding too much complexity to the backlog?