An Analysis of the State of Practice of Risk Management in Agile Organizations in Brazil - Supplementary Material

Published: 17 April 2024| Version 1 | DOI: 10.17632/rdy3s9vzsb.1
Anonymous Author


The use of agile methods tends to keep risks under control in software projects, due to their inherent characteristics of small increments, work visibility and expectation management. Thus, explicit risk management in agile projects has often been neglected, as the use of agile methods, with a focus on rapid value delivery, tends to lead to implicit risk management. However, software projects that use agile methods also can fail and implicit risk management may often not be sufficient for certain contexts. This has sparked research interest in the possible need for explicit risk management in software organizations that use agile methods. Motivated by the lack of information about risk management in agile software development contexts, a comprehensive survey is carried out to understand how software development organizations that use agile methods are managing risk. We conducted an online survey with a statistically significant sample of 273 agile professionals in Brazil. The main research question of this study is: "how software development organizations in Brazil are managing risks in agile contexts". Along with the main research question, this study aims to discover how explicit risk management practices are applied (or not) and how agile ceremonies and risk management processes are carried out side by side. Thus, we derive 7 specific research questions (RQ) from the main research question: RQ1. How many companies manage risks and what is their organizational context? RQ2. Are agile methods sufficient for risk management? RQ3. What risk management practices are introduced in agile methods? RQ4. In which ceremonies are risk management practices introduced? RQ5. Does the organizational context influence the practices introduced? RQ6. Does the organizational context influence the ceremonies in which risks are managed? RQ7. Does the organizational context influence the risk management processes that are used To answer the research questions, we prepared a questionnaire with 8 closed questions (closed-ended or multiple choice) and 3 open questions (essay) as the data collection instrument, using Google Forms as a tool. This repository makes available the data collected in this survey. The collected raw data, parsed data, coded data and the data collection form are made available.


Steps to reproduce

In order to answer the research question, a survey study is conducted. Survey is a collection of information of different types, such as characteristics, actions and opinions of a group of people who represent a population. The survey is carried out following the approaches proposed by Punter et al. (2003) and Molléri, Petersen and Mendes (2020). Thus, the methodological steps followed are: study definition, study design, implementation and execution, analysis, and packaging (results report). The population is approximately 514,303 professionals who work for software development organizations. Thus, the sample size is 273 respondents, with a margin of error of 5% and a confidence level of 90%. The sample is properly balanced between the Brazil country’s regions according to the proportion of the software development organizations.


Computer Science, Software Engineering, Project Management, Agile Method