I’m not sure if there is a simple answer to that question. There are lots of different kinds of risk, so who manages what may well change over time.
Even before the team is founded or designated to the project, there is the sponsor. S/he may be the person with the vision, the instigator of the project, or s/he may just be the person with for the money. In either case, s/he is or will eventually designate the product owner, whose primary responsibility is financial.
I think it is legitimate for the project owner to ask risk oriented questions right at the beginning: What are the big risks in the projects? What will cost us money if they happen or if we don’t prepare for them properly? How do we mitigate those risks, keep our options open, and handle the issues gracefully when they happen? Once the team is consituted, these are questions for them to think about as well.
There are many risks, some more likely than others. Some “risks” are not risks at all, they are certainties. Changing requirements is high on the list. Scrum embraces these risks as part of the process.
A classic risk question in any user facing application: ‘What happens when the usability people decide they need to redesign the UI late in the game?’ Call it a special case of changing requirements, but you don’t want to caught without a solid test suite if you have have to completely refactor the back-end.
Other risks are more subtle. Teams or individuals that do not have the necessary training or that don’t work well together will make slow progress. This can be seen in the Product Burndown Chart. The Product Owner will see quickly that he has a time/scope/money problem, but figuring out the cause will need support from Team and Scrum Master.
What I don’t like to see in a bid is boiler-plate text which can be “safely” ignored during the actual project.
Once the team is constituted and an initial product backlog has been created, the P-O and the Scrum Master and maybe the team will get together to prioritize the stories. There are many ways to do this, including bang for the buck, value to the P-O, deal with hard problems first, put off difficult and unclear issues until later (when they are better understood)… And yes, some of the strategies are contradictory.
So somebody makes a decision, and that someone is the Product Owner.
The Scrum Master and Team should help the P-O optimally prioritize the backlog so minimize risks. The team can be particularly helpful with technical risks and the Scrum process should help identify blind spots. But since ROI is the responsibility of the P-O and the consequence of risk is cost, managing Risk is fundamentally the P-O’s responsibility.
|cookielawinfo-checkbox-advertisement||1 year||Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .|
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
|mailchimp_landing_site||1 month||The cookie is set by MailChimp to record which page the user first visited.|
|CONSENT||2 years||YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.|
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_42152348_1||1 minute||Set by Google to distinguish users.|
|_gcl_au||3 months||Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|NID||6 months||NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.|
|test_cookie||15 minutes||The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.|
|VISITOR_INFO1_LIVE||5 months 27 days||A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.|
|YSC||session||YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.|
|yt-remote-connected-devices||never||YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.|
|yt-remote-device-id||never||YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.|
|COMPASS||1 hour||No description|
|cookies.js||session||No description available.|
|S||1 hour||No description available.|