Abstract The aim of the study is to synthesise fragmented research streams to understand how organisational capabilities shape software development results such as delivery speed, software quality, innovation performance, and risk mitigation in volatile digital environments. Guided by PRISMA protocol, the review applied dual coding, bibliometric mapping, and narrative synthesis to ensure methodological rigour. Findings reveal three dominant clusters: agile control loops and adaptive routines, which operationalise agility through dashboards, continuous integration, and interactive stand-ups; risk governance and security safeguards, embedding blockchain protocols, DevSecOps, and AI-driven risk detection into agile pipelines; and co-evolution of infrastructures and innovation practices, where cloud-native stacks, digital twins, and collaborative platforms align agility and risk with innovation. Results show that the mere adoption of agile routines is insufficient; their value depends on whether they improve responsiveness, delivery reliability, innovation performance, and controlled risk exposure through knowledge integration, balanced risk governance, and cultural conditions that foster experimentation. The study concludes that new software product development effectiveness derives from the dynamic entanglement of agility, innovation and risk as mutually reinforcing organisational capabilities. Future research should employ longitudinal and multi-level designs to capture how these capabilities co-evolve in digital ecosystems.
Mata et al. (Mon,) studied this question.