18/36 :Product Discovery - Risks & Mitigations
18/36 :Product Discovery - Risks & Mitigations
🚀🙌 Product Mindset is Spreading: 5000+ Subscribers Strong and Counting!
So what is a risk?
A risk is described as the “effect of uncertainty on objectives.” The definition has been simplified and adapted to the high-paced, uncertain times we are living in.
It focuses mainly on what effects incomplete knowledge of context, events, or situations may have on decision-making inside an organization. Risks may refer to both threats for an organization, but also opportunities.
What about product risks?
While the generic term of risk applies to an organization, product risk refers to the effect of uncertainty on developing a product. Compared to the more traditional approach of project or delivery management, where risks are mostly considered through the tactical lens of cost, time, team, quality, etc., we want to look at the more strategic aspects when referring to product risks.
As Marty Cagan nicely depicts it in his article Four Big Risks, product management is essentially about tackling four types of risk:
Value risk (whether customers will buy it or users will choose to use it)
Usability risk (whether users can figure out how to use it)
Feasibility risk (whether our engineers can build what we need with the time, skills and technology we have)
Business viability risk (whether this solution also works for the various aspects of our business)
Business viability risk includes whether the product fits with the go-to-market or sales channel; whether the product would work within the constraints of contracts with partners and/or legal compliance; whether we can afford to cost-effectively acquire customers, whether we can effectively monetize the product, and whether the product is consistent with the brand promise; as just a few examples.
The Product Manager is responsible for the value and viability risks, and overall accountable for the product’s outcomes.
The Product Designer is responsible for the usability risk, and overall accountable for the product’s experience – every interaction our users and customers have with our product.
The Product Lead Engineer is responsible for the feasibility risk, and overall accountable for the product’s delivery.
Why Risk Management Is Important for IT Projects
According to LinkedIn, 70% of software development projects fail. The leading cause is that initially, software project risks were not estimated, or they were underestimated. Most commonly, businesses do control project budgets and schedules, but possible delays, extra costs, or communication issues are often overlooked. How do you mitigate risks in a project? Risk estimation and scoring will help you to avoid project breaches and will eliminate problematic situations.
Software risk mitigation allows you to identify your project’s threats, strengths, weaknesses, and opportunities. Here are the common reasons why risk management is worth spending time on.
Maximizing Results and Meeting Deadlines
You minimize and eliminate risks of software development so that projects can be finished on time within budget. By foreseeing technical risks in software engineering, you maximize profits and minimize expenses on activities that don’t produce an ROI. Through detailed analysis, you will prioritize ongoing work based on the results produced, despite the odds.
Effectively Communicating With Stakeholders
When you demonstrate your software development risk management plan to the project sponsors and stakeholders, it assures them that the project will run smoothly; one step proceeds to the next without disruption. By dealing with potential risks in advance, you make sure that your employees can respond effectively when challenges emerge and require action.
Allocate Funds for Eliminating High Risks
When you make a software development risks plan, you prioritize risks, and calculate the probability of occurrence, as well as their potential impact. For example, low-risk events usually have little or no impact on performance, cost, and schedule. High-risk events are likely to disrupt the schedule or cause performance problems and a significant increase in the budget. Knowing that you can deal with high risks at the earliest opportunity.
Managing Risk: Rules or Dialogue?
The first step in creating an effective risk-management system is to understand the qualitative distinctions among the types of risks that organizations face. Our field research shows that risks fall into one of three categories. Risk events from any category can be fatal to a company’s strategy and even to its survival.
Category 1 : Preventable risks.
These are internal risks, arising from within the organization, that are controllable and ought to be eliminated or avoided. Examples are the risks from employees’ and managers’ unauthorized, illegal, unethical, incorrect, or inappropriate actions and the risks from breakdowns in routine operational processes. To be sure, companies should have a zone of tolerance for defects or errors that would not cause severe damage to the enterprise and for which achieving complete avoidance would be too costly. But in general, companies should seek to eliminate these risks since they get no strategic benefits from taking them on. A rogue trader or an employee bribing a local official may produce some short-term profits for the firm, but over time such actions will diminish the company’s value.
This risk category is best managed through active prevention: monitoring operational processes and guiding people’s behaviors and decisions toward desired norms. Since considerable literature already exists on the rules-based compliance approach, we refer interested readers to the sidebar “Identifying and Managing Preventable Risks” in lieu of a full discussion of best practices here.
Category 2: Strategy risks.
A company voluntarily accepts some risk in order to generate superior returns from its strategy. A bank assumes credit risk, for example, when it lends money; many companies take on risks through their research and development activities.
Strategy risks are quite different from preventable risks because they are not inherently undesirable. A strategy with high expected returns generally requires the company to take on significant risks, and managing those risks is a key driver in capturing the potential gains. BP accepted the high risks of drilling several miles below the surface of the Gulf of Mexico because of the high value of the oil and gas it hoped to extract.
Strategy risks cannot be managed through a rules-based control model. Instead, you need a risk-management system designed to reduce the probability that the assumed risks actually materialize and to improve the company’s ability to manage or contain the risk events should they occur. Such a system would not stop companies from undertaking risky ventures; to the contrary, it would enable companies to take on higher-risk, higher-reward ventures than could competitors with less effective risk management.
Category 3: External risks.
Some risks arise from events outside the company and are beyond its influence or control. Sources of these risks include natural and political disasters and major macroeconomic shifts. External risks require yet another approach. Because companies cannot prevent such events from occurring, their management must focus on identification (they tend to be obvious in hindsight) and mitigation of their impact.
How to Identify and Manage Software Development Risks
For successful systematic risk management, you must consider measures for both risk assessment and risk control. There are usually seven steps to this:
Identify risk factors. Any risk is a potential problem that can be properly mitigated by relevant and planned corrective actions.
Assess risk probabilities and effects on the project. For instance, a failure to meet one or more of these criteria within the constraints of schedule and budget can be indicative of a crisis.
Develop strategies to mitigate risks. A risk typically becomes a problem when the value of a quantitative metric crosses a predetermined threshold. That’s why it is essential not only to set these thresholds but also to plan the corrective action(s) that address any risks immediately. Contingency planning should handle risks that require monitoring for some future response should the need arise.
Risk factor monitoring. The values of your risk metrics should be monitored to ensure that the data is objective, timely, and accurate.
Have a contingency plan. It’s a threshold plan that is invoked when a quantitative risk indicator crosses a predetermined threshold.
Manage the crisis. If your contingency plan fails, there must be an additional plan for seeing a project through as it enters crisis mode.
Identifying project risks: 5 ways
When starting out on a new project with your team, it’s easy to get caught up in roles, responsibilities, and who’s-doing-what. However, the very beginning of any project is also the time to take a step back and assess potential risks.
The first step in mitigating any risk is to actually identify it. Here are five ways to help identify potential risks on your next project:
Conduct a team brainstorming session. Before you begin carrying out your project plan, it’s a great idea to hold a meeting and communicate any doubts, concerns, and risks that team members may have. This will help to surface any potential problems early on, so you can address them head-on.
For example, if you have a team of writers, they may express concerns about the deadline being too tight. Or, if you’re working with a new vendor, your team may be worried about potential delivery delays.
Interview certain members of your project management team. Another way to surface potential risks is to conduct one-on-one interviews with different members of your team. Ask them specifically about any risks they see in the project and take note of anything that seems especially concerning.
For example, if you’re working on a new website design, your web developer may be worried about potential coding errors. Or, if you’re launching a new product, your marketing team may be concerned about a potential backlash from consumers.
List some of the most common risks associated with your project. There are countless potential risks associated with any given project. However, some risks are more common than others.
For example, if you’re launching a new product, you may be concerned about:
A potential product recall
Design flaws that could lead to consumer complaints
Poor sales due to a lack of consumer interest
By listing out the main risks you are already aware of, you can go through your project plan and make sure you have contingencies in place for each of them.
Review your project’s dependencies. A dependency is any event, action, or condition that must happen before another event can take place. In other words, it’s something that can delay your project if it doesn’t go according to plan.
For example, if you’re dependent on receiving approval from your boss before starting a new project, and she’s out of town for the next two weeks, that would be a dependency delay.
Use a risk assessment tool. If you’re feeling overwhelmed by the task of identifying risks, there are a number of risk assessment tools available online. These tools help you to systematically go through your project and identify any potential risks.
They typically ask you a series of questions about your project, such as:
What could go wrong?
What are the consequences of these risks occurring?
How likely are they to happen?
How much damage could they cause?
By answering these questions, you can begin to develop a plan to mitigate the risk.
Analyzing project risk using a risk matrix
Once you have identified any potential risks, it is important to analyze them in order to determine their potential impact on the project. This can be done by using a risk matrix, which is a tool that allows you to compare risks and their potential impacts.
The risk matrix consists of four quadrants:
Low impact/low probability
Low impact/high probability
High impact/low probability
High impact/high probability
To use the matrix, you first need to determine the impact and probability of each risk. This can be done by using a scale from 1–10, with 1 being low impact and 10 being high impact. You can then use a scale from 1–5 for probability, with 1 being low probability and 5 being high probability.
Once you have determined the impact and probability of each risk, you can place them in one of the four quadrants. This will help you to determine which risks are the most important to address and how to best address them.
For example, if you have a risk that has a high impact and low probability, it would be placed in the fourth quadrant (high impact/high probability). This means that you need to take action to address this risk as soon as possible, as it has the potential to cause a lot of damage to the project.
Strategies for mitigating risk
Now that you have both identified and analyzed the risks associated with your project, it’s time to start mitigating them. Mitigation is the process of implementing strategies that will reduce or eliminate the likelihood and/or impact of a risk event occurring.
There are many ways to mitigate risks, but some common strategies include:
Avoiding the risk This strategy is popular, as it involves the least work and damage control. If you can avoid taking a risk altogether, that’s the best way to go. However, this isn’t always possible (or desirable); for example, you may not be able to avoid a risk that’s inherent in your industry or business, and so must take steps to manage it.
Reducing the likelihood of a risk event occurring Second-best to avoiding risk, you can also take steps to reduce the likelihood that it will happen. This could involve implementing processes and procedures, putting in place safety nets or fallbacks, and/or training your team on how to handle potential risk events.
Reducing the impact of a risk event if it does occur If you can’t avoid or reduce the likelihood of a risk event occurring, you can at least take steps to reduce the impact it will have on your project. This strategy works well in conjunction with the previous two, and could involve things like:
Having a backup plan in place
Building in extra time for tasks that are particularly risky
Purchasing insurance to cover potential losses
Strengthening your team’s skills and knowledge
Training your team Training the people on your project management team to identify and manage risk is one of the best ways to mitigate it. By creating a culture of risk awareness, you can help your team make better decisions that will reduce the likelihood and/or impact of any risks that may occur.
To train your team, you can do any or all of the following:
Hold risk management workshops
Encourage team members to share their risk experiences
Use scenario planning to help team members understand how risks can play out
Create a risk register and update it regularly
No matter which strategies you choose to mitigate the risks associated with your project, it’s important to keep in mind that there is always some level of risk involved. By being proactive and implementing strategies that will help reduce the likelihood and/or impact of any risk events, you can put your project on a much more solid footing.
🔥 Top three quotes from our Instagram page
At the end of the day, your job isn’t to get the requirements right — your job is to change the world. - Jeff Patton
Be stubborn on vision but flexible on details. - Jeff Bezos
Don’t worry about failure; you only have to be right once. - Drew Houston