Which of these risk analysis techniques would you use to uncover risks?

Risk analysis techniques are powerful tools for identifying and mitigating risks, but how well do they perform in practice? This activity challenges you to apply different techniques to a real-world product and discover their strengths, limitations, and ideal use cases.

Let’s go! :rocket:

Task steps:

1. Choose a real-world application:
Select one of these suggested applications:

  • A social media platform
  • An e-commerce website
  • A video streaming service
  • A fitness tracking app
  • A food delivery application

2. Apply these six risk analysis techniques:
Use these methods to evaluate risks in your chosen application:

  • SWOT Analysis: Identify its strengths, weaknesses, opportunities, and threats.
  • Risk Matrix: Prioritise risks by mapping them based on their likelihood and impact.
  • Scenario Analysis: Explore “what-if” scenarios to uncover potential issues and edge cases.
  • RiskStorming: Generate a list of risks across areas like security, performance, usability, and more, considering diverse perspectives.
  • Nightmare Headlines Game: Envision worst-case scenarios and identify associated risks.
  • Root Cause Analysis: Investigate a hypothetical or known issue to uncover its root causes.

3. Document Your Findings:

  • Record the risks identified using each technique.
  • Reflect on the strengths and limitations of each method in the context of your application.

4. Compare and analyse results

  • Analyse which techniques were most effective for different types of risks (e.g., strategic, technical, or business).
  • Identify any limitations of the techniques when applied to your chosen application.

5. Share your findings
Share your reflections in reply to this topic, for example

  • What were your experiences with each technique?
  • What were their limitations?
  • Which ones provided the most value and why?
  • What risks did you find?
  • Were there risks you uncovered that surprised you?
  • Would you combine techniques to achieve more comprehensive results?
  • Were there any other insights that might help others apply these techniques?

Why take part?
Your real-world examples may aid others in comprehending these methods and how they are used in practice.

6 Likes

Combine techniques to identify strategic, technical, and business risks. Each adds value in its context

3 Likes

Using techniques together, such as combining the high-level view of SWOT with the detailed insights of Scenario Analysis and can uncover risks more thoroughly and also provide actionable insights.

2 Likes

My teams have used all of these and more! I think it’s a good idea to try out several and see what works best for your context. For example, back when I was in a waterfall organization, a simple risk matrix was super effective to get management’s attention.

I’m a huge fan of risk storming. However, I’ve sometimes struggled to get my team to try it, they are leery of spending a lot of time. Risk storming can be done in an hour in person, but like everything else, takes more time remotely. I blogged about my “quick de-risk” technique which takes some elements of risk storming but can be done with good results in 30 minutes (I hope it is ok if I post a link here? Quick risk strategizing (A brisk de-risk!) - Holistic Testing with Lisa Crispin)

3 Likes

Pretty new to this, so this one made me think :grinning:

I found the root cause analysis technique hard, esp with a limited technical background, this took ages to run through 1 issue.

SWOT/Risk Matrix / RiskStorming I found quite similar - and can see how they could be combined and also used by themselves. Tend to lean more towards SWOT/Risk Storming, they provide coverage and can see it’s a technique most people in a team can get involved in, whether you are technical or not.

A combo of these techniques contribute to the end goal - reduce risk :slight_smile:

2 Likes