Risk Identification: Figuring out What We Don’t Know

The Unknown
As we know,
There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don’t know
We don’t know.

—Feb. 12, 2002, Department of Defense news briefing

Slate posted the above excerpt of a Donald Rumsfeld press conference as an example of his poetic ability.  I think the excerpt  points out one of project management’s biggest obstacles in managing risk.  You can’t mitigate what you don’t know is coming down the road.

Many times in project meetings when we throw out the query: “Are there are risks that we need to identify?  We capture a few risks, some obvious issues and eventually we hear crickets.  The problem is not that there aren’t any risks – every one knows that we’re going to run into problems, but we just don’t know what we don’t know.

A couple of tools that can help surface some of the “unknown unknowns and the known unknowns” are After Action Reviews and Risk Taxonomies.

After Action Reviews (AAR) are formal meetings held with the team to capture lessons learned on a project.  Pushback on these meetings is common: “We don’t have time to go over what we just went through, let us move on to the next project that is breathing down our neck,” but capturing issues or risks that could show up on your next project is where these meetings can really pay off.

Most AARs start off with a quick review of the project, identifying areas that every one agrees went off the rails or issues that threatened its success.  Then the facilitator opens the floor for the team to identify Strengths and Opportunities for Improvement.  While most of the risks that might occur on your next project will be found in your Opportunities list, you might be surprised to find that one or two of your Strengths helped mitigate a risk or resolve an issue.  Those are the kind of lessons that you’ll want to carry forward and make a standard part of your process.

Typically, these AARs are recorded and posted on a project website.  If they are, read through the minutes to see if any of the Strengths or Opportunities could apply to your project.  Here you may find a few Unknown Knowns.

Risk Taxonomies: If you are jumping into a project that is a first time project for the team, another tool that might be useful is a risk taxonomy.  A risk taxonomy provides a standard set of categories for your industry or product that you can use to trigger identification of risks.  Providing a risk taxonomy to the team prior to a risk identification session or displaying it during a session might help team members identify risks that you might not immediately consider or identify areas where the team has information gaps (a definite risk).

Some of the categories in the SEI Software Risk Taxonomy are:
* Stability
* Completeness
* Clarity
* Validation

Development System:
* Capacity
* Suitability
* Usability
* Reliability
* System Support

Integration and Test:
* Environment
* Product

For an example of how a risk taxonomy was used to develop a questionaire to identify risks, there is an on-line paper available here.  Using a risk taxonomy can be very helpful in identifying Unknown Unknowns.  While there is never any guarantee of eliminating all risk, you may get a better picture of what you don’t know: the Unknown Unknowns and Unknown Knowns that can kill a project.

Best of Luck!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s