A Simple Scenario

We manage risk all the time without realising it. Every decision—from what to have for lunch to whether to change jobs—involves weighing up what might go wrong. Software development works the same way: we're used to thinking of design as balancing trade-offs, but those trade-offs are fundamentally about risk, even if we don't use that word.

This section introduces some terms for thinking about risk. Before diving into software, let's consider a simpler example: organising a dinner party. It sounds harmless enough, but there's plenty that can go wrong—which makes it perfect for exploring how we think about risk.

Goal In Mind

We want our dinner party to succeed. That means we have a Goal in mind: friends leaving happy after good food and conversation. Achieving that goal requires preparation.

This goal exists only in our heads—it's part of our Internal Model of reality. We all carry mental models that help us predict what will happen, and we act based on those predictions. These models are incomplete (the world is complex), but they're useful.

What Does Internal Model Mean?

Risk-First borrows the term "Internal Model" from the finance industry, where it was used in the 2004 Basel II capital requirements rules (i.e. rules to say how much money (or capital) banks needed to keep handy for any crises that might arise). In Basel II there was an "Internal Model Method", where a bank could create its own model for how much capital it needed to store. The catch was, the bank would have to demonstrate via simulations that this would have been adequate for any crisis occurring in the previous ten years.

Sadly, the financial crisis of 2007 demonstrated very quickly that just looking at the last ten years probably wasn't enough.

Interestingly, the term was previously used in Cybernetics Theory which looked at concepts of feedback and control in dynamically evolving systems, which is exactly what we're looking at here too.

Without preparation, things could go wrong. Perhaps there's nothing in the house to eat. Perhaps the dish takes longer than expected and guests leave hungry. Perhaps you're missing ingredients, or you're unsure how to cook what you've planned.

Attendant Risks

These nagging doubts are what we call Attendant Risks: the risks that come to mind when you think through what might happen.

Goal, with the risks you know about

We can choose to address these risks: shop early, prep ingredients ahead of time, or do a practice run. Or we can wing it and hope for the best.

How much effort we put into managing Attendant Risks depends on how serious we think they are. If there's a 24-hour shop nearby, getting ingredients early feels less urgent (though the shop could still be closed).

Other examples: when you exchange currency before travelling, you know exchange rates might shift against you. If you're holidaying in Japan, you're aware earthquakes are possible. These are attendant risks—you know they exist, even if you can't predict them precisely.

Hidden Risks

Attendant Risks are risks you're aware of. You may not be able to quantify them exactly, but you know they exist. Hidden Risks are different: these are risks you don't know about. If you're poaching eggs for dinner, perhaps you didn't know that fresh eggs poach best. Donald Rumsfeld famously called these "unknown unknowns":

"Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones." - Donald Rumsfeld, Wikipedia

Goal, the risks you know about and the ones you don't

Different people know about different risks. What's an Attendant Risk for one person might be a Hidden Risk for another. Which risks we're aware of depends on our knowledge and experience—and that varies from person to person (or team to team).

Hidden risks become attendant all the time. For instance, the health risks from microplastics were largely unknown a decade ago; now they're widely discussed. Your dinner party might reveal that a guest is vegetarian—something you didn't think to check.

Taking Action and Meeting Reality

As the dinner party gets closer, we make our preparations and the inadequacies of the Internal Model become apparent. We learn what we didn't know and the Hidden Risks reveal themselves. Other things we were worried about don't materialise. Things we thought would be minor risks turn out to be greater.

How Taking Action affects Reality, and also changes your Internal Model

Our model is forced to Meet Reality, and the model changes, forcing us to deal with these risks, as shown in the diagram above.

In Risk-First, whenever we try to do something about a risk, it is called Taking Action. Taking Action changes reality, and with it your Internal Model of the risks you're facing. That's because it's only by interacting with the world that we add knowledge to our Internal Model about what works and what doesn't. Even something as passive as checking the shop opening times is an action, and it improves on our Internal Model of the world.

If we had a good Internal Model and took the right actions, we should see positive outcomes. If we failed to manage the risks, or took inappropriate actions, we'll probably see negative outcomes.

Recap

So what happened here?

We started with a goal and thought about what might get in the way.
We used our internal model to identify which risks needed attention.
We took action to address those risks—which sometimes created new ones.
As the event approached, our internal model met reality. Some worries didn't materialise; others turned out to be bigger than expected. Hidden risks surfaced. We adjusted and repeated.

This cycle—goal, risks, action, feedback—applies to software projects just as much as dinner parties.

New Terms

Risk-First uses existing terminology where possible, but introduces a few new terms. This box summarises what we've covered. Terms marked as Risk-First originals are flagged.

Goal

A picture of the future that an individual or team carries within their Internal Model; An imagined destination on the Risk Landscape. A specific Upside Risk we'd like to nurture and realize. (View Tag)

Internal Model

The risk model of reality held by an individual, team, software system or other Agent. (View Tag)

Meeting Reality Risk-First Term

Testing out the predictive power of an Internal Model by exposing it to reality. (View Tag)

Risk

A possibility of loss or cost. (View Tag)

Related Terms:

Attendant Risk Risk-First Term
A Risk you expect to face as the result of Taking Action. (View Tag)
Hidden Risk Risk-First Term
Risks you aren't aware of when you consider Taking Action. i.e. an unknown unknown. (View Tag)
Upside Risk
In investing, upside risk is the uncertain possibility of gain. e.g. the opportunity to make high levels of profits. (View Tag)

Take Action

Refers to any activity in the project. Actions are taken in order to manage some risk. At the same time, Taking Action usually means interacting with reality and updating the Internal Model. (View Tag)

View Glossary

Before we apply these ideas to software development, let's look at the visual language we'll use to show risks and trade-offs: Risk-First Diagrams.

Goal In Mind​

Attendant Risks​

Hidden Risks​

Taking Action and Meeting Reality​

Recap​