Task D5.2: Check Risks

What is Task D5.2?

Task D5.2 is part of the "Act" phase in the Viability Canvas methodology, specifically within the "Hack" step (Step D5). This task instructs you to "Check" three specific dimensions of risk for your potential hacking initiatives:

• Blast radius
• Risk
• Potential value

Then, based on this assessment, you must "decide if it is a suitable Hack."

Purpose of Checking Risks

The purpose of this task is to conduct a thorough risk assessment before proceeding with any unconventional or unauthorized change initiatives. This serves several important functions:

1. Preventing unintended consequences: Understanding the potential scope of impact beyond the intended target
2. Balancing risk and reward: Ensuring the potential value justifies the level of risk being taken
3. Strategic selection: Choosing only those hacks where the risk profile is acceptable
4. Harm minimization: Identifying ways to limit potential negative consequences
5. Responsible action: Ensuring that even unauthorized activities adhere to ethical standards

By checking risks before proceeding with hacks, you ensure that your unconventional approaches create value without causing disproportionate harm.

Understanding the Risk Dimensions

In the context of the Viability Canvas "hack" approach, the three risk dimensions are:

• Blast radius: The scope of potential impact - who and what might be affected by the hack, both intentionally and unintentionally. This considers how widely the effects might spread beyond the immediate target area.
• Risk: The potential negative consequences that could result from the hack, including personal risks (like career implications), organizational risks (like operational disruptions), and relationship risks (like damaged trust).
• Potential value: The benefits that could be realized if the hack is successful, which must be weighed against the risks to determine if the hack is worthwhile.

These dimensions together provide a framework for assessing whether a potential hack presents an acceptable risk profile.

How to Complete Task D5.2

To effectively check risks for your potential hacking initiatives:

1. Assess the blast radius for each potential hack:
   • Who will be directly affected by this initiative?
   • What systems or processes might be indirectly impacted?
   • Could effects spread to other departments or functions?
   • Is there potential for unintended consequences in connected areas?
   • How contained can you keep the effects of this initiative?
2. Evaluate specific risks across multiple dimensions:
   • Personal risks: Could this affect your position or relationships?
   • Organizational risks: Could this disrupt operations or systems?
   • Reputational risks: Could this damage trust or credibility?
   • Technical risks: Could this cause failures in systems or processes?
   • Timing risks: Could this conflict with other initiatives or events?
3. Quantify potential value to enable comparison with risks:
   • Direct benefits: What immediate improvements would result?
   • Catalytic benefits: How might this enable or accelerate other changes?
   • Learning value: What insights might be gained even if not fully successful?
   • Strategic alignment: How strongly does this support your directional statement?
4. Compare risk profile to potential value to make a decision:
   • Is the potential value significant enough to justify the risks?
   • Can risks be mitigated while preserving most of the value?
   • Is the blast radius containable to an acceptable scope?
   • Are you prepared to accept the consequences if things go wrong?
5. Make a deliberate decision about whether to proceed with each hack:
   • Proceed: Risks are acceptable relative to potential value
   • Modify: Adjustments could improve the risk-value balance
   • Abandon: Risks outweigh potential benefits

Example from Canned Tornado

In the Canned Tornado case study, they conducted risk assessments for their potential hacks:

• Early involvement of production employees in R&D projects:
  • Blast radius: Limited to specific product development processes and teams
  • Risks: Potential confusion about roles, possible resistance from R&D management
  • Potential value: High - could significantly improve product manufacturability
  • Decision: Proceed - contained blast radius with high potential value justified the moderate risks
• "Skunk works" projects for process innovations:
  • Blast radius: Limited to individual production lines during testing
  • Risks: Potential disruption to production if experiments affect quality or throughput
  • Potential value: Medium to high - could demonstrate valuable process improvements
  • Decision: Proceed with modifications - implement during lower-volume periods to minimize production risk
• Informal network for exchange between production and sales:
  • Blast radius: Moderate - could affect customer expectations and commitments
  • Risks: Potential for promises to customers without operational validation
  • Potential value: Medium - improved alignment between sales and production capabilities
  • Decision: Modify - create clear guidelines about information sharing vs. commitment making

By conducting these risk assessments, Canned Tornado could make informed decisions about which hacking initiatives to pursue and how to modify them to improve their risk profiles.

Tools for Effective Risk Assessment

When conducting a risk assessment for potential hacks, consider using these approaches:

1. Pre-mortem analysis: Imagine the hack has failed catastrophically and work backward to identify what could have gone wrong.
2. Stakeholder impact mapping: Create a visual map of all stakeholders and how they might be affected, both positively and negatively.
3. Risk-mitigation pairing: For each identified risk, develop a specific mitigation strategy that could reduce its likelihood or impact.
4. Value-to-risk ratio: Create a simple scoring system to compare potential value against combined risk factors.
5. Containment strategies: Develop specific approaches to limit the blast radius, such as:
   • Pilot testing in isolated environments
   • Clear time boundaries for experiments
   • Predefined rollback triggers
   • Limited participant involvement
   • Transparent communication about experimental nature

By using these tools to conduct a thorough risk assessment, you can make informed decisions about which hacking initiatives present an acceptable balance of risk and reward, enabling you to pursue high-value opportunities while minimizing potential negative consequences.