Product Discovery Marty Cagan

Product Risk Taxonomy

One of the questions I get quite frequently has to do with the different risk taxonomies for product teams that are out there, and if I have strong opinions of one over another?

My immediate response to people is that I am very happy if they are using any of the popular risk taxonomies. The truth is, most are not, especially in feature teams. And there’s a straight line between not using one of the risk taxonomies, and failed product efforts. Especially failed MVPs.

What is a Risk Taxonomy?

A risk taxonomy is a classification system designed to categorize different types of risks within an organization that should be considered by all members of a team. The process of managing and analyzing risks is made much simpler with the help of breaking them down into specific categories. As a result, organizations can have a better understanding of their risk landscape and make better informed decisions on risk management strategies.

Breakdown of Various Risk Taxonomies

There are three popular product risk taxonomies that I am aware of.

The first is the one I was originally taught, and is the one I described in the first edition of INSPIRED (from 2008): value, usability and feasibility.  I used this for well over a decade, and I like that it’s just 3 risks, and it’s fairly intuitive for people to grasp.  

However, over time I began to see a recurring and serious problem with this taxonomy.  “Value” was supposed to cover both customer value and business value.  But I kept encountering the problem where the product team would focus on customer value, but would gloss over business value.  In fact, even today you can find far too many product people, even some that are considered thought leaders, that argue that “the only thing you need to focus on is coming up with a product your customers love.”  I wish.

This might be just a coincidence, but I suspect this problem is correlated with the rise in the anti-pattern of the product owner as product manager.  Before Agile became widespread, at least in my experience, product teams had a better understanding of the importance of solving for the business as well as for the customer.  

To address this, in the second edition of INSPIRED (2018), I separated out those two risks into customer value and business viability.

I know this may sound minor to people, but for things like this, where you are trying to coach people to keep something important in their minds while they think through a problem, it really is better to have 3 items rather than 4.  But I believed at the time, and I still believe this is the case, that it’s worth the extra cognitive load to have the four risk taxonomy: value, usability, feasibility and viability.

The third product risk taxonomy that’s out there was created by one of my all-time favorite product design companies, IDEO, and was popularized as part of the design thinking methodology, which is why this risk taxonomy is a favorite of the design community.  In this taxonomy, there are three risks: desirability, viability and feasibility.  While viability and feasibility are the same as above, desirability combines customer value and usability.

I like the IDEO risk taxonomy, and have seen it work well for many teams, but I have found it to be a much better fit for consumer products, than it is for business products.  

Remember that for consumer products, the user is also the buyer.  In this case, usability and value are extremely intertwined, and for the most part, if you don’t want (desire) the product you don’t buy or use the product.

However, most of you already know that it’s very different in a business context.  In this case, the user and the buyer are typically very different people, with very different concerns, motivations and needs.  More generally, in the business context, desirability is not really something that many users even consider a relevant concept.  They will often make it painfully clear that they have no desire to use this product, but they must use this product to do their job and collect a paycheck.  So they are more concerned with whether they can effectively learn and use this product (usability) to do their job.  And we look primarily to the buyer to explicitly address customer value – would they buy this product for their company?

With each of these three risk taxonomies, there are quite a few important risks embedded within business viability risk.  For example, business viability includes ethical risk, go-to-market risk, and compliance risk, to name a few that are especially important.  Every so often someone will write to me, making the case for breaking out one or more of these risks, again for the reason of wanting to shine a light on an important risk that is too often neglected.  I’m sympathetic to that argument, but I also know that this is a balance between a taxonomy that’s easy to remember and apply, and one that is more comprehensive and explicit, but seldom used.

Our Recommended Risk Taxonomy

At SVPG, we evangelize the four-risk taxonomy of value, usability, feasibility and viability.

But the higher order point to remember is that any of these risk taxonomies can work, and any of them are far better than using none at all.

Assessing the product risks is the first thing we do when we’re trying to discover a solution worth building.  Once we understand the risks, we have many different techniques for quickly testing ideas against those risks.  If you don’t know what those techniques are, that’s why I wrote INSPIRED.