How risk management works (1) – Roles and definitions

This post has been a long time coming. I first mentioned risk management as an alternative to sign-off as an aside during my presentation at CS Forum 2012, about corporate content strategy. If you take a look at that talk material, it starts at position 52/79.

So you already know that your sign-off process slows things down and makes it difficult to work with others. But you still need some way to hear everyone who should have a say, and to make sure that your web content is fit for purpose before you publish it.

Here’s something I picked up from an employer that could never guarantee 100% safety to everyone – the armed forces. It’s a risk management system, and it lets you gather more detailed information than you get from a typical sign-off process, while keeping you in control of your content.

It’s going to take a couple of posts to explain this properly. This one defines a few keys terms and explains the roles that people play in managing risks. Once that’s all set up, Part 2 will go through the process.


It’s a risk if it might cause something bad

Two things define a “risk”. Firstly, a risk is the possibility that something might go wrong. Not putting a big bunch of small print on a landing page? There’s a risk you’ll get done for hiding important details. Trying on a new tone of voice? There’s a risk that you’ll create confusion around your brand. Giving the work experience kid the password to your company’s Twitter account for the weekend? You get the idea…

Secondly, on the upside, risks carry rewards. There’s no point taking a risk if there’s nothing to be gained. Less small print gives you shorter, more appealing landing pages. A new voice might carry more appeal than your current one. You need to take a proper break for a couple of days, without angry customers’ tweets rattling your phone every 10 minutes. These are all rewards.

If something is going wrong right now it’s an issue, not a risk

If a problem is already happening, it’s too late for risk management. In the calm parlance of the military, you have an “issue”. Just clarifying that before I don’t mention again.

Every risk has its own likelihood

Since a risk is the possibility the something might happen, it follows that some risks are more likely to actually play out than others. You need to quantify this likelihood for every risk. More on that in Part 2.

…and consequence

If a risk does occur, something goes wrong. This is the consequence, and again it’s something you have to quantify. (And, again, Part 2 will tell you how.)

You’ll need broad categories to sort consequences into. For this introduction I’m going to look at financial, reputational, and legal consequences, but this is nowhere near a full list.

…which you might be able to mitigate

Mitigation can make a risk less likely, or make its consequence less serious, or both. By mitigating risks, you make them more acceptable.

…or accept

A acceptable risk is one that you’re willing to take. Ideally, risks you accept are a mix of:

  • quite unlikely
  • low-consequence
  • relatively rewarding.

Or they might just be unavoidable.

And you’re going to record all this in a risk register

Yes, we love documentation. A simple risk register does two things: it lets everyone see full details about each risk (whether you’re still working on it or have accepted it), and it’s also how you’ll be able to see all the risks that apply to a given piece of content. This doesn’t need to be complex. A spreadsheet ought to do the trick.

People and roles

Risk reporters tell you what might go wrong

The good news is that you don’t have to work out all of this likelihood and consequence stuff for yourself. Remember those stakeholders who used to sign your content off, or maybe just get an FYI when you were working on their stuff? In most cases you can recast them as risk reporters.

Just like their name says, risk reporters report risks. You need a range of risk reporters with different skills, much like your old sign-off tube. Each risk reporter has the job of pointing out problems that your content might cause. But they’re not just doomsayers: they also have to give you the information you need to properly define the risk’s likelihood and consequence. Ideally they’ll have a few mitigation ideas as well.

This job only goes as far as pointing things out. There’s no decision-making involved. That’s an important difference to the old sign-off way of doing things, which gave a series of people a genuine “yes/no” decision about your content.

Even though this can feel like a loss of power, you’ll probably find the most people quite like being asked to explain things from their point of view. And that’s another difference – as you cover each risk, you’re going to learn a lot more about how, say, legal think when they review content. All you empathy junkies out there in content-land are gonna love this.

A single risk owner has the final say

Remember how risk reporters don’t make any actual decisions? That’s because a single, central person does. The risk owner decides what mitigation work you do, and which risks you accept as they are. Whether the risk is financial, reputational or legal, the risk owner doesn’t change.

The risk owner has a full understanding of what the content you’re looking at is doing – who it’s for, why it’s important, and what it needs to achieve. Their view is wider than a standard legal or marketing stakeholder. Seniority helps, too, because accepting risks is a lot like approving costs.

Do everything you can to keep risk ownership close to content production. Since the risk owner has to balance risk and reward, make it someone for whom the rewards of high-quality content matter.

Putting this all together

Part 2 of this series will show you how risk reporters and owners work together to quantify and mitigate risks. You don’t want to miss it.

Sign-off is like road works

I’ve already written about how sign-off processes make it hard to collaborate properly. Now we turn to another reason sign-off sucks: It’s slow and frustrating, like roadworks.

You might typically have 3-6 people sitting between your work and publication. They’re called things like ‘legal’ and ‘marketing’, but they’re better depicted like this:

Stop/go signs

For everyone with a “sign-off”, you might as well give them a “stop/go” sign. Each of them can hold you up however they like, and you’re not going anywhere until every single one of them says you can.

The trade off, reputedly, is that whatever you end up publishing will be totally on brand, carry no legal risks, and tick a bunch of other boxes. But these boxes only matter internally: A lot of the contortions that we put content through to get it through sign-off end up making things harder for our users. A little more legal-speak here, a bit more pimping of a related product here…it’s easy to do, especially when you just. want. to. get. this. thing. live.

It can be frustrating for the sign-holders, too, who don’t necessarily know each other or what it will take for the others will flip their signs around and send more traffic through.

So how can we speed things up without compromising safety? By getting rid of sign-off as a process and shifting to risk management instead.

Risk management: Gather the right information, make the right decision

I’ll go into the details in another post, but here’s in a nutshell:

Rather than finding everyone with an opinion that matters and equipping them with a stop/go sign, involve them before you start writing and keep talking with them throughout the content creation process.

There are only ever three questions you’ll need to ask:

  1. What could possibly go wrong if we published this content?
  2. In each case, what’s the likelihood of that problem happening?
  3. And if it did happen, how bad would the consequence be?

That’s it. Three questions. And this system works. I picked it up when I was working for the New Zealand Defence Force. This system worked in our office, and it worked for units deployed in Afghanistan. If a risk management system is good enough for people who get shot at for a living, it’s good enough for your website.

One thing we all know about workflow: No-one knows enough about what’s going on

It takes a team of people with a range of skills and knowledge to create our web content. The way we work together and organise the tasks that go into creating content is, in sum, “workflow”. Approvals, stakeholder engagement, work-tracking and getting feedback on draft content are all aspects of workflow.

Problem is, there’s a standard form of workflow – the sign-off process – that makes it difficult to collaborate properly with all the people who contribute to making great web content. (As well as this, it also slows things down, like roadworks.)

It is a truth universally acknowledged that everyone wants to know more about what’s going on, sooner

In my previous job I talked about our workflow with a lot of stakeholders and digital team members. No matter what role people played in the content creation process, they all said that they wanted to be involved, or at least informed, sooner than they typically were.

Earlier involvement makes it easier to get things right first time. It’s better to know upfront if there’s a common legal issue with a way we describe a particular product, upcoming-but-still-confidential marketing campaigns, or unique design challenges that can affect a page’s structure or the time it will take to build.

“Just tell us what you’re going to to do. Please.”

Late engagement makes it harder for people to do their job properly. If you have a full fortnight of work lined up and then get asked to approve a couple of unexpected webpages, you’ll either do a rushed job or be late. You’re probably also going to resent the Digital team.

Sign-off isn’t real engagement

Late engagement happens because we tend to divide stakeholders into the ones we work with from the start, and the ones only ever go to for sign-off. But sign-off signals the end of someone’s involvement. It’s the transaction that confirms that we’re all happy.

Sign-off isn’t engagement any more than paying the bill is a great night out

We get upset when other teams treat us like publishers and just hand us content that they think is good to go. How could they possibly expect to get things right when they didn’t let us help? Don’t they know that we’re the experts?

Flipping this around, when we throw something to stakeholders “just for sign-off”, we can create a similar impression. In either case, the content can suffer from someone’s expertise not being tapped early enough.

A better way to engage

When we have a “sign-off relationship” with someone, it’s very difficult to collaborate properly. This is one of the reasons why it’s time to end sign-off and move to a different way of working: risk management.

Agile development, lean UX … What about a Lean Content Manifesto?

What would a Lean Content Manifesto look like?

The digital world needs a Lean Content Manifesto. If you agree, get in touch!

Developer and UXers are ahead of us, and it’s working for them

Making software used to take longer, and be way more painful than it should. The wrong people were in control and devs ended up having to focus on the wrong stuff. It sucked. So a group of forward-thinking people who cared wrote the Agile Manifesto, which duly took over the world:

We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value:

  • Individuals and interactions over processes and tools
  • Working software over comprehensive documentation
  • Customer collaboration over contract negotiation
  • Responding to change over following a plan

That is, while there is value in the items on the right, we value the items on the left more.

Meanwhile, UX work has a reputation for taking ages and being expensive. But lean UX is catching on. The Lean UX Manifesto is deliberately familiar:

We are developing a way to create digital experiences that are valued by our end users. Through this work, we hold in high regard the following:

  • Early customer validation over releasing products with unknown end-user value
  • Collaborative design over designing on an island
  • Solving user problems over designing the next “cool” feature
  • Measuring KPIs over undefined success metrics
  • Applying appropriate tools over following a rigid plan
  • Nimble design over heavy wireframes, comps or specs

As stated in the Agile Manifesto, “While there is value in the items on the right, we value the items on the left more.”

Working out what’s important and what it’s more important than, and then using that to tell the world what we’re all about, seems like a great idea to me. So, why isn’t there a Lean Content Manifesto yet? And who wants to make it happen?

By the way, this quote from Jim Highsmith’s history of the Agile Manifesto is truly lovely, and points us in a great direction

We all felt privileged to work with a group of people who held a set of compatible values, a set of values based on trust and respect for each other and promoting organizational models based on people, collaboration, and building the types of organizational communities in which we would want to work. At the core, I believe Agile Methodologists are really about “mushy” stuff—about delivering good products to customers by operating in an environment that does more than talk about “people as our most important asset” but actually “acts” as if people were the most important, and lose the word “asset”. So in the final analysis, the meteoric rise of interest in—and sometimes tremendous criticism of—Agile Methodologies is about the mushy stuff of values and culture.

- Jim Highsmith’s history of the Agile Manifesto.

Webstock speaker wrap-up: Clive Thompson

For Webstock 2014, BNZ Digital sent a big crowd along. It was, of course, great. Now we’re writing a ‘Webstock Speaker Series’ for the rest of the team. Each day we’re covering a single speaker from the main conference. Here’s my contribution from today.

Today it’s the misleadingly-boringly-named Clive Thompson, who rocked day two of the conference with a talk he called The New Literacies. This after he spent the previous night rocking, or at least blue-grassing, the BNZ-sponsored Start-Up Alley. Clive’s the guy on guitar. (Photo credit: some rando on Instagram called jacobbuck).

He also writes. I’ll definitely be reading his book Smarter Than You Think, half because he’s a clever guy who would no doubt write good books and half because I love a good title as much as I love confirmation bias. Speaking of confirmation, the proof that he’s a good writer is his blog, Collision Detection.

But let’s turn to The New Literacies. Clive spots patterns between new media and old (as in his latest blog post, Why 18th century books looked like smartphone screens), and this is the basis of a presentation about “technology to think with”.

The set of technology that we think with starts with the written word and includes images, video, games and even manufactured objects. (There’s probably more, but he only had half an hour.) As Clive sees it, each of these has evolved (so far) in similar ways.

Take the early days of the written word. Not only did it have old people up in arms about how it would ruin young people’s minds (how you lookin’ now, Socrates?), it was also very expensive. When something’s expensive, we use it for one-to-many communication. Even when you fast-forward from clay tablets to the Gutenberg press, which made creating written words miles easier than ever before, still only a few people actually had their writing distributed. It was a broadcast medium.

Over time another use emerges: one-to-one communication. It’s still wasn’t easy – George Washington would write letters on the back of old letters, so scarce was writing material, and if you wanted to buy a ballpoint pen in 1945 you would have needed about $100 in today’s money – but technological improvements shifted our use of the written word. It became more disposable, to the point today where we’ve gone beyond 1:1 communication and even use it for writing notes to ourselves now. Think of this third step as the “Post-It phase”.

So there’s the pattern: Technology is invented, expensive, and used for broadcast. It improves, cheapens, and we add 1:1 communication to its uses. Finally it becomes almost disposable, and something we also use just for ourselves.

You can see the start of the same pattern with photography, videos, and even games, each of which have moved beyond an expensive broadcast-only beginning to also having 1:1 uses. (Clive himself has written a game for an audience of one.) 3D printing is shifting the creation of objects from something that “broadcasts” many copies of the same thing all over world to something much closer to a one-to-one model as well.

So, what’s next? The question Clive ended with invited the Webstock audience – “an audience of hundreds of makers” – to work out what the Post-It phase will look like for digital media like videos, games, photos and 3D-printed objects. It’s a good question.

Clive Thompson, ladies and gentlemen!

Content people: An Auckland content strategy meetup presentation

I’m one of three people who have brought Auckland content strategy meetups back to life. We started on Wednesday night, and it was fantastic. I gave a short talk about “content people”, which was based on my ‘Content strategy and UX are twins’ post from last year.

It’s the first thing I’ve ever added to SlideShare, too, so this is just a big ol’ week of firsts. Excitementness!


I leaned heavily on some wonderful research by the wonderful Richard Ingram. His diagram of content strategy’s well-trodden paths is from his 2011 CS Forum talk, ‘How did we all get here?’. The video is well worth a watch.

On the UX side, Neilsen Norman Group’s User Experience Career Advice is the most thorough work of its kind that I’ve seen. If you don’t already get Jakob Neilsen’s Alertbox emails, you’re missing out.

Update, Feb 11: I just saw the typo (or entirely missing word, ahem) in this slide deck, and now I hate myself.