PMI defines risk as "...an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's objectives."

For someone with product responsibilities, this is not detailed enough. I think of risk across 2 dimensions:

The first dimension is the type of risk:

  • Systemic risk exists outside of your control. Competitors are, for example, representative of systemic risks. Changes in government regulations are another example.
  • Non-Systemic risk is a type of risk which is in your organization's control. For example, how good your organization is at supply chain management or software development.

The second dimension is how those risks impact your product:

  • Risks impacting the construction, sales or delivery of your product. Examples here could be problems with suppliers or changing regulations for exports.
  • Risks impacting a product's "fit for purpose" and "fit for use" in areas such as features, design, usability and marketability.


Fit for Purpose
Something that is fit for purpose is good enough to do the job it was designed to do. (e.g. A crappy, but safe, car.)
Fit for Use
Effectiveness of a design, manufacturing method, and support process employed in delivering a good, system, or service that fits a customer's defined purpose, under anticipated or specified operational conditions. Also called fitness to use. (e.g. An iPhone.)



Risks around Fit for Purpose are probably the most difficult. In my experience, the boundary usually occurs when in the product planning process someone introduces "Must Have" and "Nice to Have" next to product requirements. "Must Have" represents the Fit for Purpose element, "Nice to Have" is often the "Fit for Use" portion.

Think of the most boring looking car you can and all the design compromises you see. The product is fit for purpose, but you have to imagine there were a lot of "Nice to Haves" which were cut to meet specific needs. For example, there is not enough money (can be systemic or non-systemic risk) and so a few items are cut to put the project in budget. Or maybe the group is inefficient with slow processes (often non-systemic) which will make you 6 months behind your competition, so "Nice to Haves" are cut in order to move up a delivery date.

As a person in product, it is important to observe these first dimensions of risk. If you don't understand the systemic risks at play, you won't create mitigation strategies. For example, building features in such a way that they are easy to change when regulations change. Or in another example, having more than one supplier for critical functions.

In regards to how risks impact your product, this is a double-edged sword. On the one hand the choice of "Must Have" vs. "Nice to Have" and the Fit for Purpose/Use will directly impact the success of your product in the market. Making everything "Must Have" is rarely a reality, so you have to understand where flipping to "Nice to Have" adds acceptable risk to the success of your product. Acceptable being the key word here - every organization is going to be different insofar as what acceptable means.