Risk Driven Prioritization: Challenges to Prioritization Techniques

I have always felt that if value is the focus of prioritization, the value should be prioritized equally by the risks to delivery. In other words, engaging in powerful questions (Rajagopalan, 2015) helps a lot and this behavior is driven from the leadership mindset (Rajagopalan, 2013). When sufficient focus of risks to delivery or risks to non-compliance exists, value is not delivered as the benefits are not realized! Instead, we run into the challenges of techniques without understanding risks.

Given below are most frequently used prioritization techniques and a brief discussion on what they lack that should be factored if not done consciously. 

Technique	Description	Risk Thoughts
RICE	Uses four different variables (Reach, Impact, Confidence and Effort). Reach (R) is an estimate of the number of people that will be impacted. Impact (I) is an estimate of the extent of impact (like 5-high, 3-medium, 1-low). Confidence (C) is the team's confidence on the estimates given for reach and impact. Effort (E) is an estimate of time in the number of months. The formula is: (R*I*C) / E	On a positive note, it uses some level of analysis to compute the estimate. But this is a very ambiguous approach for the following reasons.  The scale used for R, I, and C are very arbitrary (somewhat ordinal in nature) There is not any data driven or risk planning on the number of people reached. Many organizations even find it difficult to quantify the reach and come up with a guess. Impact could be subjective in people's mind and there is no risk breakdown structure like explanation of what a 5-High is.  Confidence is also subjective and cannot replace the margin of error (or standard deviation). So, the result, while helpful, can't truly help prioritization.
WSTF	Weighted Short Job First addresses are somewhat analogous to RICE approach except that it uses different variables. It focuses on business value in terms of the cost of delay and job size. The cost of delay includes perceived Business Value (BV), Time Criticality (TC) and Risk Reduction (RR) (or Opportunity Enablement (OE). The formula is: (BV+TC+RR or OE) / Job Size	This approach has the same challenges as RICE but also improves on RICE somewhat significantly. It recommends the use of a Fibonacci type of scale for BV, TC, and RR/OE. That is an improvement compared to the ordinal type of subjective ranking.  Unlike RICE that uses a product of reach, impact, confidence, WSTF uses a summation.  Time Criticality is measured as sense of urgency without any due consideration for risks.  Risk Reduction or Opportunity Enablement is specifically listed here. Risk exposure scores are often a product of probability, impact, and sometimes detectability. So, adding risks do not help with true risk driven prioritization.
MoSCoW	Uses approaches like the Eisenhower Matrix. Uses four categories Must, Should, Could, and Wont (This is WONT, i.e., NOT do) to address prioritization. Must is associated critical element without which the project can't provide value Should is associated with important elements but not a must and can be deprioritized or postponed.  Could is considered non-essential or more of a nice to have enhancements or change requests. "Won't" is anything not going to be addressed now or soon.	All these four levels (Must, Should, Could, Won't) are subjective interpretations. Granted that there is some amount of categorization, but several ambiguities remain. The approach is biased based on subjective priority. There is no evaluation of impact (or severity). How are the relative priority between two Must items determined? Why is a Must Item a must? When will a Should Item be picked? As you can see, this approach is a good start but not a good one for prioritization at all. It only helps with a first level of categorization and is not the final level of prioritization. This is the reason why this approach is sometimes associated with Eisenhower Matrix which President Eisenhower used for decision-making on what he needs to address and what he needs to delegate!  Another technique I have heard is Yes-No-Not Now-Never. To me, this is analogous to MoSCoW and not much different.
Kano Model	This model uses delighters, performance, and basic as the drivers from a consumer market perspective. Basic features are those that are normalized and expected. Doing them does not give an edge but not having them will be a competitive disadvantage. (Similar to Hygiene factors in Motivation Theory) Performance features are those that are required. It is minimal expectations of the market.  Delighters are those features that people want to see or didn't expect to see! Doing them gives a competitive edge. (Similar to the Satisfiers in Motivation Theory)	This model is driven from the market research. Almost like a persona expectations of the market behavior. However, while it may serve as an external risk trigger, it does not quantify further (e.g.: deeper dive of PESTLEED, TECOP, etc.) and meet the individual risk driven considerations (e.g.: VRIO) for a product. Again, it is a good categorization for product backlog but does not help with prioritization of the individual items.
100-Points	This approach is an approach to engage stakeholders to prioritize when more than one is influencing or impacted.  Each stakeholder has 100-points to begin with.  Each requirement (or feature) is associated with a value that the team things will take to implement. (More like a price of a feature; hence this approach is also called 100-Virtual Currency Method) The stakeholders place their 100-points spread out on these features. A new cumulative sum is computed for each feature based on the stakeholder input. The highest value items are prioritized based on this cumulative sum (descending order).	This approach is fine but still has the challenge of how risks are communicated to the stakeholders and how much risks are factored by the stakeholders.  Bias and influence can help a feature be prioritized that the team can't handle or deliver.
Relative Prioritization	This approach is for the team to prioritize items already prioritized.	This helps with relative prioritization (for instance if two features are high, which one should be delivered first.)

As you can see, each technique has its own strengths and weaknesses. If it works for you, great! But risks are something that one must quantify and evaluate. In fact, I call such an approach to risk-based prioritization "risk driven development (RDD)". Here, the risks are identified, assessed, and evaluated with a risk exposure score. These risks are associated with requirements as well as the test cases (conformation criteria) as not all requirements are easy to test. Based on the sum of the risk scores on a requirement and test cases, the features can be prioritized. It is possible to use other methods in conjunction with this so long as risks are considered and there is a ratio level scoring mechanism included or at least a good risk breakdown structure included to avoid bias or subjective interpretation. 

What are your thoughts? Please share.

Rajagopalan, S. (2013). Essential Leadership behaviors for Agile Transformation. https://agilesriram.blogspot.com/2013/12/essential-leadership-behaviors-for.html

Rajagopalan, S. (2015). Client Management: The influence of powerful questions.