Opportunities to Generate Value
Though execution tasks (the Act step in the OODA Loop)
are typically discipline-specific or governed by rigid existing
workflows, there are substantial opportunities for UX and Risk
collaboration to generate value in observation, orientation and
- Research: UX may adjust User Research plans to collect
data on user perception of risks and controls. Is the
password reset mechanism hard to use? Is our privacy notice as good
as our competitor's? Do our users care to read the privacy notice
or that the site is SSL-protected? Control usability is a major
factor in control compliance.
- Escalation: Risk may identify problems collected
passively by UX. A user reports that email opt-in or
privacy controls do not align to local regulatory requirements. The
relationship built between Risk and UX enables the business to
reduce decision blind spots as teams escalate problems rapidly and
directly to their peers, also allowing better solutions to be
- Evangelism: UX and Risk may advocate value of the other
to peers, increasing organizational currency. Risk may
benefit from UX's strong relationship with Product and Engineering.
UX may benefit from Risk's strong relationship with Management
roles and the Compliance function.
- Risk Awareness: UX may leverage information from the
Risk Matrix to produce more effective solutions. As a list
of known risks with accompanying mitigation status, the Risk Matrix
may provide forward-looking cues to UX which enable enduring
designs that provide risk avoidance or mitigation.
- User Empathy: Risk may benefit from User Testing and
User Research data as a path to empathizing with users.
Understanding a user's motivation and challenges enables Risk to
identify potential pitfalls in risk response options. What does
this data look like?
- User Research data may include field study results
(Ethnographic research), interview videos, clickstream analysis,
survey results, and competitor product testing results.
- User Testing data may include eye tracking heat maps,
co-discovery videos, A/B testing metrics, first click testing
selections and percentages, and remote testing videos.
- UX practitioners select a mix of qualitative and quantitative
methods based on their experience, the problem, and funding, so the
exact data available may vary.
- Culture Shift: UX and Risk may benefit when promotion
of User-Centered and Risk-Aware culture enable other segments of
the business to make better decisions. If User-Centered,
Risk-Aware decisions are made by Sales, Marketing, Legal,
Engineering, Operations, End-User Support, Accounting, Investor
Relations, etc. the quantity of negative User Experience events and
level of new Risk should diminish.
- Progress: Risk may prevent deadlocks in Risk Response
by representing user viewpoints. The words of our users,
collected by UX as quotes and videos during User Testing and User
Research provide memorable and hard-to-ignore representations of
- Foresight: UX may enable more effective design and
testing through clear understanding of Risk-based
requirements. Many compliance requirements may be
implemented a dozen different ways, with the optimal solution
meeting both technical requirements and aligning to user
expectations. The combination of the range of Risk Response options
and the guidance found in User Testing helps us select the optimal
- Integration: Risk may provide UX a seat at the table by
representing UX risk separately from Engineering and Product risk.
UX may provide Risk a seat at the table by allowing early review as
a design stakeholder. This integration increases the
likelihood that a critical problem will be caught earlier,
preventing rework and saving money. The escalated placement of UX
Risk also allows the business to be more nimble in its response to
modern UX risks in Omnichannel experiences, email campaigns, brand
websites, security and privacy -- all of which may exceed the scope
of just one product.
By building a bridge between UX and
Risk, we enable our shared vision to more accurately identify
problems, better leverage existing work products, and
quantitatively drive improved organizational respect for its