This blog post from Dave Gordon reviews the principle and lessons behind the If/Then Risk statement. As elementary as it may seem, this principle states that explaining to stakeholders what can happen in certain criteria are met (or not met), is more effective than simply trying to explain the risk itself:
You may remember the definition of a risk as “An uncertainty that matters.” In this case, the Event is the uncertainty, and the Consequences are why it matters. The risk statement relates the Consequences to the Event. As an example, let’s say an interface is being built that will pass “hours worked” for each employee from the timekeeping system to the payroll system. Obviously, the hours worked is a critical input in order to calculate payroll for those employees who are paid by the hour. For this reason, the interface must be developed, and testing completed, before payroll system testing can begin.
So, to present this to a stakeholder, you’d say something along the lines of: if the timekeeping is not completely validated before payroll system testing, the payroll testing system will experience schedule slip. Dave Gordon explains how articulating consequences helps explain what will happen in the event, and why the stakeholder should be concerned about it.