Taro Logo

How to do project risk management?

Profile picture
Anonymous User at Taro Communitya year ago

How is project risk management done in big tech? Do they have a standard risk management process that defines how to identify risks, the levels of impact and probability to categorize risks, RACI matrix for risks, how to report risks...etc... Or is that left to each project manager to do on their own?

Is there any good risk management process that you can describe?




  • 1
    Profile picture
    Robinhood, Meta, Course Hero, PayPal
    a year ago

    Big Tech isn't a monolith - Each FAANG company is very different in terms of culture, and it will vary even more based on team and individual people. Back at Meta, I worked across Portal and Instagram Ads, and these 2 orgs had very different ways of doing things. I think why Meta and many other Big Tech companies are so successful is that they're very good at empowering engineers and having a more bottoms-up culture in terms of allowing SWEs to organize their projects in a way that fits for them.

    To answer the question though, here's how I managed risk as a TL:

    1. Break down the project into smaller chunks - I describe this in-depth in this Q&A here.
    2. Proactively plan through work to find risks - This is a huge purpose within system design, which I talk about in my system design series.
    3. Check in every week with the team to see how things are going - This is crucial: It's important that the lead is very thorough and pushes people to be honest and not hide struggling work streams. If something is going poorly, I'll escalate accordingly.
  • 0
    Profile picture
    Architect [OP]
    a year ago

    Thanks, Alex. Can you please elaborate more on point 2 on how to use system design to identify risks or let me know in which video in the system design series you described this?

    Thank you,

  • 1
    Profile picture
    Robinhood, Meta, Course Hero, PayPal
    a year ago

    The main video to watch in the System Design series for this is "Part 7 - How Can Things REALLY Break?"

    However, many other parts of the series are very relevant here too:

    • Part 4 - Covering Edge Cases
    • Part 3 - Defining The Requirements - Work backwards from each requirement to see what's necessary to get it done and evaluate its risk/difficulty. At Big Tech, an example of a gnarly one is "Be 100% GDPR compliant." This is a long-pole XFN task with a lot of execution risk.
    • Part 2 - Sharing The Context - This empowers other teammates on the project to assess risk as you give them a "lay of the land" they can use to deduce potential problem areas (e.g. "This legacy service we need to depend on won't be supported next quarter").