Skip to Content

WHAT MEASURES CAN YOU TAKE TO GO FROM IMPLICIT RISK TO EXPLICIT RISK?

July 8, 2026
Boyd Kronenberg

Teams don’t fail because individuals are ignorant. They fail because systems depend on cognitive humility but reward cognitive confidence. We overestimate our understanding, overtrust our own perspective, filter evidence to protect it, believe we control more than we do, and forget that most knowledge lives between us, not inside us.

If risks remain implicit, every quality measure that follows becomes accidental instead of deliberate.

To recap, let’s summarize the discussed cognitive fallacies from the previous blog:

  • Illusion of Control → “I believe I can control outcomes that are largely shaped by complexity, chance, or other people.”
  • Introspection Illusion → “I understand my own thinking better than others do.”
  • Illusion of Explanatory Depth → “I understand how things work better than I actually do.”
  • The Knowledge Community → “What feels like my understanding is often knowledge borrowed from the community.”

So, what do we do with this? Within Quality Engineering and Testing, it takes effort to deal with risks explicitly. Risk explicitness is not about slowing teams down, it’s about enabling them to see. Make someone responsible for identifying risks. If a risk comes up, write it down, discuss it, rephrase it, seek shared understanding and agreement. Aim for risk explicitness. Only then will your quality and test strategies be optimal, and waste will be kept to a minimum.

Heuristics for Risk Explicitness

Explicit risk heuristics are good practice. However, these risk sessions only account for a fraction of the time we spend on features. Which means most of the time, conversations around risk take place outside of these sessions.

Risk analysis is a continuous activity. Keep listening for new risks. Make people aware of risks. Apply measures to eliminate or minimize risks. Remember, decisions about risk are for the product owner, or any role responsible for product quality decisions.

The table below lists heuristics teams can use to work towards explicit risk.

Generic quality measures that help address (the cognitive underlying of) implicit risk

Here is a list of quality measures teams can use to prevent cognitive fallacies in the Knowledge Community and address implicit risks.

Make risk and quality explicit

MeasureWhy you use it / what problem it solves
Modelling and VisualizingTransform implicit into explicit representations (e.g. diagrams, flows, models, dependencies, relationships). These expose missing knowledge, hidden assumptions, and unclear system behavior by forcing structure and detail.
Dive into expressed risks immediatelyPrevents risks from fading away after being mentioned. Preserves valuable risk signals for further analysis and action.
Slow down boundary moments (handovers, reviews, release decisions)Prevents implicit assumptions between disciplines. Forces shared understanding supported by evidence.
Confidence votesMakes uncertainty and disagreement visible instead of hidden behind silence or politeness.
Use transcriptions, recordings, and GenAI summariesPrevents loss or distortion of risk information over time. Enables revisiting what was said.
Ask people to explain how a feature works and summarize itExposes gaps, misunderstandings, and implicit assumptions by forcing explicit mental models.
Pre-mortemCounters optimism bias. Forces the group to assume the product failed miserably and work backwards to identify what went wrong before it happens.
Consider the OppositeExplicitly asks for reasons the product could fail instead of reinforcing why it will succeed.

Shift from belief to evidence

MeasureWhy you use it / what problem it solves
Specification by Example, Living Documentation, Experimentation and LogsShift from “what I think” to “what we observe”. Turns abstract requirements into concrete, testable examples. Reduces (interpretation) risk caused by unknown technical behaviour. Prevents false confidence based on intention rather than actual system response.
Focus on interaction with the systemReveals emergent behaviour and real usage risks that documents don’t show.
Systems thinking (focus on the full picture)Prevents local optimisation. Makes cross‑system and cross‑process risks visible. Such as down- and upstream dependencies.
See quality as a property valued by stakeholders, not a role responsibilityPrevents “testers will catch it” thinking and late discovery of quality loss.
Recognize a fixed mindset vs. a growth mindsetMakes visible when people stop learning and start defending. Prevents risks being ignored because admitting uncertainty feels like incompetence, and keeps testing focused on learning instead of proving we’re right.

Deliberately challenge thinking and create psychological safety

MeasureWhy you use it / what problem it solves
Take fresh perspectives by using heuristicsAvoid thinking inside the box and repeating familiar but incomplete viewpoints.
Recognize fallacies and biases and create awareness about them (E.g. language use, surprise, lack of alternatives)Prevents teams from mistaking confidence for evidence and ignoring early warning signs. E.g. “This should be easy” or “This won’t go wrong”.
Don’t dismiss disagreement as noise or misunderstandingTreats disagreement as a signal of risk rather than a disturbance.
Listen to other experts and understand where insights come fromPrevents authority bias and loss of valuable minority perspectives.
Provide explicit opportunities for quieter participants to contributeEnsuring risks held by less vocal people are not lost.
Use safety language (“my best guess”, “where I’m uncertain”, “what am I not seeing?”)Lowers the threshold to express doubt and surface uncertainty.

Now you’ve read a bunch of measures and heuristics. Identify a few to investigate. Are they a fit with your context? What problem does your team have? Experiment with the measures. See what sticks.

Which ones are you going to investigate? In which meeting this week will you apply what you’ve learned?

Author disclaimer: During the writing of these three blogs, I was inspired by Rapid Software Testing and the book Taking Testing Seriously (by James Bach & Michael Bolton). Special thanks to Huib Schoots for reviewing.

About the author

Lead Quality & Test Expert | Netherlands
Boyd Kronenberg is a Lead Quality & Test Expert at Sogeti, specializing in helping teams with testing challenges and implementing effective quality engineering practices.

Leave a Reply

Your email address will not be published. Required fields are marked *

Slide to submit