RISK POKER

From Estimation Poker to Risk Poker 

In agile software development, Estimation Poker is a proven tool for estimating the effort of tasks in a team. Each team member submits their own estimate in secret. As soon as they are all available, they are revealed - and an exchange about the different estimates begins. Why does someone see the task as easy, but another person sees it as more time-consuming? What was overlooked, what is perhaps easier than expected? 

This playful method promotes communication, transparency and mutual understanding. Different perspectives come together - and everyone learns from each other. 

This principle can also be applied to another topic where interdisciplinarity is crucial: risk assessment in the field of artificial intelligence (AI).
The result is Risk Poker - a playful approach that makes uncertainties tangible and promotes interdisciplinary collaboration. 

The NIST AI Risk Framework and the challenge of interdisciplinarity 

The NIST AI Risk Management Framework emphasizes that good AI risk management can only succeed if it is interdisciplinary in nature - i.e. if it brings together technical, ethical, legal, organizational and social perspectives. In practice, however, this is anything but easy: data scientists, lawyers, ethicists and business managers all bring different methods, expectations and levels of knowledge to the table. So how can all these perspectives be brought together on an equal footing and learn from each other? This is exactly where Risk Poker comes in - a playful approach that opens up complex discussions about AI risks, connects perspectives and promotes joint learning. 

How Risk Poker works 

Risk Poker transfers the principle of joint estimation to the assessment of AI risks - and this is how it works: 

1. Select specific risks
   For a current AI initiative or a planned project, a relevant risk is selected from a catalog of potential risks, for example bias, data quality, model transparency, security or legal aspects. 

1. Estimate and reveal
   All participants consider how likely this risk is to occur - from very low to very high - and initially keep their assessment hidden. The assessments are then revealed and the discussion begins. 

1. Discussion and learning moment
   The people with the lowest and highest ratings explain their views. This results in an exchange of assumptions, experiences and perspectives, which often brings to light previously unnoticed points - technical, ethical, operational or organizational. 

1. Second round and consensus
   After the discussion, the estimate is repeated. The estimates usually converge and the average value is recorded. 

In addition to the risk assessment, valuable side effects arise: Mitigation options and opportunities become visible, understanding between the disciplines grows - and everyone wins because they learn from each other. 

We play Risk Poker at the CNO Panel Workshop 2025 

Anyone who would like to experience this for themselves will have the opportunity to do so on October 27, 2025 in Bern: At the CNO Panel Workshop, we will introduce you to the NIST AI Risk Management Framework and play Risk Poker together using current practical examples. Register if you haven't already done so - and experience how interdisciplinary AI risk management works in a playful way.