Jake Etheridge

← Work/2025

Optro Scenario Planning

From intuition to simulation

Role
Senior UX Designer
Year
2025
Tools
Figma · Replit · Enterpret AI · FigJam
The Optro Scenario Planning bow-tie canvas: Tariff Tightrope scenario showing causes, prevention controls, risk event, mitigation controls, and consequences with likelihood and exposure scores

Impact

  • $1.4M in pipeline generated by market response
  • $240K ARR converted from pilot users
  • EMEA expansion unlocked by the new capability
  • Forrester recognition in the GRC space

Same risk, two rooms, no shared math

You're the Risk Manager, and you've spent two weeks building a scenario: mapping causes, scoring controls, pressure-testing every consequence you can think of. Then you walk into the boardroom, and the CFO asks one question. "What's the dollar exposure?" Everything you've built is correct, but the language doesn't carry. Two weeks of work, dead on arrival, because the room speaks in dollars and you showed up with a qualitative model.

That gap was the problem. Risk Managers reason in ambiguity because their job lives in it. Executives reason in quantified ROI. Same risk sitting in front of both of them, two completely different vocabularies, and no shared math to bridge the two.

The gap between them wasn't knowledge, it was syntax.

The brief was "make scenario planning work." The way I read it: give risk a language the boardroom already speaks.

Research insights, on a sprint

I led design end-to-end, owning the interaction model, visualization, simulation, and reporting. PM, UX research, and Lead Eng fed into every major decision. I inherited four months of customer research from a prior phase and an accelerated timeline. The job was to filter what was already there and gather more in the same motion, testing on limited evidence and updating the model with every pilot session.

I filtered everything through one question: what are the most important pieces for problem identification? Three patterns surfaced fast, and they shaped every decision downstream.

Risk Managers and executives speak different languages.

Same risk, two vocabularies. The gap to close was syntax, not knowledge: qualitative shape on one side of the table, dollars and ROI on the other.

Single numbers scared them. Ranges set them free.

Risk Managers think statistically. They just don't want to commit to one number and stake their credibility on it. Ranges were the pressure valve. They gave Risk Managers room to be uncertain and gave the Monte Carlo engine the richer input it needed to run accurately.

A forecast nobody can interrogate is a forecast nobody trusts.

Executives wouldn't act on a black-box number. The output had to show its math: which cause drove the result, which control suppressed the tail, which consequence dominated the distribution.

Five directions explored, and why four didn't hold up

I researched how data-dense information is presented across the GRC space. I looked at the metaphors competitors and adjacent products lean on, then pressure-tested the five most common against how Risk Managers actually reason.

  • Spider / Radar

    Visual clutter obscured the relationships between cause, control, and consequence.

  • 5×5 Risk Matrix

    Too high level. The subjective labels lost the nuance Risk Managers care about.

  • Gantt Timeline

    Over-indexed on process. Risk trade-offs happen simultaneously, not sequentially.

  • Fishbone Cause

    Couldn't integrate qualitative and quantitative narratives in one read.

  • Bow Tie

    Chosen

    Mapped cleanly to the way Risk Managers already think on whiteboards.

The five directions I explored. Only one integrated qualitative and quantitative narratives in a single read.

The bow tie was the one that clicked. Causes feed an event on the left, consequences fan out on the right, controls clamp both sides. It was a familiar shape with room to score every node.

CausePrevention ControlsRisk EventMitigation ControlsConsequenceCause 1Likelihood ##%Cause 2Likelihood ##%Cause 3Likelihood ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%RISK EVENTBest / Likely / WorstAggregate scoreControlStrength ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%ControlStrength ##%Cons. 1Exposure ##%Cons. 2Exposure ##%Cons. 3Exposure ##%
Causes feed an event; consequences fan out. Controls clamp both sides. Every node carries a score.

Wizard vs. Canvas, and the third option I pushed for

The next question was how to present the bow tie. Before settling, I prototyped both ends of the spectrum to see what each one revealed in practice.

An early Wizard exploration of Scenario Planning, with a guided form for capturing threats step-by-step and an emerging bow tie at the bottom of the screen
The Wizard prototype. Step-by-step capture kept users on rails, but the bow tie was reduced to a status sliver at the bottom. The canvas felt cramped the moment a scenario had more than a handful of nodes.
A higher-fidelity Canvas exploration showing the full bow tie laid out for a data breach scenario, with causes, controls, the risk event, mitigations, and consequences all visible at once
The Canvas prototype. Everything was visible at once, which was the point. But as I watched users try to enter probability data directly on the canvas, the picture they came for kept disappearing under their cursor.

Engineering didn't have a preference here. They wanted a clear direction and the right answer for the user. The prototypes alone weren't conclusive, but the pattern felt familiar from other data-dense workflows I'd worked on: Risk Managers need the whole bow tie in view to think, and a single decision in focus to act. No one mode gets you both. So I pushed for a third option that tried to combine the strongest piece of each.

Wizard

  • Step-by-step guidance
  • Splits attention
  • Cramps the canvas

Canvas

  • Full picture at a glance
  • Easy to get lost in
  • Data entry breaks the view

Canvas + Wizard

Chosen
  • Canvas for the overview
  • Wizard only for heavy lifts
  • One decision at a time, in context
Wizard's step-by-step guidance, but only where it earned its space. Canvas everywhere else.

Generating scenarios faster

The bow tie was the right shape. But Risk Managers told me the bottleneck wasn't drawing it. It was starting it. Every scenario began as a blank page, and getting from blank to draftable took hours.

Shipped in V1

Risk Managers upload an existing policy or incident report. We extract causes, events, consequences, and controls into a draft bow tie they can edit. The blank page is gone.

In progress for V2

V2 generates the bow tie itself. I designed three approaches to integrating the AI, so the Risk Manager always picks the level of involvement. Prototyped in Replit.

Two principles drove the V2 design:

  • No blank page. Risk Managers start from AI-sourced suggestions, never a blank canvas.
  • Risk Manager in the driver's seat. Three generation modes match the Risk Manager's appetite for control, from one node at a time to the whole bow tie in one shot.

Most user control

Item by Item

The Risk Manager generates one node at a time, in place. Best when the scenario is half-known and the AI is filling specific gaps. Slowest in raw output, but the user is in command of every piece.

Item by Item generation: a minimal canvas with three slots (Add a cause, Risk Event, and Add a consequence), each with its own Generate button

Balanced

Plan Mode

The AI proposes a structured plan; the Risk Manager checks what to apply before anything lands on the canvas. The second axis of control lives here (Library Only, Mix, or Hypothetical Only), so the Risk Manager scopes the AI's imagination to what the scenario calls for.

Plan Mode generation: the Optro AI Plan modal with Library / Mix / Hypothetical tabs, listing AI-suggested causes the Risk Manager can accept or regenerate

Most AI control

Build Mode

One-shot generation of the entire bow tie. Fastest path from blank to draftable. The Risk Manager edits after the fact rather than directing the AI in flight, useful when the scenario is well-known and the goal is a starting point fast.

Build Mode generation: the full bow tie canvas populated automatically with causes, prevention controls, the risk event, mitigations, and consequences for a Data Security Breach scenario
Three modes for integrating AI generation. The Risk Manager always picks the level of involvement.

Meeting users on the AI trust curve

The three modes weren't a progression. They were entry points. Risk Managers vary in how much AI they want in their workflow, and the most trusted product is the one that flexes to where the user is, not where we want them to be.

AI involvementTrust in AI123

  1. Item by Item

    I'll drive. Suggest one node at a time.

  2. Plan Mode

    Propose a plan. I'll review before it lands.

  3. Build Mode

    Build the bow tie. I'll edit after.

Every Risk Manager sits somewhere different on the trust curve. The three modes are entry points, not a forced progression.

Inside any mode, the Risk Manager can sharpen the AI's suggestions with a Focus Prompt, a short keyword or theme that biases what the AI proposes. Focus gives guidance without removing control. The story behind each item stays clear.

Build with Optro AI

Select a data source and optionally provide focus areas for AI generation.

Library Only

Use curated items

Mix

Blend sources

Hypothetical Only

AI-generated

Focus Prompt (optional)

e.g., Focus on cybersecurity threats…

Cancel

Prototypes in the same week as the interview

AI coding tools changed what V2 could be. V1 was almost entirely Figma: the bow tie canvas, the Wizard prototype, the simulation and analysis flows. V2 lived in Replit, and the speed honestly caught me off guard.

Clickable prototypes landed in pilot calls within the same week as the interview that surfaced the need. Iteration loops I'd never had access to before. Customers shaped the product in real time, and I rebuilt between sessions.

The curveball that almost killed the simulation

The UI was only half the work. The math underneath had to earn the same trust. Enter Monte Carlo, and the three-step trap that comes with it.

  1. 1

    All good

    Cause 1

    Likelihood ##%

    Prevention Control 1

    Strength ##%

    Mitigation Control 1

    Strength ##%

    Consequence 1

    Exposure $####

    All good

    Risk Managers expect every object to have data behind it.

  2. 2

    Curveball

    Lowest

    Median

    Highest

    Curveball

    Risk Managers think in 1–5 scales, not percentages. Exposure ranges feel natural to them; likelihood and control strength don't.

  3. 3

    Dead on arrival

    Best Case

    Likelihood ##%Exposure $####

    Most Likely Case

    Likelihood ##%Exposure $####

    Worst Case

    Likelihood ##%Exposure $####

    Dead on arrival

    Shaky confidence in the inputs means shaky confidence in the outcome. If the data feels wrong, the simulation does too.

Monte Carlo needs three things to feel accurate. The middle one is where the work was.

Step one was fine: Risk Managers already expect every object to have data behind it. Step three was a known property of the simulation, best-case, most-likely, worst-case outputs.

Step two was the curveball. Monte Carlo needs ranges, and ranges need percentages. Exposure ranges felt natural. Risk Managers price out dollar bands all day. Likelihood and control strength didn't. Force them into raw percentages and the inputs would feel wrong; once the inputs feel wrong, the simulation is dead on arrival.

How I solved the curveball

I kept the label on the front and the percentages underneath.

Likelihood to happen this year

  • 1. Very UnlikelyVery unlikely to occur in the next 12 months
  • 2. UnlikelyUnlikely to occur in the next 12 months
  • 3. PossiblePossible occurrence in the next 12 months
  • 4. LikelyLikely to occur in the next 12 months
  • 5. Extremely LikelyAlmost certain to occur

Pick from the 1–5 scale Risk Managers already use

Likelihood to happen this year

3. Possible

Possible the risk may occur in the next 12 months

One label selected

Generated range

Best

30%

Most Likely

40%

Worst

50%

The simulation runs on the range. The user never sees a sigma.

Range generated for Monte Carlo

A familiar 1–5 label on top, a percentage range underneath. The simulation got richer inputs and the user never had to guess.

Users pick from a familiar 1–5 scale, the language they already use. Each label maps to a generated range that feeds the simulation. The math gets richer inputs; the user never feels like they're guessing a single "right" answer.

The lesson I took from this: a small change at the input layer made a much bigger change at the output. The 1-5 scale felt like nothing to the user, but it gave the simulation richer data than a single percentage ever could.

The unlock: an output both rooms could read

This is where the original problem finally resolved. Risk Managers and executives had spent years talking past each other. Same risk, two vocabularies. The analysis view became the room where the languages met.

Getting there meant partnering closely with our Lead Engineer, the team's in-house Monte Carlo expert. We worked in lockstep for weeks: I'd bring a layout, he'd pressure-test whether the visualization was honest to the math. He'd surface a distribution property, I'd find a way to make it readable. The analysis page was the product of that loop, not a handoff.

Inputs the user understands

Design

Familiar 1–5 scales, plain-language labels, and verify-over-input patterns. The Risk Manager never feels like they’re guessing.

Simulation users can trust

Lead Engineer

Monte Carlo engine, probability distributions, and range math. The numbers underneath hold up to scrutiny.

Analytics page that tells the story

Shared

Percentile tables, S-curves, and leading indicators. An output both the Risk Manager and the CFO can read in the same room.

Two disciplines, one view. The analysis page was where our work converged.

The team landed on three things so the simulation could be defended by Risk Managers and understood by executives, in the same view:

  • Percentile tables for confidence. "P50 is $175K, P90 is $210K." Auditors and analysts speak this.
  • S-curve graphs for credibility. The shape of the distribution, not just the headline. Executives finally saw the story, not a single scary number.
  • Leading and lagging indicators for direction. Which way the risk was moving and what was moving it.

Risk Managers stopped agonizing over a single number. Executives stopped second-guessing the math. Two audiences, one view. That was the moment it started working.

The Analysis view of the Tariff Tightrope scenario, showing inherent and residual likelihood and exposure summaries, a Monte Carlo simulation histogram and S-curve, significant factor cards (highest probability cause, highest impact consequence, weakest control), and a confidence analysis table broken down by percentile
The Analysis view. Headline numbers up top, the math underneath for anyone who wanted to interrogate it.

What customers said

  1. This brings credibility to my job.

    Risk Manager

  2. I have been looking for something like this for years.

    CyberRisk Manager

  3. You don't know how hard it is to get executives to understand these things. This changes that.

    Risk & Audit Manager

  4. I need this. Now.

    Audit Manager

From insight to decision

Reviewing the simulation isn't where the Risk Manager's job ends. They still have to walk into the room and propose action to the executive team. Pulling that proposal away from the scenario that prompted it would have been disorienting, so the Response side of Scenario Planning lives inside the same flow. Action plans stay rooted in the analysis that produced them.

Shipped in V1

Action Plans live inside the Response step. Each one links back to the scenario item that prompted it, with status, remediation owner, due date, cost, and impacted scenario item all on the same row. The chain from analysis to action stays intact in a single view.

In progress for V2

Risk Managers propose multiple plans side by side, each with its own cost rolled up for executive review. Plan summaries surface impact, cost, timeline, and collaborators at a glance, and tasks roll up to their parent plans and back to the original scenarios, keeping strategic decisions grounded in the analysis.

The V1 Response view, listing action plans for the Tariff Tightrope scenario with columns for status, remediation due date, owner, action, scenario item, and cost
V1 Response. Action plans tied to the scenario, with status and ownership in one view.
The Add Action Plan modal in V1 Response, with fields for action status, remediation action, deferred action, remediation owner, due date, impacted scenario item, cost to execute, and supporting document upload
Adding an action stays tied to the scenario that prompted it, so remediation never drifts from the risk.
The V2 Plan workspace, with a list of plans (Plan A, Plan B) on the left, plan overview details in the middle (plan title, mitigation type, summary with mitigated impact, cost, implementation timeline, and collaborators), and scenario item tasks on the right with status, due date, and mitigation plan columns
V2 Response. Plans side by side, with summaries that roll up impact, cost, timeline, and collaborators, and tasks tied back to the original scenario items.

Reporting that started a conversation

The same V1/V2 pattern showed up on the reporting side. V1 was about getting the data into one place. V2, the part I spent the most time on, had to set the course of the boardroom conversation.

Shipped in V1

Every input for a scenario now lives in one flow. Causes, controls, the simulation, and action plans stopped scattering across spreadsheets, decks, and emails. Before V1, just getting the data unified inside one product was the win that made everything downstream possible.

In progress for V2

The reporting flow itself, prototyped in Replit. Risk Managers pull the right artifact for the right room straight out of the simulation environment, designed against three rules.

Three rules that guided V2:

  • Reports start at the source. No copy-pasting between tools. Analysis to artifact in a single click.
  • The right format for the right room. Slides for executives, an email for the quick update, a Word doc for the audit team.
  • Curated data, not data dumps. Risk Managers shape the story before the meeting, not during it.

V1 got every input into one place. V2 gave Risk Managers a way to walk into the room with a finished artifact, not a pile of data to explain.

The Reporting Configure step: picking output format (Word Doc, Email, or PowerPoint Slides), seeing the executive tone preview, and choosing which sections to include (Summary Metric Cards, Summary in Plain Language, Monte Carlo Analysis, Contributing Factors, Confidence Analysis)
Step 1: Configure. The Risk Manager picks format and sections before any report is built.
The Reporting Review step: generated PowerPoint slides showing Summary metrics, contributing factors, and editable text directly inside the modal before export
Step 2: Review. The narrative is editable in place; the Risk Manager shapes the story before anything leaves the room.

$1.4M in pipeline

The brief was "make scenario planning work." The pipeline told us whether we did.

  • $1.4M in pipeline from market response
  • $240K ARR converted from pilot users
  • EMEA expansion unlocked by the capability
  • Forrester recognition in the GRC space

Where I'd push harder

  1. Validate sooner

    At one point I caught myself pixel-pushing, seeking perfect spacing and color before I'd validated the approach. The polish was burning runway I didn't have.

  2. Collaborate more frequently

    When I got stuck, a colleague's perspective almost always showed me I was zoomed in too far.

  3. Test interactions before visuals on data-dense screens

    I let myself polish before validating whether users could actually edit data efficiently. Next time, interaction prototypes come first.

Same room, shared math

  1. Build

  2. Analysis

  3. Response

The CFO still asks about dollar exposure. Now the bow tie answers in a language the room already speaks.

Next caseTaxAct E-Signature Flow