11.1 Risk  Management Planning  11.2 Risk  Identification  11.3 Qualitative  Risk Analysis  11.4 Quantitative  Risk Analysis  11.5 Risk Response  Planning  11.6 Risk Monitoring  and Control
 Integration  Scope  Time  Cost  Quality  Resource  Communications  Risk  Procurement

return to model

11.2 Risk Identification

Risk identification involves determining which risks might affect the project and documenting their characteristics.
   Participants in risk identification generally include the following, as possible: project team, risk management team, subject matter experts from other parts of the company, customers, end users, other project managers, stakeholders, and outside experts.
  Risk identification is an iterative process. The first iteration may be performed by a part of the project team, or by the risk management team. The entire project team and primary stakeholders may make a second iteration. To achieve an unbiased analysis, persons who are not involved in the project may perform the final iteration.
  Often simple and effective risk responses can be developed and even implemented as the risk is identified.

Inputs
   .1 Risk management plan
   .2 Project planning outputs
   .3 Risk categories
   .4 Historical information
oooooooooooooooooooooooooo
oooooooooooooo
ooooooooooo
Tools & Techniques
   .1 Documentation reviews
   .2 Information-gathering
       techniques
   .3 Checklists
   .4 Assumptions analysis
   .5 Diagramming techniques
oooooooooooooooooooooooooo
Outputs
   .1 Risks
   .2 Triggers
   .3 Inputs to other processes
oooooooooooooooooooooooooo
oooooooooooooooooooooooooo
oooooooooooooo
ooooooooooo

11.2.1 Inputs to Risk Identification

.1 Risk management plan. This paln is described in Section 11.1.3.

.2 Project planning outputs. Risk identification requires an understanding of the project´s mission, scope, and objectives of the owner, sponsor, or stakeholders. Outputs of other processes should be reviewed to identify possible risks across the entire project. These may include, but are not limited to:

  Project Charter.

   WBS.

   Product description.

   Schedule and cost estimaties.

   Resource paln.

   Procurement plan.

   Assumption and constraint lists.

.3 Risk categories. Risks that may affect the project for better or worse can be identified and organized into risk categories. Risk categories should be well defined and should reflect common sources of risk for the industry or application area. Categories include the following:

   Technical, quality, or performance risks—such as reliance on unproven or complex technology, unrealistic perfromance goals, changes to the tecnology used or to industry standards during the project.

   Project-management risks—such as poor allocation of time and resources, inadequate quality of the project plan, poor use of project management disciplines.

   Organizational risks—such as cost, time, and scope objectives that are internally inconsistent, lack of prioritization of projects, inadequacy or interruption of funding, and resource conflicts with other projects in the organization.

   External risks—such as shifting legal or regulatory environment, labor issues, changing owner priorities, country risk, and weather. Force majeure risk such as earthquakes, floods and civil unrest generally require disaster recovery actions rather than risk management.

.4 Historical information. Information on prior available from the following sources:

   Project files—one or more of the organizations involved in the project may maintain records of previous project results that can be used to indentify risks. These may be final project reports or risk response plans. They may include organized lessons learned that describe problems and their resolutions, or be available through the experience of the project stakeholders or others in the organization.

   Published information—commercial databases, academis studies, benchmarking, and other published studies may be available for many appliction areas.

11.2.2 Tools and Techniques for Risk Identification

.1 Documentation reviews. Performing a structured review of project plans and assumptions, both at the total project and detailed scope levels, prior project files, and other information is generally the initial step taken by project teams.

.2 Information-gathering techniques. Examples of information-gathering techniques used in risk identification can include brainstorming; Delphi; interviewing; and strengths,weaknesses, opportunities, and threats (SWOT) analysis.

   Brainstorming. Brainstorming is probably the most frequently used risk identification technique. The goal is to obtain a comprehensive list that can be addressed later in the qualitative and quantitative risk analysis processes.
    The project team usually performs brainstorming, although a multidisciplinary set of experts can also perform this technique. Under the leadership of a facilitator, these people generate ideas about project risk. Sources of risk are identified in broad scope and posted for all to examine during the meeting. Risks are then categorized by type of risk, and their definitions are sharpened.

   Delphi tecnique. The Delphi technique is a way to reach a consesus of experts on a subject such as project risk. Project risk expertsare identified but participate anonymously.
    A facilitator uses a questionnaire to solicit ideas about the important project risks. The responses are submitted and are then circulated to the experts for further comment. Consensus on the main project risks may be reached in a few rounds of this process. The Delphi tecnique helps reduce bias in the data and keeps any person from having undue influence on the outcome.

   Interviewing. Risks can be identified by interviews of experienced project managers or subject-matter experts. The person responsible for risk identification identifies the appropriate individuals, briefs them on the projects, and provides information such as the WBS and the list os assumptions. The interviewees identify risks on the project based on their experience, project information, and other sources that they find useful.

   Strengths, weaknesses, opportunities, and threats (SWOT) analysis. Ensures examination of the projectfrom each of the SWOT perpectives to increase the breadth of the risks considered.

.3 Checklists. Checklists for risk identification can be developed based on historical information and knowledge that has been accumulated frfom previous similar projects and from other sources of information. One advantage of using a checklist is that risk identification is quick and simple. One disadvantage is that it is impossible to build an exhaustive checklist of risks, and the user may be effectively limited to the categories in the list. Care should be taken to explore items that do not appear on a standard checklist if they seem relevant to the specific project. The checklist should itemize all types of possible risks to the project. It is important to review the checklist as a formal step of every project-closing procedure to improve the list of potential risks, to improve the description of risks.

.4 Assumptions analysis. Every project is conceived and developed based on a set of hypotheses, scenarios, or assumptions. Assumptions analysis is a technique that explores the assumptions´validity. It identifies risks to the project from inaccuracy, inconsistency, or incompleteness of assumptions.

.5 Diagramming techniques. Diagramming techniques may include:

   Cause-and-effect diagrams (also know as Ishikawa or fishbone diagrams)—useful for identifying causes of risks (described in Section 8.1.2.3).

   System or process flow charts—show how various elements of a system interrelate and the mechanism os causation (described in Section 8.1.2.3).

   Influence diagrams—a graphical representation of a problem showing casual influences, time ordering of events, and other relationships among variables and outcomes.

11.2.3 Outputs from Risk Identification

.1 Risks. A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective.

.2 Triggers. Triggers, sometimes called risk symptoms or warning signs, are indications that a risk has occurred or is about to occur. For example, failure to meet intermediate milestones may be an early warnning signal of an impending schedule delay.

.3 Input to other processes. Risk identification may identify a need for further action in another area. For example, the WBS may not have sufficient detail to allow adequate identification of risks, or the schedule may not be complete or entirely logical.

return to model

  previous page      next page