Identify Risks (risk identification techniques ) is the process of writing down the details of each project risk and the sources of total project risk that you find in project management . The main benefit of this process is that it helps you keep track of the different project risks and where those risks come from. It also brings together information so that the project team can deal with problems in the right way. The project as a whole goes through this process. Figure below shows the process’s sources, how it works, and what it produces.
Identify Risks: Inputs
Project Management Plan
The following are some of the parts of a project management plan:
- The requirements management plan might list project goals that are especially at risk.
- The schedule management plan might point out places where things aren’t clear or certain.
- The cost management plan might point out places where things aren’t clear or certain.
- The quality management plan might point out places where there is doubt or confusion, or where important decisions have been made that could lead to risk.
- The resource management plan might point out places where things aren’t clear or where important decisions have been made that could lead to risk.
- The risk management plan outlines who is responsible for what when it comes to risk, how risk management tasks fit into the budget and schedule, and the types of risk that are involved. This can be shown as a risk breakdown structure and risk identification process.
- The baseline scope includes outputs (deliverables ) and standards for accepting them, some of which could be risky. The WBS is also in it, and it can be used as a guide to organize methods for finding risks.
- The schedule baseline could be looked at to find goals and due dates (milestones ) for deliverables that aren’t clear or that are based on key assumptions that could be risky.
- Costs or funding needs that aren’t clear or are based on estimates that could be risky may be found by looking at the cost baseline.
Project Documents
It’s possible to use the following project documents as inputs for this process:
Assumption log
The assumptions and constraints written down in the assumption log may cause specific project risks and may also change the general project risk level.
Cost estimates.
As a structured review of the documents may show that the current estimate is not sufficient and poses a risk to the project, cost estimates give numerical assessments of project costs, ideally stated as a range that shows the level of risk.
Duration estimates.
Duration estimates give numbers-based estimates of how long a project will take, ideally as a range that shows the level of risk. A structured review of the documents may show that the current estimate isn’t good enough and puts the project at risk.
Issue log.
Issues written down in the issue log could cause individual project risks and could also change the total project risk level.
Lessons learned register.
Lessons learned about risks found in earlier stages of the project are looked over to see if the same risks might come up again in later stages of the project.
Requirements documentation
In requirements documents, the team can find the requirements that might not be met.
Resource requirements.
Resource requirements give numbers that show how many of each resource the project will need. It’s best to give a range to show the level of risk, since a structured review of the documents could show that the current estimate is too low and puts the project at risk.
Stakeholder register.
The stakeholder register lists the people or groups that could help figure out what risks the project faces. In addition, it lists the people who are willing to take on risk.
Agreements
If the project needs to get resources from outside sources, the agreements may include information like times for milestones, the type of contract, criteria for acceptance, and rewards and punishments that can be threats or opportunities and can be part of risk identification techniques and process .
Procurement Documentation
It is important to look over the initial procurement documentation if the project needs to get resources from outside the organization. Getting products or services from outside the organization can either raise or lower the general project risk and can also add new risks to individual projects. As the project goes on, the purchase documents are updated. The most recent documents can be looked over for risk identification process . For example, reports on how well the seller did, accepted change requests, and details on inspections.
Enterprise Environmental Factors
Enterprise environment factors that might affect the Identify Risks in project management process include, but aren’t limited to: Published materials, such as business risk databases or checklists; Academic studies; Benchmarking results; and Industry studies of similar projects.
Organizational Process Assets
For example, project files with real data, organizational and project process controls, risk statement forms, and checklists from similar projects in the past are all examples of organizational process assets that can affect the Identify Risks process.
Identify Risks: Tools And Techniques
Expert Judgment
It is advisable to get help from people or groups that have specific knowledge about similar projects or business areas. Using their past work and areas of expertise, the project manager should find these experts and ask them to look at all parts of individual project risks as well as the sources of overall project risk. It is important to think about the experts’ views during risk identification techniques and process .
Data Gathering
For risk identification techniques and process , you can use the following data-gathering methods, but they are not limited to them:
Brainstorming
The point of Brainstorming is to come up with a full list of all the risks that could happen with the project and where those risks come from. The project team usually comes up with ideas together with experts from different fields who are not on the team. A facilitator leads a group of people in either a free-form brainstorming session or one that uses more organized methods to come up with ideas. As a base, you can use groups of risks, like in a risk split structure. It is important to make sure that any risks that come up during thinking are clearly explained, since the process can lead to ideas that aren’t fully formed yet.
Checklists.
A checklist is a list of things, tasks, or things to think about. People often use it to remember things. When making risk plans, people use past data and knowledge they’ve gained from working on similar projects and other sources. By making a list of specific project risks that have happened before and may be important to this project, they are a good way to keep track of what you’ve learned from similar complete projects.
The company can keep a risk checklist based on projects it has already finished, or it can use standard risk checklists from other companies in the same field. Even though it’s quick and easy to use a checklist, it’s not possible to make one that includes everything. If you use a checklist to avoid doing the work of properly identifying risks techniques in project management, you should be careful. The project team should also look into things that aren’t on the list. The checklist should also be looked over every so often to add new information and get rid of or store old information.
Interviews.
You can find out about individual project risks and the sources of general project risk by talking to stakeholders, subject matter experts, and experienced project participants. People should feel safe and secure during interviews so that they are more likely to give honest and fair information.
Data Analysis
For risk identification techniques and process , you can use data analysis methods such as, but not limited to:
Root cause analysis
Root cause analysis is often used to figure out what caused a problem in the first place and come up with ways to stop it from happening again. You can use it to find threats by starting with a problem statement (like “The project might be late or over budget”) and then looking at the threats that could cause that problem to happen. You can use the same method to find opportunities: start with a benefit statement (like “on time” or “under budget”) and then look at the opportunities that could provide that benefit.
Assumption and constraint analysis
A project and its project management plan are both planned and created based on a set of ideas and limitations. The scope baseline and project projections usually already include these. Assumption and constraint analysis checks the assumptions and constraints to see which ones are true and which ones could hurt the project. Mistakes, instability, inconsistency, or gaps in beliefs can help discover threats. Removing or loosening a constraint that makes it hard to carry out a project or process can lead to chances.
SWOT analysis.
This method looks at the project from the points of view of its strengths, weaknesses, opportunities, and threats (SWOT). For risk identification, it is used to include internally created risks in the list of risks that have been found. Focusing on the project, the organization, or the business area as a whole, the method starts with figuring out what the organization’s strengths and weaknesses are. Then, the SWOT analysis finds any project chances that may come from its strengths and any project threats that may come from its weaknesses. The study also checks to see how much an organization’s strengths can counter threats and how much its weaknesses can stop opportunities.
Document analysis.
A structured review of project documents, such as plans, assumptions, constraints, previous project roles, contracts, agreements, and technical paperwork, can help find risks. There may be risk on the project if there is uncertainty or ambiguity in the papers, or if there are mistakes within or between documents.
Interpersonal And Team Skills
If you want to help with this process, you can use interpersonal and team skills like coaching. Using facilitation makes many of the methods used to find individual project risks and sources of general project risk more useful. A good facilitator can help people stay focused on the task of identifying risks in project management , follow the technique’s steps exactly, make sure that risks are described clearly, find and get rid of sources of bias, and settle any differences that may come up.
Prompt Lists
A prompt list is a set of planned risk categories that could cause risks in different parts of the project or in the whole project. The list of questions can help the project team come up with ideas when they are using techniques for finding risks in risk identification techniques and process. You can use the risk groups at the bottom of the risk breakdown structure as a starting point for your own project risks. Some common strategic frameworks, like PESTLE (political, economic, social, technological, legal, and environmental), TECOP (technical, environmental, commercial, operational, and political), or VUCA (volatility, uncertainty, complexity, and ambiguity), are better at finding the sources of overall project risk.
Meetings
The project team may hold a special meeting (often called a “risk workshop”) to figure out what risks there are. There is usually some kind of brainstorming at risk workshops, but there may be other ways to find risks as well, based on how detailed the risk process is in the risk management plan . The meeting will go more smoothly if there is a skilled guide there. Also, it’s important to make sure that the risk group has the right people. For bigger projects, it might make sense to ask the project sponsor, subject matter experts, sellers, customer representatives, or other people who have a stake in the project. For smaller projects, risk training might only be open to a small part of the project team.
Identify Risks: Outputs
Risk Register
Identifying individual project risks and writing down information about them in a risk log. As the project goes on, the risk register keeps track of the outcomes of the steps Perform Qualitative Risk Analysis, Plan Risk Responses, Implement Risk Responses, and Monitor Risks. Depending on the size and complexity of the project, the risk record may or may not have a lot of information about risks.
At the end of the Identify Risks techniques and step, the risk Register might have the following in it, but not necessarily:
List of identified risks
The risk record has a space for each project risk to have its own unique number. We explain identified risks in as much detail as needed to make sure everyone understands clearly. You can tell the difference between risks, their cause(s), and their effect(s) with an organized risk statement.
Potential risk owners.
When a possible risk owner is found during the Identify Risks process in project management , that person is written down in the risk file. We will be sure of this during the Perform Qualitative Risk Analysis step.
List of potential risk responses
People who went through the Identify Risks process write down any possible risk responses they found in the risk register. The Plan Risk Responses method will confirm this.
You might be able to add more information to each risk that you find in risk identification techniques and process , based on how the risk management plan describes the risk register. It could have a short title, a risk category, its current status, one or more causes, one or more effects on goals, risk triggers (events or conditions that show that a risk is about to happen), a WBS reference of the activities that are affected, and timing information (when the risk was found, when it might happen, when it might not be important anymore, and when the deadline is for taking action).
Risk Report
The risk report includes details on the sources of the general project risk as well as a summary of the recognized individual project risks. The project risk management method builds the risk report step by step. The risk report also has the outcomes of Plan Risk Responses, Implement Risk Responses, Monitor Risks, Perform Qualitative Risk Analysis, and monitor risks as they happen. At the end of the Identify Risks step in project management , the risk report might have information like, but not limited to:
- sources of general project risk, pointing out which ones are the most significant factors that affect the project’s risk exposure; and
- A summary of the risks that have been found for each project, including the number of threats and opportunities that have been identified, how the risks are spread across risk categories, metrics and trends, and so on.
Depending on what the risk management plan says about how to report, the risk report may include more details.
Project Documents Updates
As a result of risk identification techniques and process method, the following project documents may be made up to date:
Assumption log.
We might come up with new assumptions or constraints during the Identify Risks process in project management. We might also go back and change assumptions or constraints that we already have. Include this new information in the assumption log.
Issue log
The issue log should be kept up to date with any new problems found or changes to problems that have already been recorded.
Lessons learned register.
You can add to the lessons learned register about the methods that worked well for finding risks so that later parts or other projects will run more smoothly.
References :