Risk identification is the systematic process of combing through the project, the project plan, the work breakdown structure, and all supporting documentation to identify as many of the risks that may affect the project as possible. Remember, a risk is an uncertain event or condition that may affect the project's outcome. Risks can be positive or negative. In the big picture of risk identification, there are two categories of risks:
• Pure risks These risks have only a negative outcome. Examples include loss of life or limb, fire, theft, natural disasters, and the like.
• Business risks These risks may have a negative or a positive outcome. Examples include using a less experienced worker to complete a task, allowing phases or activities to overlap, or foregoing the expense of formal training for on-the-job education.
The initial risk identification meeting can be wild and unwieldy if the approach isn't structured. The project manager may elect to address risks by category, project phase, or the project life cycle. The goal of these meetings is to capture all of the risks so that the project management team can plan adequately for the risk responses. The participants of the risk identification meetings can include:
• Project manager
• Risk management team (if one exists, of course)
• Subject matter experts
• Other project managers
• Risk management experts
Risk identification is not a one-time event. The project manager should encourage the project team and these participants to continually be on the lookout for risk events as the project moves toward closure. The risk management plan also includes timings for iterations of risk identification and management. Risk identification is an iterative process, because new risks can creep into the project or existing risks may be identified later as more detail becomes available. You'll need five inputs to complete risk identification:
• Enterprise environmental factors When it comes to risk identification, having commercial databases, academic studies, benchmarking results, whitepapers, and other statistics and information related to your discipline is ideal.
• Organizational process assets If an organization has completed projects similar to the current project, there's no reason not to use the historical information to help the risk identification along.
• Project scope statement The project scope statement includes the assumptions that the project is based on. These assumptions are often sources of risk within the project.
• Risk management plan This lone output of risk management planning is needed during risk identification because the plan will identify the organization's and the project's proper approach for identifying risks within the project.
• Project management plan The project management plan is also needed, as there are likely risks lurking throughout the project. Consider schedules, costs, assumptions and constraints, quality issues, and all the other knowledge areas where risks may be hiding.
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.