Project Risk Management

IDENTIFY RISKS
IDENTIFY RISKS
 Identify Risks is the process of identifying
individual project risks as well as sources of
overall project risk, and documenting their
characteristics.

 It also brings together information so the

project team can respond appropriately to
identified risks.
IDENTIFY RISKS
Purpose and Objectives
• A risk cannot be managed unless it is first
identified.
• After Risk management Planning has been
completed,
• the first process in the iterative Project
Risk Management process
• aims to identify all the knowable risks to
project objectives.
Purpose --Risk exposure Changes
• It is, however, impossible to identify all the
risks at the outset of a project.
• Over time, the level of project risk exposure
changes as a result of
• Internal changes - the decisions and
actions taken previously in the project,
and
• Externally imposed changes
Purpose – Unknowable or Emergent

• The purpose of risk identification is to

identify risks to the maximum extent that is
practicable.
• The fact that some risks are unknowable or
emergent requires the Identify Risk process
to be iterative, repeating the Identify Risks
process to find new risks which have
become knowable since the previous
iteration of the process.
Purpose --Potential Responses
• When a risk is first identified, potential
responses may also be identified at the
same time.
• These should be recorded during the
Identify Risks process and considered for
immediate action is such action is
appropriate.
• Where such responses are not implemented
immediately, these should be considered
during the Plan Risk Responses process.
Objectives
 The objectives of the Identify Risks process are to:
• Identify and record a long list of threats and
opportunities for the project and by work package;
for many projects, the word “long” means hundreds
of risks
• Make sure all risks are in the cause-risk-effect
format
• Understand the risks
Risk Types and Ctegories
Types
◦ Business (profit or loss) and insurable (loss)
◦ Known known Total certainty
◦ Known unknown Degree of uncertainty
◦ Unknown unknown Total uncertainty

Categories
◦ External, unpredictable Regulatory, etc.
◦ External, predictable Market risks
◦ Internal, non-technical Management
◦ Technical Design
◦ Legal Contractual
Identify Risks

�Critical Risk Factors

� Mnemonics... ... . E. I. E. C. MP.
RPO. CRS. O. O
� Elon India Elon China. Experiment. Mega project. Road
project. China real shit. Oil. Oil.
Early Risk Identification
• Risk Identification should be performed as early as
possible in the project lifecycle, recognizing the
paradox that uncertainty is high in the initial stages
of a project so there is often less information on
which to base the risk identification.

• It also maximizes the time available for

development and implementation of risk
responses, which enhances efficiency since
responses taken early are often normally less costly
than later ones.
Iterative Identification
• Since not all risks can be identified at any given
point in the project, it is essential that risk
identification is repeated throughout the project
life cycle.
• This should be done periodically, at a frequency
determined during the Plan Risk Management
process.
• Risk Identification might also be repeated at key
milestones in the project, or whenever there is
significant change to the project or its operating
environment.
Emergent Identification
• In addition to invoking the Identify Risks
process as defined in the project plan, the
Plan Risk Management process should
permit
• risks to be identified at any time,
• not limited to
• formal risk identification events or
• regular reviews.
Comprehensive Identification
 A broad range of sources of risk should be
considered to ensure that as many uncertainties as
possible that might affect objectives have been
identified.
Explicit Identification of Opportunities

 The Identify Risks process should ensure

opportunities are properly considered.
Multiple Perspectives

• The Identify Risks process should take input from a

broad range of project stakeholders to ensure that
all perspectives are represented and considered.

• Limiting risk identification to the immediate project

team is unlikely to expose all knowable risks.
Risk Linked to Project Objectives
• Each identified project risk should relate to
at least one project objective (time, cost,
quality, scope, etc.), noting that the PMBOK®
Guide defines risk as an uncertain event or
condition that, if it occurs, has a positive or
a negative effect on a project’s objectives.
• Consideration of each project objective
during the Identify Risks process will assist
in identifying risks, noting that some risks
may affect more than one objective.
Complete Risk Statement
• Identified risks should be clearly and
unambiguously described, so that they can
be understood by those responsible for risk
assessment and risk response planning.
• Single words or phrases such as “resources”
or “logistics” are inadequate and do not
properly communicate the nature of the risk.
• More detailed risk description are required
which explicitly state the uncertainty and its
causes and effects.
Ownership and Level of Detail
• Risks can be identified at a number of level of detail.
• A generalized or high-level description of risk can
make it difficult to develop responses and assign
ownership, while describing risks in a lot of detail
can create a great deal of work.
• Each risk should be described at a level of detail at
which it can be assigned to a single risk owner with
clear responsibility and accountability for its
management.
• Trigger conditions should also be identified where
this is possible and appropriate.
Objectivity
• All human activities are susceptible to bias, especially when
dealing with uncertainty.
• Following two types of biases may occur:
• Motivational biases, where someone is trying to bias the
result in one direction or another, or
• Cognitive biases, where biases occur as people are using their
best judgment and applying heuristics.
• This should be explicitly recognized and addressed during the
Identify Risks process.
• Sources of bias should be exposed wherever possible, and their
effect on the risk process should be managed proactively.
• The aim is to minimize subjectivity, and allow open and honest
identification of as many risks as possible to the project.
Identify Risks --- Inputs
 Risk Management plan

 As this document explains how risk management

activities are to be carried out in our project, it is an
indispensable resource. We will be using the following
from the risk management plan:

a. Assignment of Roles & Responsibilities

b. Budget and Schedule provisions & allocations to Risk
Management activities
c. Risk Breakdown Structure
Identify Risks --- Inputs
 Cost Management Plan

 Quality Management Plan

 Schedule Management Plan

 Resource Management Plan

 Requirement Management Plan

Identify Risks --- Inputs
 Activity Duration Estimates

 Activity duration estimate reviews are useful

in identifying risks related to the time
allowances for the activities or project as a
whole, again with the width of the range of
such estimates indicating the relative degree
of risk
Identify Risks --- Inputs
 Activity Cost Estimates

 Activity cost estimate reviews are useful in

identifying risks as they provide a quantitative
assessment of the likely cost to complete scheduled
activities and ideally are expressed as a range, with
the width of the range indicating the degree of risk

 The review may result in projections indicating the

estimate is either sufficient or insufficient to
complete the activity
Identify Risks --- Inputs
 Assumption Log

 Issue Log

 Lesson Learned Register

 Requirement Documentation

 Resource Requirements

 Stake holder Register

Identify Risks --- Inputs
 AGREEMENTS

 If the project requires external procurement

of resources, the agreements may have
information such as milestone dates, contract
type, acceptance criteria, and awards and
penalties that can present threats or
opportunities.
Identify Risks --- Inputs
 PROCUREMENT DOCUMENTATION

 If the project requires external procurement of

resources, the initial procurement documentation
should be reviewed as procuring goods and services
from outside the organization may increase or
decrease overall project risk and may introduce
additional individual project risks.

 As the procurement documentation is updated

throughout the project, the most up to date
documentation can be reviewed for risks
Identify Risks --- Inputs
 ENTERPRISE ENVIRONMENTAL FACTORS

 Published information

 Academic studies

 Published checklists

 Benchmarking

 Industry studies
Identify Risks --- Inputs
 Organizational Process Assets

 Project files including actual data

 Organizational and project process controls

 Risk statement formats or templates

 Lessons learned
Identify Risks – Tools and Techniques
 EXPERT JUDGMENT

 Expertise should be considered from individuals or groups

with specialized knowledge of similar projects or business
areas.

 Such experts should be identified by the project manager

and invited to consider all aspects of individual project risks
as well as sources of overall project risk, based on their
previous experience and areas of expertise.

 The experts’ bias should be taken into account in this

process
Identify Risks – Tools and Techniques
 Brainstorming

 The goal of brainstorming is to obtain a comprehensive list of

individual project risks and sources of overall project risk. The
project team usually performs brainstorming, often with a
multidisciplinary set of experts who are not part of the team.

 Ideas are generated under the guidance of a facilitator, either in a

free-form brainstorm session or one that uses more structured
techniques.

 Categories of risk, such as in a risk breakdown structure, can be

used as a framework. Particular attention should be paid to ensuring
that risks identified through brainstorming are clearly described,
since the technique can result in ideas that are not fully formed.
Identify Risks – Tools and Techniques
 Checklists

 A checklist is a list of items, actions, or points

to be considered. It is often used as a
reminder.

 Risk checklists are developed based on

historical information and knowledge that has
been accumulated from similar projects and
from other sources of information.
Identify Risks – Tools and Techniques
 Interviews

 Individual project risks and sources of overall

project risk can be identified by interviewing
experienced project participants,
stakeholders, and subject matter experts.
Interviews should be conducted in an
environment of trust and confidentiality to
encourage honest and unbiased contributions
Identify Risks – Tools and Techniques
 Root cause analysis

 Root cause analysis is typically used to

discover the underlying causes that lead to a
problem, and develop preventive action. It
can be used to identify threats by starting
with a problem statement (for example, the
project might be delayed or over budget) and
exploring which threats might result in that
problem occurring
Identify Risks – Tools and Techniques
(Cause and Effect)
Identify Risks – Tools and Techniques
 Assumption and constraint analysis.

 Every project and its project management plan are

conceived and developed based on a set of
assumptions and within a series of constraints.

 These are often already incorporated in the scope

baseline and project estimates. Assumption and
constraint analysis explores the validity of
assumptions and constraints to determine which
pose a risk to the project
Identify Risks – Tools and Techniques
 SWOT analysis.

 This technique examines the project from each of the

strengths, weaknesses, opportunities,and threats
(SWOT) perspectives.

 For risk identification, it is used to increase the

breadth of identified risks by including internally
generated risks. The technique starts with the
identification of strengths and weaknesses of the
organization, focusing on either the project,
organization, or the business area in general.
Identify Risks – Tools and Techniques
 Document analysis.

 Risks may be identified from a structured review

of project documents, including, but not limited
to, plans, assumptions, constraints, previous
project files, contracts, agreements, and
technical documentation. Uncertainty or
ambiguity in project documents, as well as
inconsistencies within a document or between
different documents, may be indicators of risk
on the project
Identify Risks – Tools and Techniques
 PROMPT LISTS

 PESTLE (political, economic, social,

technological, legal, environmental)

 TECOP (technical, environmental, commercial,

operational, political)

 VUCA (volatility, uncertainty, complexity,

ambiguity).
Identify Risks – Tools and Techniques
 MEETINGS

 To undertake risk identification, the project team may

conduct a specialized meeting (often called a risk
workshop).

 Most risk workshops include some form of

brainstorming but other risk identification techniques
may be included depending on the level of the risk
process defined in the risk management plan. Use of
a skilled facilitator will increase the effectiveness of
the meeting
IDENTIFY RISKS: OUTPUTS
 RISK REGISTER

 The risk register captures details of identified

individual project risks. The results of Perform
Qualitative Risk Analysis, Plan Risk Responses,
Implement Risk Responses, and Monitor Risks are
recorded in the risk register as those processes
 are conducted throughout the project.

 The risk register may contain limited or extensive risk

information depending on project variables such as
size and complexity.
IDENTIFY RISKS: OUTPUTS
 RISK REGISTER

 List of identified risks.

 Each individual project risk is given a unique

identifier in the risk register. Identified risks are
described in as much detail as required to ensure
unambiguous understanding. A structured risk
statement may be used to distinguish risks from
their cause(s) and their effect(s).
IDENTIFY RISKS: OUTPUTS
 RISK REGISTER
IDENTIFY RISKS: OUTPUTS
 It is NOT a Risk
Cause Risk Effect

Due to the team not Communications Which may lead to

being co-located, might take a long milestones being
time, missed.

• Not being co-located is not the root cause of this risk.

Cause Risk Effect

As a result of the Work may take more Which may lead to
project manager’s than allocated in the milestones being
inexperience with schedule, missed.
virtual teams,
IDENTIFY RISKS: OUTPUTS
 Following Risk does NOT have enough detail

Cause Risk Effect

The market research Thus missing a new Resulting in scope
function stopped trend in requirements, change.
focusing on the
product while doing
marketing research,
IDENTIFY RISKS: OUTPUTS
 A well-worded risk would be:
Cause Risk Effect
The number of inches Which may mean that Causing the need to
apart the seats should seat-spacing eliminate one row of
be spaced will depend requirements could be seats and redesign the
on market research, ignored or come even locking mechanism if
which, due to later than planned. the research shows
changing consumer changes in needs.
needs, will not be
done until late in the
project. The market
research department
has many products it
will be researching,
IDENTIFY RISKS: OUTPUTS
 Is this a good Cause-Risk-Effect statement?

Cause Risk Effect

The system Which could lead to a Data will be lost
backup/disaster loss of programming
recovery mechanism code or data
may not work, structures and test
data developed to
date,
IDENTIFY RISKS: OUTPUTS
 A Threat is NOT an Excuse for Poor Project Management

Cause Risk Effect

Due to upper Resources will not be Resulting in not being
management not available, able to complete the
supporting the project on time.
project,
• This does not get to the root cause of the impact.
• Issues like lack of support or resources MUST be dealt with before the project
starts.
• The project management plan must be achievable and bought-into before
starting work.
• There is no other ethical option for a project manager
IDENTIFY RISKS: OUTPUTS
 Potential risk owners.

 Where a potential risk owner has been

identified during the Identify Risks process,
the risk owner is recorded in the risk register.

 This will be confirmed during the Perform

Qualitative Risk Analysis process.
IDENTIFY RISKS: OUTPUTS
 Potential risk owners.

 Where a potential risk owner has been

identified during the Identify Risks process,
the risk owner is recorded in the risk register.

 This will be confirmed during the Perform

Qualitative Risk Analysis process.
IDENTIFY RISKS: OUTPUTS
 List of potential risk responses.

 Where a potential risk response has been

identified during the Identify Risks process, it
is recorded in the risk register.

 This will be confirmed during the Plan Risk

Responses process.
IDENTIFY RISKS: OUTPUTS
 RISK REPORT
 On completion of the Identify Risks process, information in the risk
report may include but is not limited to:

 Sources of overall project risk, indicating which are the most important
drivers of overall project risk exposure;

 Summary information on identified individual project risks, such as

number of identified threats and opportunities, distribution of risks
across risk categories, metrics and trends, etc.

 Additional information may be included in the risk report, depending

on the reporting requirements specified in the risk management plan.
IDENTIFY RISKS: OUTPUTS
 PROJECT DOCUMENTS UPDATES

 Assumption log

 Issue log

 Lessons learned register