7 Ways to Identify Risks

    2=Planning, 4=Control

  •  Minute Read

Effective project managers share a key characteristic – they actively identify and manage risks. Let's look at seven tools and techniques to identify risks in projects and programs.

Many project managers begin enthusiastically. They assemble their teams, identify a lots of risks, and document them in an Excel spreadsheet. However, these risks frequently go unaddressed thereafter.

7 Ways to Identify Risks

The consequence? Risks remain unrecognized and unmanaged. Threats evolve into expensive problems, and teams overlook valuable opportunities. Moreover, project teams fall short of meeting their project goals.

When to Identify Risks

Risk exposure is at its peak at the start of projects due to high uncertainty, stemming from limited information available early on. Astute project managers identify risks early in their projects, and capture top risks in the project charter.

Looking to enhance your risk identification process? Here's how:

  • Initiate risk identification early in the project.
  • Adopt an iterative approach to identifying risks.
  • Schedule regular risk assessments, like weekly reviews.
  • Incorporate risk identification during change control processes.
  • Focus on risk identification at the completion of major project milestones.

In agile projects, consider these additional moments for risk identification:

  • During sprint planning sessions.
  • In the course of release planning.
  • At daily standup meetings.
  • Just before the commencement of each sprint.

More...

7 Ways to Identify Project Risks

Project managers have a variety of methods at their disposal for identifying risks, and often, a combination of these techniques is most effective. For instance, a project team might use a checklist in one meeting and review assumptions in another. Here are seven of my favorite risk identification techniques:

  1. Interviews. Choose key stakeholders, plan the interviews, formulate specific questions, and document the outcomes.
  2. Brainstorming. While I won't delve into the rules of brainstorming here, one tip is to prepare your questions ahead of time. For example:
    • Project objectives: What are the key risks related to [specific project objectives like schedule, budget, quality, or scope]?
    • Project tasks: What are the primary risks associated with [specific tasks such as requirements, coding, testing, training, implementation]?
  3. Checklists. Check if your organization has a common risk checklist. If not, consider creating one. Update this list after each project to include significant risks encountered, but remember that no checklist is exhaustive.
  4. Assumption Analysis. The PMBOK defines an assumption as something considered true without proof. These are potential risk sources. Ask stakeholders about their project assumptions, document these, and identify related risks.
  5. Cause and Effect Diagrams. Cause and Effect diagrams are powerful. Project managers can use this simple method to help identify causes--facts that give rise to risks. And if we address the causes, we can reduce or eliminate the risks.
  6. Nominal Group Technique (NGT). Many project managers are not familiar with the NGT technique. It is brainstorming on steroids. Input is collected and prioritized. The output of NGT is a prioritized list of risks.
  7. Affinity Diagram. This creative exercise involves brainstorming risks, writing each on a sticky note, and then grouping these notes into categories. Each category is then titled, helping to organize and understand the risks better.

Variety is the spice of life. Continuously using the same risk identification method can lead to a disengaged team. By varying the techniques, you not only maintain team engagement but also encourage fresh thinking, which can enhance the risk identification process.

Write Clear Risk Statements

As you identify risks, you will need to write and capture risk statements in your risk register. One simple and powerful way to do this is to use the If-Then Risk Statements. The metalanguage is: If [Event], Then [Consequences]. For example: If the electrical system is not installed per the specifications, then there may be additional cost and an adverse impact to the schedule.

Pop Quiz: One way to counter groupthink is to reach consensus by asking for input anonymously using the ____________________ technique.

Answer: Delphi Technique

Want to learn more about project risk management? Check out the Project Risk Coach Courses.

 

7 Risk Identification Mistakes

Consider this: Basic risk management can eliminate or significantly reduce up to ninety percent of risks.

Be aware of these common errors in risk identification:

  1. Not identifying risks early when mitigation is more cost-effective.
  2. Failing to identify risks on an ongoing, iterative basis.
  3. Overlooking the involvement of relevant stakeholders in risk identification.
  4. Relying on a single method instead of employing a mix of risk identification techniques.
  5. Not consolidating identified risks in a central location.
  6. Neglecting to make risk information visible and easily accessible.
  7. Inconsistency in documenting risks, lacking a uniform format like Cause -> Risk -> Impact.

Review this blog post and refine the risk identification strategy for your current or upcoming projects. Additionally, capture the approach in your Risk Management Plan. Once you've identified your project risks, you are ready to evaluate your risks.

Want to become a PMI Risk Management Professional (PMI-RMP®)? Don't know where to start?

Are you unsure what it takes to become a PMI Risk Management Professional (PMI-RMP®)? In this FREE mini-course, I share articles, videos, and a short exam to jumpstart your preparation. Why procrastinate any longer? Start today!

You may also like

What is a RAID Log?

What is a RAID Log?
>