Successful project managers have a common trait – they identify and manage risks. Let's look at seven tools and techniques to identify project risks.
Often project managers start with a splash. They get their teams together, identify lots of risks, and enter them into an Excel spreadsheet. However, the risks are never discussed again.
What's the result? Risks are not identified and managed. Threats morph into costly issues. And, the teams miss golden opportunities. Furthermore, project teams fail to achieve the project objectives.
When to Identify Risks
The risk exposure is greatest at the beginning of projects. The uncertainty is high because there is less information in the beginning of projects. Wise project managers start identifying risks early in their projects. Additionally, capture your top risks in your project charter.
Want to know how to improve your risk identification? Identify risks:
- Early in the project
- In an iterative manner
- On a consistent frequency such as weekly
- When change control is performed
- When major milestones are reached
For agile projects, here are some additional times for identifying risks:
- Sprint planning
- Release planning
- Daily standup meetings
- Prior to each sprint
7 Ways to Identify Project Risks
There are numerous ways to identify risks. Project managers may want to use a combination of these techniques. For example, the project team may review a checklist in one of their weekly meetings and review assumptions in a subsequent meeting. Here are seven of my favorite risk identification techniques:
- Interviews. Select key stakeholders. Plan the interviews. Define specific questions. Document the results of the interview.
- Brainstorming. I will not go through the rules of brainstorming here. However, I would offer this suggestion. Plan your brainstorming questions in advance. Here are questions I like to use:
- Project objectives. What are the most significant risks related to [project objective where the objective may be schedule, budget, quality, or scope]?
- Project tasks. What are the most significant risks related to [tasks such as requirements, coding, testing, training, implementation]?
- Checklists. See if your company has a list of the most common risks. If not, you may want to create such a list. After each project, conduct a post review where you capture the most significant risks. This list may be used for subsequent projects. Warning – checklists are great, but no checklist contains all the risks.
- Assumption Analysis. The Project Management Body of Knowledge (PMBOK) defines an assumption as “factors that are considered to be true, real, or certain without proof or demonstration.” Assumptions are sources of risks. Project managers should ask stakeholders, “What assumptions do you have concerning this project?” Furthermore, document these assumptions and associated risks.
- Cause and Effect Diagrams. Cause and Effect diagrams are powerful. Project managers can use this simple method to help identify causes--facts that give rise to risks. And if we address the causes, we can reduce or eliminate the risks.
- Nominal Group Technique (NGT). Many project managers are not familiar with the NGT technique. It is brainstorming on steroids. Input is collected and prioritized. The output of NGT is a prioritized list of risks.
- Affinity Diagram. This technique is a fun, creative, and beneficial exercise. Participants are asked to brainstorm risks. I ask participants to write each risk on a sticky note. Then participants sort the risks into groups or categories. Lastly, each group is given a title.
Variety is the spice of life. One sure way to have an unengaged team is to use the same risk identification technique repeatedly. Additionally, mixing it up occasionally will help your team think in new ways and improve the identification process.
The Project Risk Management Academy
If you've struggled to deliver projects consistently, if you've had too many projects come in late and over budget, if you've tried every software tool imaginable, if your project management career has lost steam; then I'd like to invite you to the Project Risk Management Academy...
Write Clear Risk Statements
As you identify risks, you will need to write and capture risk statements in your risk register. One simple and powerful way to do this is to use the If-Then Risk Statements. The metalanguage is: If [Event], Then [Consequences]. For example: If the electrical system is not installed per the specifications, then there may be additional cost and an adverse impact to the schedule.
7 Risk Identification Mistakes
Think about it. Ninety percent of all risks can be eliminated or greatly reduced through basic risk management.
Take note of these risk identification mistakes:
- The failure to recognize risks early when it is less expensive to address.
- Not identifying risks in an iterative fashion.
- Risks are not identified with appropriate stakeholders.
- Not using a combination of risk identification techniques.
- Risks are not captured in one location.
- The failure to make the risks visible and easily accessible.
- Risks are not captured in a consistent format (e.g., Cause -> Risk -> Impact).
Consider reviewing this blog post and refine the risk identification strategy for your current or upcoming projects. Additionally, capture the approach in your Risk Management Plan. Once you've identified your project risks, you are ready to evaluate your risks.
Hey, if you wish to boost your project risk management knowledge and skills further, check out The PMI-RMP® for Project Managers.