5 Identify Risk

RMP® Certification Course
Lesson 6—Identify Risks
Objectives
After completing ● Define the purposes and objectives

this lesson, you will
● Discuss the critical success factors
be able to:
● List the three categories of tools and techniques
● Describe the best practices
● Explain how to document the results
Purposes of Identify Risks Process
Following are the purposes of Identify Risks process:
Identify risks Identify risks to the maximum extent that is practicable.
Recognize identifiable
Recognize all the identifiable risks to project objectives.
risks
Make risk identification Make risk identification process iterative to ensure that the process is not
process iterative only restricted to planning phase.
Identify potential
Identify potential responses at the time when a risk is first identified.
responses
Record and consider

Record and consider for immediate action if such action is appropriate.
risks
3
Objectives of Identify Risks Process
Following are the objectives of Identify Risks process:
Identify risks Document risks Categorize risks
Critical Success Factors
Following are the critical success factors for Identify Risks process:
Multiple
Early identification
perspectives
Iterative Risks linked to

identification project objectives
Emergent Complete risk

identification statement
Comprehensive Ownership and

identification level of details
Explicit
identification of Objectivity
opportunities
Multiple Early identification:

perspectives
● Identifies risk as early as possible in the project lifecycle.
Iterative Risks linked to ● Enables key project decisions which may result in successful
implementation of the risk response.
Emergent Complete risk ● Gives time for implementation of risk responses.

● Responses taken early are normally less costly than the ones

taken later.
Explicit
opportunities
6
Multiple Iterative identification:

perspectives
● All the risks cannot be identified at the initial stage of the
Iterative Risks linked to project.
● Risk identification should be repeated throughout the project
Emergent Complete risk lifecycle.

● Periodicity should be defined.

Explicit
opportunities
Multiple Emergent identification:

perspectives
● Risks should be identified at any time during the project.
Iterative Risks linked to ● No need to wait for the risk management or status meeting to
work on identifying the risks.


Explicit
opportunities
Multiple Comprehensive identification:

perspectives
● Find all the sources from where the risk can be identified. It
Iterative Risks linked to can be internal, external, technical, or project management
related risks.


Explicit
opportunities
9
Multiple Explicit identification of opportunities:

perspectives
● The Identify Risks process should ensure that the opportunities
Iterative Risks linked to are properly explored.


Explicit
opportunities
10
Multiple Multiple perspectives:

perspectives
● The Identify Risks process should take input received from a
Iterative Risks linked to broad range of project stakeholders to ensure that all
perspectives are represented and considered.
Emergent Complete risk ● Limiting risk identification to the immediate project team is
unlikely to expose some identifiable risks.

Explicit
opportunities
11
Multiple Risks linked to project objectives:

perspectives
● These risks are identified as opportunities or threats for the
Iterative Risks linked to project objectives.
● Identified risks should relate to any of the project objectives
Emergent Complete risk like time, cost, scope, quality, etc.
● These risks can be linked to a single or multiple objectives.

Explicit
opportunities
12
Multiple Complete risk statement:

perspectives
● It is always good to capture risk in the form of a complete risk
Iterative Risks linked to statement.
● Identified risks should be clear and unambiguous.
Emergent Complete risk ● Detailed risk descriptions with description of uncertainty and
its cause and effects should be mentioned as early as possible
in the project lifecycle.
Explicit
opportunities
13
Multiple Ownership and level of details:

perspectives
● The need to identify risks and respond appropriately is not the
Iterative Risks linked to ownership of the project manager alone.
● Risk should be identified at a number of levels of details.
Emergent Complete risk ● A high-level description makes it difficult to understand and

develop response, or assign ownership.
● Triggers should be identified wherever possible and
identification level of details appropriate.
Explicit
opportunities
14
Multiple Objectivity:
perspectives
● Human intervention is susceptible to bias when dealing with
Iterative Risks linked to uncertainty. This occurs as people apply heuristics. This
sensitivity should be dealt during risk identification process.
Emergent Complete risk ● Sources of bias should be exposed and their effect should be
managed proactively.
● The aim is to minimize subjectivity, and allow open and honest
identification level of details identification of as many risks to the project as possible.
Explicit
opportunities
15
Inputs, Tools and Techniques, and Output
Following are the inputs, tools and techniques, and outputs required for Identify Risks process:
Inputs Tools and Techniques Outputs
● Risk management plan ● Documentation reviews ● Risk register
● Scope baseline ● Information-gathering
● Activity cost estimates techniques
● Activity duration estimates ● Checklist analysis
● Stakeholder register ● Assumptions analysis
● Cost management plan ● Diagramming techniques
● Schedule management plan ● SWOT analysis
● Quality management plan ● Expert judgment
● Human resource management plan
● Project documents
● Procurement documents
● Enterprises environmental factors
● Organizational process assets
16
Inputs
Following are the inputs of Identify Risks process:

Inputs Description
Risk management plan Describes the team's approach to identify risks.
Provides a quantitative assessment of costs involved in completing each scheduled
Activity cost estimate
activity with a range of estimates indicating risk range.
Activity duration estimate Indicates the time allotted for each activity or for the whole project.
Contains the project scope statement that includes project assumptions and their
Scope baseline
uncertainties, and the detailed WBS of potential risks.
Stakeholder register Contains all details related to the identified stakeholders.
Contains a cost management approach specific to the project that helps to generate or
Cost management plan
mitigate risks.
Includes guidelines for handling changes to the schedule, updated risks, and associated
Schedule management plan
response plans.
17
Inputs (contd.)
Following are the other inputs of Identify Risks process:

Inputs Description
Quality management plan Describes the project management team’s approach to implement the quality policy.
Provides guidance on how project human resources should be defined, managed, and
Human resource management
eventually released along with roles and responsibilities, project organization charts,
plan and staffing management plan.
Includes assumptions log, earned value reports, work performance reports, and
Project document network diagrams. In addition, it includes baselines, and other project information that
helps to identify risks.
Becomes the base for identification of risks, when the project requires external
Procurement document
procurement of resources.
Includes commercial databases, academic studies, published checklists, industry
Enterprise environmental factor
studies, risk attitudes, or benchmarking.
Includes files from previous projects, lessons learned, risk statement templates,
Organizational process asset historical information, and commercially available published information such as
benchmarking or best practices data.
18
Tools and Techniques
Following are the tools and techniques for Identify Risks process:
Documentation reviews +
Information-gathering techniques +
Checklist analysis +
Assumptions analysis +
Diagramming techniques +
SWOT analysis +
Expert judgment +
19
Documentation reviews -
A structured review of the project documentation may be performed including plans, assumptions,
previous project files, agreements, and other information.
SWOT analysis +
Expert judgment +
20
Information-gathering techniques -
These include data collection methods such as brainstorming, Delphi technique, interviewing, and root
cause analysis.
SWOT analysis +
Expert judgment +
21
Checklist analysis -
Checklist analysis is an analysis which is conducted on the basis of historical information, as a
standardized way of identifying risks.
SWOT analysis +
Expert judgment +
22
Assumptions analysis -
Assumptions analysis is used to explore the validity of project assumptions.
SWOT analysis +
Expert judgment +
23
Diagramming techniques -
The diagramming techniques include cause-and-effect diagrams, influence diagrams, and process
flowcharts which helps in identifying the causes of risks.
SWOT analysis +
Expert judgment +
24
SWOT analysis -
The SWOT analysis examines the project from the perspectives of strength, weakness, opportunity, and
threat.
Expert judgment +
25
SWOT analysis +
Expert judgment -
Expert judgment includes the inputs given by subject matter experts or team members who have the
relevant knowledge and experience on similar business areas or projects.
26
Assumption Analysis and Documentation Reviews—Example
Jeremiah has begun looking for risks on his project, which is to a deliver a new product for his
company. In fact, his company has no experience at all in this area but the company’s leadership
thought that the return on investment was worth it.
During initial planning, Jeremiah is concerned with the cost and duration estimates that his team
delivers to him. Since this is a new type of project, and they are inexperienced, he does not want
to leave anything to chance.
He decides to use assumptions analysis and documentation reviews to determine how accurate
the estimates might be. He also interviews subject matter experts on other projects to increase his
confidence level with the estimates.
27
Assumption Analysis and Documentation Reviews—Example (contd.)
At the conclusion of his analysis, he determines that the existing estimates are as accurate as they
could possibly be under the circumstances.
Jeremiah then decides to ask for additional contingency funds to account for the uncertainty and
to protect the project budget. Jeremiah’s use of multiple tools enabled him to determine the
uncertainty of his project estimates and to ask for appropriate funding.
During the life cycle of his project, he was then able to capture more accurate data that he will use
on future projects.
28
Tools and Techniques—Categories
The three categories of tools and techniques required to identify risks are as follows:
● Historical review is based on past occurrence of risks, either in the current project
or other similar projects within the organization, or comparable projects in other
Historical review organizations.
● It relies on careful selection of comparable situations, which are genuinely similar
to the current project, and are filtered to select the only relevant previous risks.
Current assessment
Creativity technique
29
● They rely on current project, analysis against the framework, and models to find
uncertainties.
Historical review ● They do not rely on external reference points, but are based purely on
examination of the project.
● Current assessments are based on present data (documentation reviews,
rrent assessment
Current assessments information-gathering techniques, assumption analysis, diagramming technique,
and SWOT analysis).
30
● Creativity technique is based on future data (like expert judgment and

brainstorming).
Historical review ● It encourages stakeholders to use their imagination to find the risk in the project.
● It creates room for creative or out-of-the-box thinking.
● It can be used either in single or in groups.
Current assessment
31
Tools and Techniques—Facts
Facts of the tools and techniques are as follows:
● Each technique has its own strength and weaknesses.
● No single technique can reveal all identifiable risks.
● If required, use a combination of different techniques.
Choose checklist (historical review) with assumption analysis (current assessment) and brainstorming
(creativity technique).
32
Other Tools and Techniques
Given below are the other tools and techniques of Identify Risks process.
Interview with Nominal Group

Brainstorming Delphi Technique
SMEs Technique (NGT)
Checklist, Forms,
Crawford Slip Analogy
and Templates
33
Interview with SMEs
Interviewing helps to inquire on issues related to doubts and other technical

characteristics that the project team usually does not take care of.
It involves engaging:
● experts internal and external to the project;
● consultants; and
● project team.
34
Interview with Experts Process
The process of interviewing subject matter experts are as follows:
1 2 3 4
Introduce the Introduce the Develop the
Define the scope
facilitator interviewees questions
5 6 7 8
Receive the Fill up the register
Send the questions Consolidate the
answers from with the list of
to interviewees responses
interviewees identified risks
35
Brainstorming Technique
Brainstorming includes the following:
Identification of
many risks
Team must be
available
Leads to chaos, if
executed
inadequately
Highly creative
and synergetic
sessions
Encourages
teamwork
36
Brainstorming Process
The process of brainstorming includes the following:
Conduct Fill up the list

Introduce Introduce Consolidate
Define scope brainstorming with the
facilitator participants responses
session identified risks
37
Delphi Technique
Delphi technique includes the following:
A type of interview
with SMEs
The interviews
are
anonymous
Slow and requires
hard work
Used when there are
conflicts or when
brainstorming
is not
Used to get
recommended
comments from
competitors
38
Delphi Technique Process
The process to carry out Delphi technique is as follows:
1 2 3 4
Introduce the Develop the Introduce the
Define the scope
facilitator questions interviewees
5 6 7 8
Distribute the Receive the Consolidate the Redistribute the
questions/survey answers responses questions
9 10
Fill up the register
Consolidate the
with the
final results
identified risks
39
Nominal Group Technique
Nominal Group Technique (NGT) includes the following:
Individual
brainstorming
Allows a certain
degree of
prioritization
Reduces the chaos
of brainstorming
Mix of individual
and group
participation
Fast and
effective
40
Nominal Group Technique—Process
The process to carry out Nominal Group Technique (NGT) is as follows:
1 2 3 4
Introduce the
Introduce the
Define the scope participants Schedule the meeting
facilitator
(between 6 and 8)
5 6 7 8
Start the meeting Each participants Facilitator writes
Each participants
and state the rules, creates his/her own down the first risk of
orders his/her risks
time, and process risk list each participant
9 10 11
Facilitator writes Fill up the list of
Consolidate the final identified risks
down the second risk
result (prioritized)
of each participant
41
Crawford Slip Technique
Crawford Slip technique includes the following:
Used to identify many

risks in a short period
of time
Uses a slip or a
Group consolidation piece of paper
like post-it®
Individual brainstorming
42
Crawford Slip Process
The process to of Crawford Slip technique is as follows:
1 2 3 4
Introduce the
Introduce the
Define the scope participants (between Schedule the meeting
facilitator
6 and 8)
5 6 7 8
Start the meeting by Each participants Collect slips and Distribute the list to
stating the rules, time, writes down one risk consolidate the list of the participants for
and number of risks for a minute identified risks final comments
9 10
Consolidate the final Fill up the register
result with identified risks
43
Analogy Technique
Analogy technique includes the following:
It is based on previous history
Available
information is A reference is needed.
adjusted to suit the
current scenario
44
Analogy—Process
The process of Analogy technique is as follows:

1 2 3
Define which
Consolidated the
previous projects
Define the scope risks from previous
can be used as
projects
references
4 5 6
Adapt the lists of
Develop the initial Distribute the list
risks to the current
lists of risks to team members
projects
7 8 9
Team analyzes the Fill up the register
Consolidate the
preliminary list of with the identified
final results
risks risks
45
Checklists, Surveys, and Templates
Checklists, surveys, and templates are some of the commonly used techniques
for identifying risks on the project.
● The critical success factor for these techniques is the availability of data from
within and outside the organization.
● These techniques are based on the concept that no new project has a
complete new set of risks.
● These techniques help to refine the list of risks and they use the risk
breakdown structure, which is usually defined as a part of the risk
management plan.
46
Assumptions Analysis
Assumptions analysis is a process of validating the assumptions made. Assumptions need to be

validated on the project; otherwise, they turn out to be risks on the project. It involves documenting
the assumptions and then determining the risks that may be caused due to inaccuracy, instability, or
incompleteness of the project assumptions.
47
Checklist Analysis
Checklist analysis is the process of systematically evaluating the pre-created checklists and developing
a checklist based on relevant historical information.
● It is a standardized way to identify risks.
● It is applicable to any process or system, including equipment, and human issues.
48
SWOT Analysis
SWOT analysis is a popular tool which is used for risk identification. In this technique, strengths and
weaknesses that are of internal origin, that is, related to the organization are identified. Also,
opportunities and threats of external origin are identified.
Helpful Harmful
to achieve the to achieve the
objective objective
(attributes of the
Internal origin
organization)
S W
Strengths Weaknesses
(attributes of the
External origin
environment)
O T
Opportunities Threats
49
Cause-and-Effect Diagram
Cause-and-effect diagram is also called Ishikawa or Fishbone diagram. It is a popular diagrammatic

technique for risk identification.
An example of Fishbone diagram is illustrated below.
Machine Method Materials
Incompatible file formats Poor specs

Nonstandard software
Poor training
Mac or PC Late storyboards
No style guide
Rejected
Inexperienced Low morale Images
Wrong specs
Overworked Noise
Measurement Personnel Environment
50
Root Cause Analysis—Example
The ABC Company has identified a problem during a recent program review. Management realizes
that the same types of risk events are occurring on almost every project and they cannot seem to
understand the reason.
So, they hire an outside risk consultant, who sets out to investigate the matter. The consultant
begins by looking at historical documentation on projects that have been performed over the last
three years.
During the review of project documents, the consultant begins to discover that, most risks are
related to human resources and scope. The consultant then employs multiple diagramming
techniques to assign each risk area to common root causes. It is then evident that Pareto’s Law is
clearly defined with the results.
51
Root Cause Analysis—Example (contd.)
Pareto’s Law generally states that the smallest number of causes will result in the largest number
of problems. By working in reverse from effect to cause, the consultant is able to pinpoint which
root causes are to blame for the majority of the risks within this company.
There is a lack of training for the employees, too many understaffed activities during execution and
poor requirements documentation.
By using root cause analysis, and understanding Pareto’s Law, the consultant was able to track
down the root causes and report it back to the company with his recommendations. The ABC
company then utilizes the results to begin correcting the problem.
52
Output
The output of Identify Risks process is as follows:
Output Description
The risk register contains the list of identified risks and potential responses. When
complete, the risk register will ultimately contain the outcomes of the other risk
Risk register management processes, including the results of the qualitative risk analysis,
quantitative risk analysis, and risk response planning. It also includes risk actions, risk
statuses, and names of risk owners.
53
Prompt Lists
A prompt list refers to several risk categories that may be presented as a RBS and used when
identifying risks in a project.
Prompt lists include the following:
PESTLE TECOP SPECTRUM
The PESTLE prompt list is The TECOP prompt list is The SPECTRUM prompt list is
determined by political, determined by technical, determined by socio-cultural,
economical, social, technological,
undertaking the project environmental, commercial, political, economic, competitive,
ascertaining the costs and benefits of
legal, and environmental factors. operational, and political factors. technological, regulatory or legal,
uncertainty or risk, and market
factors.
54
Risk Categories
The risk categories are as follows:

Risk Category Examples
● Technical changes;
Technical, quality, or ● Changes to industry standards during the project;
performance risks ● Dependence on unproven or complex technology; and
● Unrealistic performance goals.
● Inadequate time and resource allocation;
Project management
● Ineffective project plan development; and
risks
● Poor cost estimates.
● Resource conflicts with other projects;
Organizational risks ● Inadequate project funding; and
● Inconsistent management support.
● Union issues;
External risks ● Change of management in customer’s organization; and
● Regional security issues.
55
Best Practices
The best practices in the Identify Risks process include the use of structured risk descriptions which
can ensure clarity. Risk meta-language offers a useful way of finding the causes and effects of a risk.
Meta-language describes each risk using three-part statements in the following forms:
Cause
(Fact or condition)
Risk
(Uncertainty)
Effect
(Possible result)
56
Historical Documentation
One invaluable source of information for a project is any available

data on previous projects that were similar to the current one.
There are many risks that will reoccur from one project to the next.
To capitalize on lessons learned, you will need access and it must be
well structured.
Examples of historical documentation includes previous:
● risk plans,
● risk registers,
● contracts,
● project post-mortem documentation,
● change requests,
● cost and time estimates, etc.
57
Documenting the Results
Recording is one of the important activities, which helps in capturing all

the relevant information on each identified risk. The information on
these risks is maintained in the form of risk register. This register
contains the following:
● Description of risks
● Name of risk owner
● Cause and effects of risks
● Triggers
● Preliminary risk responses
● Risk category
58
Summary
Here is a quick ● The objectives of Identify Risks process are identify risks, document risks,
recap of what was and categorize risks.
covered in this ● The critical success factors for Identify Risks process are early identification,
lesson:
multiple perspective, iterative identification, risks linked to project
objectives, emergent identification, complete risk statement,
comprehensive identification, ownership and level of details, explicit
identification of opportunities, and objectivity.
● The three categories of tools and techniques of Identify Risks process are
historical review, current assessments, and creativity technique.
● The best practices in Identify Risks process include the use of structured risk
descriptions which can ensure clarity.
● Recording is one of the important activities, which helps in capturing all the
relevant information on each identified risk.
72

5 Identify Risk

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5 Identify Risk

Uploaded by

Copyright:

Available Formats

RMP® Certification Course

Lesson 6—Identify Risks

After completing ● Define the purposes and objectives

Purposes of Identify Risks Process

Following are the purposes of Identify Risks process:

Identify risks Identify risks to the maximum extent that is practicable.

Record and consider

Following are the objectives of Identify Risks process:

Identify risks Document risks Categorize risks

Critical Success Factors

Iterative Risks linked to

Emergent Complete risk

Comprehensive Ownership and

Critical Success Factors

Multiple Early identification:

Emergent Complete risk ● Gives time for implementation of risk responses.

Comprehensive Ownership and

Multiple Iterative identification:

Emergent Complete risk lifecycle.

Comprehensive Ownership and

Critical Success Factors

Multiple Emergent identification:

Emergent Complete risk

Comprehensive Ownership and

Critical Success Factors

Multiple Comprehensive identification:

Emergent Complete risk

Comprehensive Ownership and

Multiple Explicit identification of opportunities:

Emergent Complete risk

Comprehensive Ownership and

Critical Success Factors

Multiple Multiple perspectives:

Comprehensive Ownership and

Critical Success Factors

Multiple Risks linked to project objectives:

Comprehensive Ownership and

Multiple Complete risk statement:

Critical Success Factors

Multiple Ownership and level of details:

Emergent Complete risk ● A high-level description makes it difficult to understand and

Critical Success Factors

Following are the inputs of Identify Risks process:

Stakeholder register Contains all details related to the identified stakeholders.

Following are the other inputs of Identify Risks process:

Tools and Techniques

Tools and Techniques

Tools and Techniques

Tools and Techniques

Tools and Techniques

Assumption Analysis and Documentation Reviews—Example

Tools and Techniques—Categories

Tools and Techniques—Categories

● Creativity technique is based on future data (like expert judgment and

Tools and Techniques—Facts

Facts of the tools and techniques are as follows:

● Each technique has its own strength and weaknesses.

● No single technique can reveal all identifiable risks.

● If required, use a combination of different techniques.

Other Tools and Techniques

Interview with Nominal Group

Interviewing helps to inquire on issues related to doubts and other technical

● experts internal and external to the project;

Interview with Experts Process