TOOLS AND TECHNIQUES FOR RISK

IDENTIFICATION

UNIT THREE
 Learning Outcomes
i. Brainstorming
ii. Root Cause analysis
iii. SWOT Analysis
iv. Risk Register
v. Probability and Impact Matrix
vi. Risk Assessment Template for IT
vii. Documentary Review
viii. Delphi Technique
ix. Interviews
x. Checklist
xi. Assumption Analysis
xii. Diagramming Technique
 INTRODUCTION
• Risk identification is the process of listing potential project risks
and their characteristics. The results of risk identification are
normally documented in a risk register, which includes a list of
identified risks along with their sources, potential risk responses,
and risk categories.

• Risk identification in project management is the core task within

the risk management process to describe and classify risks.

• All the information gathered and analysed during the

identification of risks serves as a foundation for further risk
analysis, evaluation and estimation.
 INTRODUCTION
• Risk identification plays a key role in the success of managing risk.

• Failure in the identification of risks can cause inadequacy in the

whole process of risk management which led to non-achievement
of organisational objectives.

• Tools and techniques facilitate the process of identification, and

need to be adopted on the basis of firms’ characteristics.

• Project manager performing risk identification and assessment

activities can filter inessential or false threats and focusing on
project-related risks in order to make the project less risky.
 Brainstorming

Probably the most used risk identification technique.

The goal is to compile a comprehensive list of risks that

can be addressed later in the risk analysis processes.

 It usually consists of a multidisciplinary set of experts.

 Under the leadership of a facilitator, they generate ideas

about a firm's risks.

 The process proceeds without interruption and without any
expression of judgment or criticism of ideas and without regard to
one's position in the organisation.

 Sources of risk are identified in broad scope and discussed by the

whole team.

 Risks are then categorised by type and their definitions sharpened.

 Brainstorming can be mire effective where participants prepare in

advance and the facilitator develops some risks in advance and the
meeting is structured by operational activity and risk category.
 ROOT CAUSE ANALYSIS-RCA
•A root cause is defined as a factor that caused a non-conformance
and should be permanently eliminated through process
improvement.

• RCA is defined as a collective term that describes a wide range of

approaches, tools, and techniques used to uncover causes of
problems.

• The root cause is another way to say the essence of something.

• Therefore, RCA is a systematic process used to identify the

fundamental risks that are embedded in the project.
• This is a tool that says good management is not only responsive but preventative.
Steps to RCA
• Machinery, Materials, Methods and People

• Often root cause analysis is used after a problem has already come
up.

• It seeks to address causes rather than symptoms.

• But it can be applied to assessing risk by going through the goals of

any root cause analysis, which ask:
• What happened?

• How did it happen?

• Why did it happen?

• Once those questions are addressed, develop a plan of action to

prevent it from happening again.
 SWOT Analysis
SWOT Analysis:
Analysis ensures examination of risks from each of the
SWOT perspectives to increase the scope of risks considered

•Begin with strengths and determine what those are as related to

the project.

•Weaknesses or things that could be improved or are missing from

the project.

•This is where the likelihood of negative risk will raise its head, while

positive risk come from the identification of

•Opportunities are another way of referring to positive risks and

threats are negative risks.
• When collecting SWOT, illustrate your findings in a four-square grid.

• The top of the square has strengths to the left and weaknesses to
the right.

• Below that is opportunities to the left and threats to the right.

• The left-hand side is helpful to achieving the objective of the project

and those on the right-hand side are harmful to achieving the

objective of the project.

• This allows for analysis and cross-reference.

 Risk Register
•A Risk Register is a living document that is updated regularly
throughout the life cycle of the project.

• It becomes a part of project documents and is included in the

historical records that are used for future projects.

• The risk register includes:

• List of Risks

• List of Potential Responses

• Root Causes of Risks

• Updated Risk Categories

 RISK REGISTER
• Similar to the risk assessment template for IT is a risk register.

• It also is a list to track risk, a tool that can be as simple as a

spreadsheet or as dynamic as a project management software.

• Basically, what a risk register does is identify and describe the list.

• It then will provide space to explain the potential impact on the

project and what the planned response is for dealing with the risk, if
it occurs.
• Furthermore, the risk register allows a project manager to
prioritize the risk, assign an owner responsible for
resolving it and gives a place to add notes as needed.
• The risk register is a strategic tool to control risk in a
project.
• It works to gather the data on what risks the team expects

and then a way to respond proactively if they do show up

in the project.
• It has already mapped out a path forward to keep the
project from falling behind schedule or going over budget.
 Probability and Impact Matrix
• Another tool for project managers is the probability and impact
matrix.

• It helps prioritize risk, which is important, as you don’t want to waste

time chasing a small risk and exhaust your resources.

• This technique combines the probability and impact scores of

individual risks and then ranks them in terms of their severity.

• This way each risk is understood in context to the larger project, so if

one does occur, there’s a plan in place to respond or not.

• The matrix is a box, broken up in probability on the left, ranging
from rare on top to very likely on the bottom.

• The top is the impact, going from trivial on the left to extreme on
the right. The individual boxes then are colored, so that the top left
corner is green for low risk.

• The middle, rising from the bottom left corner to the top right
corner is yellow for medium risk. The bottom right corner is red for
high risk.

• This provides a road toward reaching a priority list that gives project

managers the head’s up as to when to act and when they can keep a
risk on the backburner of a project.
 Risk Assessment Template for IT
• While this tool was developed for IT projects, it can be
expanded to speak to any project.
• What a IT risk assessment template offers is a numbered
listing of the risks, to keep them in order, and then ensure
that risk exist in the controllable environment.
• It basically provides a space in which to collect the risks of

a project, which is also helpful when executing the project

and tracking any risks that become reality.
• One of the aspects of the risk assessment template for IT is

that the spreadsheet has a built-in calculator that figures

out the likelihood of a risk in fact occurring and then
multiples that against the impact it would have on the
project or the organization.
• This way, a project manager knows the potential harm of
the risk and so can prioritize their response to it if or when
the risk happens.
 Documentation reviews

• The standard practice to identify risks is reviewing project

related documents such as lessons learned, articles,
organizational process, assets, etc
• This can be done by conducting a structured review of
previous documentation and reports of the firm.
• This is in order to ascertain whether there are any
historical issues likely to influence the nature and
direction of risks faced by the firm.
 Delphi Technique
 This is a method by which consensus of experts can be reached on
risk.
 Experts are identified but participate anonymously.
 Delphi technique helps reduce bias and minimises the influence of
any one person on the outcome.
A facilitator uses a questionnaire to solicit ideas about the
important risks facing the firm and responses are submitted and put
into risk categories.
 The risks are then circulated for expert review. Consensus on major
risks is reached after a few rounds of this process.
 Interviews
• An interview is conducted with project participants,
stakeholders, experts, etc to identify risks.
• Risks can be identified by interviews with experienced and
skilled experts within the firm.
• The appropriate individuals are selected and briefed.

• The interviewees identify risks based on their experience

in their respective operational areas and any other sources
they find useful.
 Checklist
It is also useful for organisations to develop checklists of
risks based on information collected from past activities.
 This could include loss event data etc.

The checklist is a quick way of identifying potential risks

and should not be considered as complete.
It should factor the possibility of other risks emerging and
being addressed.
 Assumptions Analysis
• Identification of different assumptions of the project and
determining their validity, further helps in identifying risks.

• Consider the underlying assumptions and scenarios used in the

various operational activities of the firm.

• Assumptions analysis is a technique that explores the accuracy of

the assumptions.

• It identifies risks relating to the firm arising from inaccurate,

inconsistent and incomplete assumptions.

• This is a useful technique given the role of that assumptions play in

the planning process of any firm.

 Diagramming technique

• Cause and effect diagrams useful for identifying causes of risk.

• System or process flowcharts show how various elements of a

system interrelate and the mechanism of causation.

• Similarly, influence diagrams provide a graphical representation of a

problem showing causal influences, time ordering of events and

other relationships among variables and outcomes.

THANK YOU
 Risk Data Quality Assessment
• Data is collated for the identified risks. The Risk manager will try to

find the precision of the data that must be analysed for completing
the qualitative analysis of risks.

• For each risk, in Risk Data Quality Assessment, the Risk manager
needs to determine:

• Extent of the understanding of the risk

• Data available

• Quality and reliability of the data

• Integrity of the data

 Probability And Impact Matrix
• The matrix helps in identifying those risks which require an
immediate response.
• The matrix may be customized according to the needs of
the project.
• Most companies do have a standardized template for this
matrix and project managers could leverage those
templates as well.
• Use of standardized matrix makes the matrix list more
repeatable between projects.
 PERFORM QUANTITATIVE RISK ANALYSIS
• The next step of Qualitative risk analysis is to analyse the
probability and impact of risks in Perform Quantitative Risk. The
purpose of Quantitative Risk Analysis is:

• Identification of risk response that requires urgent attention

• Identify the exposure of risk on the project

• Identify the impact of risk on the objective of the project

• Determine cost and schedule reserves that could be required if risk

occurs

• Identify risks requiring more attention

DETERMINING QUANTITATIVE PROBABILITY AND IMPACT
• Some of the techniques of quantitatively determining probability and impact of

a risk include:

• Interviewing

• Cost and time estimating

• Delphi technique

• Historical Records

• Expert judgment

• Expected monetary value analysis

• Monte Carlo Analysis

• Decision tree
 Expected Monetary Value Analysis
•Expected Monetary Value is a good measure to
determine the overall ranking of risks. The
formula is:
•EMV = P X I

•Where, EMV = Expected Monetary Value

•P = Probability

•I = Impact
Monte Carlo Analysis (SIMULATION Technique)
• The Monte Carlo analysis simulates the cost or schedule
results of the project. The primary inputs for this analysis
are the network diagram and estimates to perform the
project
• A Monte Carlo analysis:

• Requires a computer based program

• Evaluates the overall risk in the project

• Determines the probability of completing the project on

any specific day, or for any specific cost

Monte Carlo Analysis (SIMULATION Technique)

•Determines the probability of any activity

actually being on critical path
•Path convergence is taken into account

•Cost and schedule impacts can be assessed

•Results in a probability distribution

 Decision Tree
• Decision tree helps to analyse many alternatives at one
single point of time.
• They are models of real situation.

• A decision tree takes into account future events in making

the decision today.

• It helps calculate Expected Monetary Value in more
complex situations.
• It also involves Mutual Exclusivity.
 QUESTION AND ANSWER
1) List and explain any tools and techniques that can be used for risk
identification in your organisation?

2) Use Excel to develop a Risk register for your organisation.

3) Use excel develop a risk probability assessment.

4) Explain the steps in conducting a root cause analysis for your organisation.