Identify Risks Process

Previously in the process map, you have prepared a guide on how to manage project risk through the process of planning risk management. Next is the identify risks process, which involves finding and identifying risks that have the potential to have a positive or negative impact on the project. Yes, you have heard it right. Even though the term "risk" sounds a little bit negative, risk can be both positive or negative. Positive risks are often called as "opportunities".

In the process of identifying risks, the existing risks of the project are determined by using various tools and techniques, Expert opinions or data collection techniques and documented with appropriate documents. This continuous process of identification helps the project manager and the project team in terms of vision and flexibility. 

Identifying risks is an objective and responsibility of almost everyone in the project, including the project team, risk experts in your organization, external risk experts, key stakeholders, other stakeholders, customers, people who have historical experience and the project manager. It is very important to identify risks continuously throughout the project's life. That's because you may come across new risks at every single point of the project's timeline and if you did not identify them it may harm your project or at best you miss the opportunity of positive risks.

Outputs of Identify Risks Process

Risk Register: This document is created for the first time in this process. It contains the identified risks and information about those risks. It is updated in almost every other risk management process.

Risk Reports: It is a high-level document that summarizes the project risks.

How to Identify Risks in a Project?

Inputs to the Identify Risks Process

  • Project Management Plan: In order to be able to identify risks you have to know about all constraints, assumptions, threats and opportunities of the project. Components of the project management plan will help to find this information. Especially risk management plan will tell us the way to identify risks and it will guide us in the process. Scope baseline that is a part of the project management plan will give us the assumptions and constraints of the project together with the WBS which include all work packages composing of the scope of the project. Along with scope baseline, cost baseline and schedule baseline will be useful inputs while identifying risks.
  • Assumptions log: Risks are directly related with assumptions. We will be able to have an idea about potential risks by being aware of project's assumptions. 
  • Cost Estimates: Risks related with estimations of the project cost may be reached by using this document.
  • Duration Estimates: Risk may be occur about the estimated durations of the project.
  • Issue Log: Issues recorded so far may give hints about potential risks.
  • Lessons Learned RegisterPrevious experiences are especially helpful when it comes to identifying risks.
  • Requirements documentation and resource requirements: Risks may occur about requirements of the project and resource requirements
  • Stakeholder register: All stakeholders will be a party for identifying risks.
  • Procurement documentation: This input may help to identify possible risks about procurement processes as it consists of all of the necessary documents for procurements. 
  • Agreements: The terms of some agreements may lead possible risks.
  • Organizational Process Assets: All project files, process controls, risk statement formats and risk registers or checklists from previous similar projects are helpful OPA's.
  • Enterprise Environmental Factors: Commercial risk databases, checklist used by other members of the industry, academic studies, results of benchmarking programs are examples of EEF's.

Tools and techniques used in Identify Risks Process

  • Brainstorming: While doing this the aim should be identifying as much risks as possible by simply taking opinions of a group of experts.
  • Checklist: A common tool used by organizations to identify risks. Checklists are generally created as a result of former experiences.
  • Interviews: This can be done face to face or by using virtual tools, it can be done with everyone who has opinion about the project and who can be useful while identifying risks.
  • Root Cause Analysis: A common management tool to illustrate underlying causes of potential risks.
  • Assumptions and Constraints Analysis: The assumptions and constraints that have sufficient data, reasoning or basis, are strong candidates for being risks for the project's objectives. This tool evaluates the basis of items in the assumptions log.
  • SWOT Analysis: A common tool used to identify, opportunities and threats.
  • Document Analysis: It is a data analysis technique that is about reviewing and assessing any relevant documented information.
  • Facilitation: This skill is used to motivate and guide all stakeholders who are responsible for risk identification.
  • Prompt Lists: A very common tool used by the industry which includes a wide list of risk categories that may happen.