|
11.2 Risk Identification
|
Risk identification involves determining which risks might affect the project
and documenting their characteristics.
Participants in risk identification generally include the following, as possible:
project team, risk management team, subject matter experts from other parts of the company,
customers, end users, other project managers, stakeholders, and outside experts.
Risk identification is an iterative process. The first iteration may be performed
by a part of the project team, or by the risk management team. The entire project team and
primary stakeholders may make a second iteration. To achieve an unbiased analysis, persons who
are not involved in the project may perform the final iteration.
Often simple and effective risk responses can be developed and even implemented as
the risk is identified.
 |
|
|
|
|
|
 |
11.2.1 Inputs to Risk Identification
.1 Risk management plan. This paln is described in Section 11.1.3.
.2 Project planning outputs. Risk identification requires an understanding of the project´s mission, scope, and objectives of the owner, sponsor, or stakeholders. Outputs of other processes should be reviewed to identify possible risks across the entire project. These may include, but are not limited to:
Project Charter.
WBS.
Product description.
Schedule and cost estimaties.
Resource paln.
Procurement plan.
Assumption and constraint lists.
.3 Risk categories. Risks that may affect the project for better or worse can be identified and organized into risk categories. Risk categories should be well defined and should reflect common sources of risk for the industry or application area. Categories include the following:
Technical, quality, or performance
risks—such as reliance on unproven or complex technology, unrealistic perfromance goals, changes
to the tecnology used or to industry standards during the project.
Project-management risks—such as poor
allocation of time and resources, inadequate quality of the project plan, poor use of project
management disciplines.
Organizational risks—such as cost, time,
and scope objectives that are internally inconsistent, lack of prioritization of projects,
inadequacy or interruption of funding, and resource conflicts with other projects in the
organization.
External risks—such as shifting legal or
regulatory environment, labor issues, changing owner priorities, country risk, and weather.
Force majeure risk such as earthquakes, floods and civil unrest generally require
disaster recovery actions rather than risk management.
.4 Historical information. Information on prior available from the following sources:
Project files—one or more of the organizations involved in the project may
maintain records of previous project results that can be used to indentify risks. These may be
final project reports or risk response plans. They may include organized lessons learned that
describe problems and their resolutions, or be available through the experience of the project
stakeholders or others in the organization.
Published information—commercial
databases, academis studies, benchmarking, and other published studies may be available for
many appliction areas.
11.2.2 Tools and Techniques for Risk Identification
.1 Documentation reviews. Performing a structured review of project plans and assumptions, both at the total project and detailed scope levels, prior project files, and other information is generally the initial step taken by project teams.
.2 Information-gathering techniques. Examples of information-gathering techniques used in risk identification can include brainstorming; Delphi; interviewing; and strengths,weaknesses, opportunities, and threats (SWOT) analysis.
Brainstorming. Brainstorming is
probably the most frequently used risk identification technique. The goal is to obtain a
comprehensive list that can be addressed later in the qualitative and quantitative risk
analysis processes.
The project team usually performs brainstorming, although a
multidisciplinary set of experts can also perform this technique. Under the leadership of a
facilitator, these people generate ideas about project risk. Sources of risk are identified in
broad scope and posted for all to examine during the meeting. Risks are then categorized by type
of risk, and their definitions are sharpened.
Delphi tecnique. The Delphi
technique is a way to reach a consesus of experts on a subject such as project risk. Project risk
expertsare identified but participate anonymously.
A facilitator uses a questionnaire to solicit ideas about the important
project risks. The responses are submitted and are then circulated to the experts for further
comment. Consensus on the main project risks may be reached in a few rounds of this process.
The Delphi tecnique helps reduce bias in the data and keeps any person from having undue
influence on the outcome.
Interviewing. Risks can be
identified by interviews of experienced project managers or subject-matter experts. The person
responsible for risk identification identifies the appropriate individuals, briefs them on the
projects, and provides information such as the WBS and the list os assumptions. The interviewees
identify risks on the project based on their experience, project information, and other sources
that they find useful.
Strengths, weaknesses,
opportunities, and threats (SWOT) analysis. Ensures examination of the projectfrom each of
the SWOT perpectives to increase the breadth of the risks considered.
.3 Checklists. Checklists for risk identification can be developed based on historical information and knowledge that has been accumulated frfom previous similar projects and from other sources of information. One advantage of using a checklist is that risk identification is quick and simple. One disadvantage is that it is impossible to build an exhaustive checklist of risks, and the user may be effectively limited to the categories in the list. Care should be taken to explore items that do not appear on a standard checklist if they seem relevant to the specific project. The checklist should itemize all types of possible risks to the project. It is important to review the checklist as a formal step of every project-closing procedure to improve the list of potential risks, to improve the description of risks.
.4 Assumptions analysis. Every project is conceived and developed based on a set of hypotheses, scenarios, or assumptions. Assumptions analysis is a technique that explores the assumptions´validity. It identifies risks to the project from inaccuracy, inconsistency, or incompleteness of assumptions.
.5 Diagramming techniques. Diagramming techniques may include:
Cause-and-effect diagrams (also know as
Ishikawa or fishbone diagrams)—useful for identifying causes of risks (described in
Section 8.1.2.3).
System or process flow charts—show how
various elements of a system interrelate and the mechanism os causation (described in
Section 8.1.2.3).
Influence diagrams—a graphical
representation of a problem showing casual influences, time ordering of events, and other
relationships among variables and outcomes.
11.2.3 Outputs from Risk Identification
.1 Risks. A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on a project objective.
.2 Triggers. Triggers, sometimes called risk symptoms or warning signs, are indications that a risk has occurred or is about to occur. For example, failure to meet intermediate milestones may be an early warnning signal of an impending schedule delay.
.3 Input to other processes. Risk identification may identify a need for further action in another area. For example, the WBS may not have sufficient detail to allow adequate identification of risks, or the schedule may not be complete or entirely logical.
previous page
