Risk Identification Process | Passing the PMP Exam: How to Take It and Pass It: How to Take It and Pass It

Risk Identification is the way project teams determine the risks that affect the project so that analysis and risk response can be performed. Risk Identification is an iterative process and continues throughout the life of the project.

Inputs to the Risk Identification Process

Risk Identification uses the Risk Management Plan as an input, whereas the Quantitative and Qualitative Risk Analysis processes use the Risk Register as an input. The inputs to Risk Identification are similar to the inputs to the Risk Management Planning process with the addition of the Risk Management Plan.

To identify risks, teams often enlist the aid of risk and technical experts, stakeholders, customers, and others, both inside and outside of the project team and organization, to identify risks. Involving the team increases accuracy and ownership as well as commitment to the project. In order to have an effective Risk Identification meeting, several conditions must be met.

First, it is important to create an atmosphere where team members are comfortable bringing up potential risks. Some organizations have a culture of "shooting the messenger" or emphasizing optimism over realistic risk assessment. A thorough examination of all possible risks can only occur in an environment that is perceived as safe and fair.

Second, the team must be able to identify potential risk events without evaluation. Brainstorming is a good way to do this. Some groups think that brainstorming occurs when they take turns sharing ideas and writing them down or even discussing them as they are brought up. This is not brainstorming. True brainstorming occurs without analysis or censorship, and when people have a free flow of ideas without defending, explaining, or evaluating their ideas. In the best brainstorming sessions, team members are participating fully and equally, writing their own ideas on Post-it Notes, then saying them out loud as they are "slapped" on a piece of flip chart paper. This method is called "Write It, Say It, Slap It" and uses auditory, visual, and kinesthetic modes for whole brain thinking. Remember, brainstorming is for generating ideas for identification of risks. Evaluation comes later during Qualitative Risk Analysis.

Third, all ideas should belong to the team, not to an individual. When the team puts forth an idea, especially an unpopular one, it carries more weight than a single individual, and no single individual is "blamed" for the bad news. Some team members may have less credibility than others, and the credibility of the team as a whole will generally outweigh the credibility of a lone team member.

Fourth, include the "right" people. Make sure you have technical, political, and organizational expertise in the meeting. Non-supporters, potential saboteurs, stakeholders, key functional managers, suppliers, and other project managers can greatly enhance the quality of the potential Risk Identification or opportunities when invited to participate.

A project team can sometimes skip Qualitative Risk Analysis when they have enough expertise and experience with previous projects and risk responses.

Q.	________ usually follows the Risk Identification process, but sometimes ________ directly follows the Risk Identification process when an experienced risk manager is involved.
		A.	Risk Management Planning, Quantitative Risk Analysis
		B.	Qualitative Risk Analysis, Quantitative Risk Analysis
		C.	Quantitative Risk Analysis, Qualitative Risk Analysis
		D.	Risk Monitoring and Control, Risk Response Planning

The correct answer is B. Risk Identification must precede Risk Analysis. A person who is experienced in risk management may be able to skip the Quantitative and Qualitative Risk Analysis and determine the risk response solely upon identification of the risks and previous experience.

Q.	The inputs to Risk Identification are similar to the inputs to the Risk Management Planning process with the addition of the ________.
		A.	Scope Statement
		B.	Risk Management Plan
		C.	Risk Identification method
		D.	WBS

The answer is B.

Tools and Techniques of Risk Identification

During planning meetings, the project team will conduct documentation reviews or use checklists and/or diagramming techniques to identify risks. A number of information gathering techniques, assumptions analyses, and diagramming techniques may be employed as part of the identification process. Diagramming techniques commonly used by project teams are cause and effect diagrams, flow charts, and influence diagrams.

Information Gathering Techniques

Brainstorming Using the project team and other experts to generate a list of risk events
Delphi technique Developing consensus through a polling technique in multiple rounds, moderated by a facilitator
Interviewing Interviewing subject matter experts or others experienced in projects
Root Cause Identification Inquiry into the causes of a project's risks
Strengths, weaknesses, opportunities, and threats (SWOT) analysis Using a SWOT analysis to identify risk events

Risk checklists, often developed from knowledge gained on previous projects and historical information, should be reviewed at project closeout for continuous improvement. As with brainstorming, when using risk tools and techniques, remember that if the project team participates fully, there will be more ownership for the outcome, in addition to greater accuracy.

Q.	Which of the following is NOT an information gathering technique for risk management?
		A.	Interviews
		B.	Probability and Impact Matrix
		C.	Delphi technique
		D.	Root cause analysis

The correct answer is B. The Probability and Impact Matrix is a component of the Risk Management Plan, used as an input to the Risk Identification process.

Outputs of the Risk Identification Process

The outputs of the Risk Identification process are contained in the Risk Register, a comprehensive document that includes:

Risks
Root causes
Potential risk responses (optional)
An updated list of risk categories from the RBS

The number of meetings required to complete the Risk Identification process is dependent on the complexity of the project. There may be a separate meeting for each project deliverable, risk category, or subproject, with the appropriate participants. The results of these meetings are transferred to the Risk Register, which is updated and used as a basis for Risk Monitoring and Control.

Q.	The Risk Register consists of:
		A.	Qualitative Risk Analysis, Quantitative Risk Analysis, and Risk Management Plan
		B.	Qualitative Risk Analysis, Risk Response Plan, list of identified risks
		C.	List of identified risks, potential responses, root causes, and updated risk categories
		D.	Risk Responses, Risk Categories, Risk Management Plan

The correct answer is C. The Risk Register is a comprehensive document that lists the risks, root causes, potential responses (optional), and an updated list of risk categories from the RBS. It uses the Risk Management Plan as an input, and the Quantitative and Qualitative Risk Analysis processes use the Risk Register as an input.

For teams that do not choose to use a formal Risk Register, the project risks may be tracked with an issues list or an open items list. Frequent and disciplined reviews of risks are an essential part of successful risk management.