In project management, risk identification begins at the earliest stages of a project and continues throughout the project life cycle. Project risks can include unknown issues and variability in cost, effort, timing, and benefits in relation to a specific project. As a project manager, it is your job to anticipate project risks and to implement the necessary controls before risks become insurmountable.
Project managers typically classify risks as either "threats" or "opportunities." The practice of risk identification focuses on reducing the probability and impact of a threat while increasing the probability and impact of an opportunity. During the risk identification phase, a project manager must establish the various risk categories that are pertinent to the project before selecting the appropriate tools and techniques to identify risks.
Projects can include the following types of risks.
Internal, nontechnical risks are risks within the control of project managers. These risks usually arise from a failure of the project organization or resources (human, material, or financial) to achieve their expected performance. Internal risks might result in schedule delays, cost overruns, or interruptions in cash flow. You can categorize these risks as threats or opportunities.
Internal, technical risks are those arising directly from the technology of the project or the work environment. Technical risks might include the design, construction, or operation of the facility, or the design of the product. These risks can arise from product changes or from a failure to achieve the needed levels of performance.
External, predictable risks are beyond the control of project managers. As a project manager, you must be ready to encounter these risks; however, more important is what you do to counteract them.
External, predictable risks include market activity (such as Wall Street activity); fiscal policies affecting currency, inflation, and taxation; environmental factors (such as weather); or social impacts. These risks also can be categorized as threats or opportunities.
External, unpredictable risks are beyond the control of project managers and are almost always categorized as threats.
It is vital for project managers to be risk-aware. By being aware of possible risks, you will be able to respond quickly if a problem occurs. Also, if the unexpected occurs, you will be able to focus your management efforts on the problems that cause the greatest disruption.
Use of experts
As the project manager, you continue through the risk identification process by assembling the project team and explaining the objectives of managing the risks in an appropriate and proactive manner. You must remain firmly in control at every stage of the process. You can select experts to assist in the identification of risk scenarios.
Experts should be knowledgeable individuals that have either an internal or an external affiliation to the project. External experts are useful to compensate for possible biases and to contribute independent views and opinions. The number of experts may vary from 3 to 4 for small projects, to 10 to 15 for larger projects.
Work Breakdown Structure
A Work Breakdown Structure (WBS) discloses risks that are inherent in the interdependency of the project work. Any event that lies at the start or completion of any of the project-related activities is a potential risk. These risks occur at clogging points in the network when analyzing the project plan. It's a good idea to look at all external interfaces, such as external supply, for potential failures by third parties.
Interviews and brainstorming sessions
As project manager, you can perform structured interviews and brainstorming sessions with experts to help identify project risks. For example, the Delphi method, which is a technique for problem solving and decision-making, permits you to harness the knowledge, expertise, and abilities of an entire group of disparate people. By using the Delphi Method, open-ended questions are posed to explore all facets of risk scenarios, and as a result, experts are used to arrive at a consensus. By using this type of analysis, a project manager attempts to determine the probability of occurrence and the performance, cost, and schedule impacts if the risk occurs.
Another useful strategy for identifying risk is brainstorming. Brainstorming is an efficient method that uses social interaction to enhance the risk identification process. It requires a competent and unbiased facilitator to help keep the discussion on topic. It is possible that dominating individuals will attempt to push their ideas onto the rest of the group, and weaker personalities might not get a chance to air their views.
The interviewer or brainstorming facilitator must have control of the situation and must think of a risk in terms of a what-if statement. The risk statements are the basis for analysis. An example of a poor risk statement is "communication is a problem." A more effective risk statement is "If we fail to communicate clearly, then effort will be wasted on resolving misunderstandings."
Other tools and techniques
Some other tools and techniques that are often used to enhance the risk identification process during interviews or brainstorming session include:
- A risk identification questionnaire is a document used to help team members identify project and technical risks. A risk identification questionnaire is a great document to share with key stakeholders early in the project cycle.
- A Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis helps you to focus your risk identification assessment on the strengths and opportunities of your project as well as the threats and weaknesses.
- An influence diagram is a simple visual representation of a decision problem. Influence diagrams offer an intuitive way to identify and display the essential elements, including decisions, uncertainties, and objectives, and how they influence each other. Influence diagrams show how risks influence one another. The power of this technique is to identify areas of influence.
- Assumption Analysis is a win/lose analysis. It focuses on events that might be detrimental to the project. It considers events a project manager wants to occur but might not occur, and events a project manager does not want to occur but might occur.
After you have identified and documented the potential risks in your project, you need to consolidate and categorize them. By managing risks, you eliminate duplication and mediate the different views that are expressed. You then submit the results to the project team to obtain their concurrence for the data that was gathered. The feedback from the project team can then be used as input in the next phases of risk management process. The focus of the process can then shift to Risk Analysis, Risk Response Planning, and Risk Monitoring and Control.
About the author Pcubed is a global company that provides program management and project management solutions, as well as services in consulting, outsourcing, technology, and training.