February 6, 2007
Risk Identification
Risk Identification ascertains which risks have the potential of affecting the project and documenting the risks’ characteristics. Risk Identification begins after the Risk Management Plan is constructed and continues iteratively throughout the project execution. The Risk Identification process naturally progresses into the Qualitative Risk Analysis or the Quantitative Risk Analysis Process. Sometimes it is wise to include the identification of a risk and its response in order for it to be included in Risk Response Planning.
At the beginning of the Risk Identification process it is a good idea to have gathered all of the inputs you and your team will need. The inputs to the Risk Identification Process are:
- The Project Management Plan - The Project Management Plan is used in gain an understanding of the project's mission, scope, schedule, cost, Work Breakdown Structure (WBS), quality criteria, and other elements.
- Risk Management Plan - The Risk Management Plan provides the blueprint of overseeing risk management throughout the project describing who, what, when, where, why, and how. The Risk Management Plan provides the following four critical inputs to Risk Identification:
- Assignment of roles and responsibilities - identifing the who of risk management by assigning the handling of specific tasks and roles to specific individuals.
- Budget provisions for risk-management activities - The approved funds available for risk-management activities. You will need to track your actual costs against these approved budget numbers.
- Schedule for risk management - The revised schedule including the time needed for risk-management activities over the duration of the project's life cycle.
- Categories of risk - The risk categories are used during Risk Identification to organize and prioritize risks as they are identified. Alternatively, the Risk Breakdown Structure (RBS) may be the source of risk categories.
- Project Scope Statement – The project scope statement defines the project boundaries and assumptions. During Risk Identification, risks to boundaries must be identified in order to mitigate scope creep, and assumptions must be reassessed to identify risks associated with them.
- Organizational process assets – Organizational process assets provide information from prior projects including historical information and lessons learned.
- Enterprise environmental factors - These factors include any and all external environmental factors and internal organizational environmental factors that surround or influence the project's success, such as organizational culture and structure, infrastructure, existing resources, commercial databases, market conditions, and project management software.
After gathering all necessary inputs, it is tie to employ the recommended tools and techniques of risk identification. The tools and techniques are:
- Documentation reviews - Documentation reviews involve comprehensively reviewing the project documents and assumptions from the project overview and detailed scope perspective in order to identify areas of inconsistency or lack of clarity. Missing information and inconsistencies are indicators of a hidden risk.
- Information gathering techniques - Information gathering techniques are used to develop lists of risks and risk characteristics. Each technique is helpful for collecting a particular kind of information. The five techniques are:
- Brainstorming – Brainstorm is employed as a general data-gathering and creativity technique which identifies risks, ideas, or solutions to issues. Brainstorming uses a group of team members or subject-matter experts spring boarding off each others' ideas, to generate new ideas.
- Delphi technique – The Delphi technique gains information from experts, anonymously, about the likelihood of future events (risks) occurring. The technique eliminates bias and prevents any one expert from having undue influence on the others.
- Interviewing – Interviewing in a face-to-face meeting comprised of project participants, stakeholders, subject-matter experts, and individuals who may have participated in similar, past projects is a technique for gaining first-hand information about and benefit of others' experience and knowledge.
- Root cause identification – Root cause identification is a technique for identifying essential causes of risk. Using data from an actual risk event, the technique enables you to find out what happened and how it happened, and understand why it happened, so that you can devise responses to prevent recurrences.
- Strengths, weaknesses, opportunities, and threats (SWOT) analysis - A SWOT analysis examines the project from the perspective of each project's strengths, weaknesses, opportunities, and threats to increase the breadth of the risks considered by risk management.
- Checklist analysis - Checklists list all identified or potential risks in one place. Checklists are commonly developed from historical information or lessons learned. The Risk Breakdown Structure (RBS) can also be used as a checklist. Just keep in mind that checklists are never comprehensive, so using another technique is still necessary.
- Assumptions analysis - All projects are initially planned on a set of assumptions and what if scenarios. These assumptions are documented in the Project Scope Document. During Risk Identification, assumptions are analyzed to determine the amount of inaccuracy, inconsistency, or incompleteness associated with them.
- Diagramming techniques - Diagramming techniques, such as system flow charts, cause-and-effect diagrams, and influence diagrams are used to uncover risks that aren't readily apparent in verbal descriptions.
- Cause and effect diagrams – Cause and effect diagrams or fishbone diagrams are used for identifying causes of risk
- System or process flow charts – Flow charts illustrate how elements and processes interrelate.
- Influence diagrams – Influence diagrams depict causal influences, time ordering of events and other relationships between input variables and output variables.
The tools and techniques used for the Risk Identification process are designed to help the project manager gather information, analyze it, and identify risks to and opportunities for the project's objectives, scope, cost, and budget. The information gathered is entered on the Risk Register, which is the primary output of Risk Identification.
- Risk Register - The Risk Register containing the results of the Qualitative Risk Analysis, Quantitative Risk Analysis, and Risk Response Planning. The Risk Register illustrates all identified risks, including description, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status. While the risk register will become the comprehensive output, Risk Identification process results in four entries in the Risk Register:
- Lists of identified risks – Identified Risks with their root causes and risk assumptions are listed.
- List of potential responses – Potential responses identified here will serve as inputs to the Risk Response Planning process.
- Root causes of risk - Root causes of risk are fundamental conditions which cause the identified risk.
- Updated risk categories - The process of identifying risks can lead to new risk categories being added.
Posted by Elyse at February 6, 2007 6:12 AM
Comments
show me how to use 0-1 scale for mapping risks
Posted by: moahloli at October 14, 2007 11:52 AMPost a comment
Did you miss?
IT Governance, the decisions needs by whom
Finally passed the test
Managing in light of McGregor's Theory X and Theory Y
CMMI
Kicking HIT Leadership Up a Notch
That's just some mumbo jumbo project management BS
Outcomes - The tactic to get to the strategy
Nurse Call, VOIP, and Wi-Fi: Its just cool when things come together!
Finally passed the test
Managing in light of McGregor's Theory X and Theory Y
CMMI
Kicking HIT Leadership Up a Notch
That's just some mumbo jumbo project management BS
Outcomes - The tactic to get to the strategy
Nurse Call, VOIP, and Wi-Fi: Its just cool when things come together!
Archives
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
August 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
November 2005
October 2005
September 2005
August 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
August 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
November 2005
October 2005
September 2005
August 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
Blogs
Cafe au Lait
Joel on Software
David Ross
Edward Prevost
Martin Fowler
The Health Care Blog
The Tales of Hoffman
The Business Word
Medical Rants
Christina's Considerations
Paul Levy
HIS Talk
Appropriate IT
Candid CIO
Joel on Software
David Ross
Edward Prevost
Martin Fowler
The Health Care Blog
The Tales of Hoffman
The Business Word
Medical Rants
Christina's Considerations
Paul Levy
HIS Talk
Appropriate IT
Candid CIO
Subscribe
RSS feed
© Copyright 2003 - 2007 Elyse Nielsen