3 December 2022

Risk Management processes : Identify Risks

Purpose

  • Risk identification will produce the list of risks that will be the basis for subsequent analysis.
    • During risk planning, you identified the tools to use and assigned responsibilities for conducting meetings and workshops.
    • You need to ensure good administration of the meetings by selecting the “right” people to attend and by taking minutes of meetings.
    • Since you can choose from many different tools, you should brief the participants on the tool to be used and encourage a free exchange of information.
    • You should identify the bulk of project risks at this stage, but, as you proceed in the project, you will most definitely identify more risks, so be prepared and be flexible.
  • Identify risks is an iterative process all along the project life cycle.

Inputs

  • Project Charter
  • Project management plan
  • Requirements management plan
  • Plans
    • Time, Money and Quality.
      • A large percentage of any project risks will be related to these 3 areas.
      • You should review the method used to develop these 3 in your project and how they will be controlled.
      • You might discover errors.
    • Schedule management plan
    • Cost management plan
      • The project’s cost management plan provides control that may help determine the structure for quantitative analysis of the budget.
    • Quality management plan
  • Resource management plan
    • From the plan you can get the project organization structure, know about roles and responsibilities and staffing arrangements.
  • Risk management plan
    • From now on, you will use the risk management plan as an input in the remaining processes.
    • In this process, you will find useful information that will help you to identify risks like risk categories.
      • List of common risk categories
      • RBS
      • Risk-related roles and responsabilities
  • Scope baseline
    • You will find assumptions and the WBS.
    • Both are important for identifying risks.
    • Project scope statement
    • The project scope statement will reveal the type of project as either a recurrent or first-of-its-kind project.
    • Deliverables and acceptance criteria
    • WBS
  • Schedule baseline
    • You will find assumptions and the WBS. Both are important for identifying risks.
    • Milestones
    • Deliverables due dates
  • Cost baseline
  • Project documents
    • Such as logs, registers and method statements
    • Assumption log
    • Estimates
      • You need to review the estimations that the project team already made for cost and time.
      • Different techniques for estimations may be used and you should check for consistency and correctness.
      • Wrong estimation for the duration or cost of a task is a source of risk.
      • Activity cost estimates
        • Activity cost estimates provides a quantitative assessment of the likely cost to complete the scheduled activities
      • Activity duration estimates
    • Issue log
    • Lessons learned register
    • Requirements documentation
    • Resource requirements
    • Stakeholder register
      • You should use the register to select stakeholders who will participate at the various risk identification meetings.
      • Stakeholders
        • Stakeholders are the individuals that will need a sense of ownership and responsibility for the risk events.
        • If your stakeholders are risk seekers (détecteurs), this means they will want to manage even a small risk to avoid issues with the project, in this case, the number of risks will be higher.
        • If your stakeholders are risk-averse …
        • If your stakeholders are risk-neutral …
        • If the risk attitude of stakeholders is high …
        • Also from the register, you can check if some stakeholders are missing.
        • In addition, you can compare the stakeholders’ requirements to the project objectives and identify possible conflicts.
        • Potential risk owners
  • Other project documents
  • Agreements
    • Milestone dates
    • Contract types
    • Acceptance criteria
    • Awards and penalties that can present threats and opportunities
  • Procurement documentation
    • Purpose
      • Here is a big source of risks.
      • You need to make sure that such documents (like request for quotation) describe the service or product you intend to purchase in good details.
      • Also you need to make sure such documents are consistent with the company policy.
    • Initial procurement documentation
    • Seller performance report
    • Approved change requests
    • Information on inspections
    • Other procurement documents
  • EEF
    • Purpose
      • For risk identification, the more information you review, the better.
      • Here, you will find information like risk attitude and published case studies.
      • Depending on the time and resources, you can investigate the company more deeply to know about its cultural characteristics that may be sources of risks.
      • For example, some companies have a “blame culture” where staff are blamed for mistakes and, as a result, are not encouraged to be innovative; or a “live and let live” culture that is characterized by complacency (suffisance, autosatisfaction).
    • Published material, commercial databases or checklists
    • Academic studies
    • Benchmarking results
    • Industry studies of similar projects
  • OPA
    • Purpose
      • Here, you will find information like risk templates and procedures.
      • In addition, you will find the lessons learnt from similar projects.
    • Historical records
    • Historical information
    • Project files, including actual data
    • Organizational and project process controls
    • Risk statement formats
    • Checklists from previous similar projects

Tools and Technics

  • Purpose
    • You have many tools for risk identification.
    • However, they all follow the same basic concept of taking you systematically and step by step to logically see risks.
    • Depending on your project scope and resources, you should select the appropriate tools and how many of them to use.
    • Some tools are stronger than others; for example, from my experience, I found that brainstorming, when done thoroughly, will enable you to discover more than 75% of all risks.
  • Expert judgment
    • Expert opinions are powerful tools to be used in almost every process.
    • Experts have developed senses that enable them to spot risks a mile away.
    • They are the people who give you the simple solution that you often wonder: “why didn’t I think of that”.
    • However, be aware of their bias, and, sometimes, overconfidence.
  • Data gathering
    • Brainstorming
      • Collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies
      • Brainstorming is used to rank the ideas through group discussion.
    • Checklists
      • Use of structured checklists to collect information that will assist with the recognition of the significant risks
    • Interviews
      • Expert interviews
      • Other interviews
    • Others techniques
      • Forms
      • Sticky Notes
      • Questionnaires
        • Use of structured questionnaires to collect information that will assist with the recognition of the signifi cant risks
        • Questionnaires have the advantage that they are usually simple to complete and are less time-consuming than other risk assessment techniques.
        • However, this approach suffers from the disadvantage that any risk not referenced by appropriate questions may not be recognized as significant.
      • Cause and effects (Ishikawa) diagrams
      • Delphi technique
        • In Delphi, you send a questionnaire to stakeholders anonymously so they can give their input without any fear.
        • in Delphi a moderator collects opinions anonymously and compiles them
      • Risk Breakdown Structure
        • Remember, the RBS is, basically, a checklist.
      • Documentation reviews
      • Diagramming techniques
        • Flowcharts
          • Analysis of the processes and operations within the organization to identify critical components that are key to success
      • Checklists
        • Use of structured checklists to collect information that will assist with the recognition of the signifi cant risks
          Checklists have the advantage that they are usually simple to complete and are less time-consuming than other risk assessment techniques.
        • However, this approach suffers from the disadvantage that any risk not referenced by appropriate questions may not be recognized as significant.
        • Use of checklists to collect information that will assist with the recognition of the significant risks
        • Checklists give you a structure for identifying risks.
          • You implement this tool by first selecting the right checklist for your project.
          • Next, discuss with your team and stakeholders whether each risk mentioned in the checklist is applicable to the project at hand.
          • You can find a variety of checklists; for example, you can find lists for risks in project management, construction, IT, communication, etc.
          • You should not make this tool the only tool to use because it does not stimulate innovation in risk identification the way other tools – such as brainstorming – do.
          • If you only use a checklist, then you run the risk of overlooking risks that are not mentioned in the list.
      • Other information gathering techniques
        • Nominal group technique
          • In the nominal group technique, after a discussion, you vote to rank the ideas for further discussion.
          • In the nominal group technique, after a discussion voting takes place to rank opinions.
  • Data analysis
    • Root cause analysis
      • Identified risks are reorganized by their root causes to help identify more risks
    • Assumptions and constraints analysis
    • SWOT analysis
      • Strengths, weaknesses, opportunities, threats (SWOT) analysis offer structured approach to risk identification.
      • Strengths, weaknesses, opportunities, and threats (SWOT) analysis
      • At the beginning of your project, you had expectations and made guesses.
      • At the time of risk assessment, this could be many weeks ago, and it is a good idea to revisit them (this should encourage you to actually write your assumptions).
    • Documentation analysis
      • Plans
      • Assumptions analysis
        Here you use visual representations to stimulate your brain for identifying even more risks.
        You can use cause and effect charts, flowcharts and influence diagrams.
      • Constraints
      • Previous project files
      • Contracts
      • Agreements
      • Technical documentation
      • Checklist analysis
        • Risk category prompt lists discussed earlier
    • Other techniques
      • Dependency analysis
        • Analysis of the processes and operations within the organization to identify critical components that are key to success
      • Checklist analysis
        • Provide a quick and simple listing of the project risks
  • Interpersonal and team skills
    • Facilitation
      • Affinity diagrams
      • Nominal group technique
      • Failure modes and effects analysis (FMEA)
        • HAZOP (Hazard and operability) studies and FMEA (failure modes effects analysis) are quantitative technical failure analysis techniques also known as fault tree analysis
        • The goal of FMEA is to design the failure out of the product.
      • Conduct a pre-mortem
    • Questionnaire
  • Prompt lists
    • Checklists
      • Use of structured checklists to collect information that will assist with the recognition of the signifi cant risks
    • PESTLE
      • Political, economic, social, technological, legal, environmental (PESTLE) analysis offer structured approach to risk identification.
      • Political
      • Economic
      • Social
      • Technological
      • Legal
      • Environment
    • TECOP
      • Technical
      • Environmental
      • Commercial
      • Operational
      • Political
    • SPECTRUM
    • VUCA
      • Volatility
      • Uncertainty
      • Complexity
      • Ambiguity
  • Risk Identification Meetings
    • Risk workshops
      • Collection and sharing of ideas at workshops to discuss the events that could impact the objectives, core processes or key dependencies
    • Agile project pre-mortem
      • Imagine the future
      • Generate the reasons for the failure
      • Consolidate the list
      • Revisit the plan
  • If you assess the identified risk events in the project with the project team members and subject matter experts interviews and/or meetings are the best to assess the risk events in the project.
  • Tricks
    • Meet Face-to-Face if Possible
    • Look for the Root Cause Risk
    • Make Separate Lists of Threats and Opportunities to Prevent Identifying Only Threats
    • Risks Should Be Clarified
    • Include Risks Relating to Integration
    • Look at Assumptjons
    • Quantity Is Quality
    • Dealing with Team Member Discouragement
    • Using a Prompt List of Risk Categories
    • Using the Prompt List of Risk Categories with the Cause-Risk-Effect Format
    • Review Historical Records
    • Review Other Documentation
      • Inputs to risk management
      • Requirements documentation
      • Drawings
      • Specifications
      • Contracts and purchase orders
      • Requests for proposal
      • E-mails and other correspondence
    • Follow the Steps for Brainstorming to Identify Risks
    • Collect Risks from All Stakeholders
    • Conduct a “Pre-Mortem”
    • Equalize Participation
    • Use Anonymity
    • Use a Combination of Methods
    • Risk management identification is iterative

Outputs

  • Risk Register
    • Purpose
      Your task here is to create the risk register and register fill it with the identified risks.
      However, if you identify additional information such as possible responses to risks, you should still log them for further analysis in upcoming processes.
      Risk management is separated to identification, assessment and control for the purpose of simplification, but in real life you can do all three instantaneously in your mind.
    • List of identified risks
    • Possible basic cause and response
    • Potential risk owners
      • Proposed risk owners
    • List of potential risk responses
      • Proposed Risk Responses
    • Additional data
      • Short risk title
      • Risk category
      • Current risk status
      • One or more causes
      • One or more effects on objectives
      • Risk triggers
      • WBS reference of affected workpackages
      • Timing information
      • Deadlines
      • Root causes of risks
      • Updated risk categories
      • Potential impacts
  • Risk report
    • Source of overall project risk
    • Overall project risk exposure
    • Summary information on identified project risks
      • Number of identified threats and opportunities
      • Distribution of risks across categories
      • Metrics
      • Trends
  • Project document updates
    • Assumption log
    • Issue log
    • Lessons learned register

PMI-RMP Certification exam flashcards

Created : 19/05/2022

Leave a Reply

Your email address will not be published.