Understanding risk-identification methods

You cannot fix what you don't understand. Moving forward on a project without performing appropriate risk identification is like heading out on a hike in the wilderness without a GPS or a map. It’s easy to get yourself quite lost when you encounter the unexpected.

Risks represent the unexpected in my hiking analogy. Different types of projects have different risks, and if you don't know your risks, what the probabilities is of them occurring and the impact they'll have, it’s impossible to manage them effectively. So, conducting an appropriate risk identification process is crucial.

How to properly identify risk? Here are three approaches that you can use on your projects:

1. Hold a risk workshop or brainstorming session.

As they say several heads are better than one, and this holds true when it comes to identifying project risk. Don't limit yourself to your project team during these workshop. It's a good idea to involve your key stakeholders, sponsor and maybe other project managers in the session. To make these brainstorming sessions more effective, it's important that you participate in the workshop with a checklist of questions you want answers for.

In the session, have everyone come up with their top five risks. Capture all the potential risks. There are no bad ideas. You will sort through them later.

The trick during the brainstorming session is to think at a high-level, so you get a broad set of risks.

2. Look to industry specific risk categories you'll need to cover.

For example, in the construction industry there are safety risks. In IT there are information requirements risks and risks involving the creation of solutions that are too complex. To help, most industries have associations, online resources and risk tools that you can leveraged. Use them to identify risks. Examine your project against others in your industry. You might also find resources through other project managers involved in your industry. The project management Institute also has project management standards for projects in government, software and construction that are useful.

3. Look at your work breakdown structure or WBS, and identify risks by task or groups of tasks.

As you will use the task in the WBS to deliver your projects, using the identified task in the WBS can trigger risk ideas that you otherwise would have missed. This is a good systematic last step to help ensure you have thoroughly considered potential risks that may claim your project. You can’t address risks you have not identified. Launching your risk management approach with thorough and well considered risk identification practices will help ensure you manage your project in a controlled, proactive manner

Categorizing and consolidating risks

There is benefit to having a large number of risks identified for your project. But managing an extensive number of risks can be awkward and cumbersome. It is good to sort things out. Place items in separate categories, and reorganized. How will you ensure your risks are well-organised so you can manage them?

Here are the typical ways to categories risks and some tips for using those category wisely.

1. Look at the triple constraints of time, scope, and costs, as well as quality and resources. Look at how your risks may impact your project, and identify any budget, schedule, personnel and requirements risks. Try to find any risks that have some common causes.

2. Categories risks by business areas, such as external market risks or shifts in business strategy. This can be very helpful when you are dealing with your client and the risk they may bring to the project. Taking this approach can enhance the perception that you were managing the project with your client and their needs in mind. It can also help engage your client to ensure you manage the risks appropriately.

3. By technical topics. These might include design and development problems, testing and maintenance risks, and technical uncertainty, or you can use technical product risks, such as a requirement potentially being too complex or other risks such as managing external vendors.

4. Utilize integration risks category. Integration risks surface when you are working on your project and there are many other things happening in the organization. If you have nine other projects targeting a particular business area, this might signal a need to address integration risks, when solutions need to be brought together. As all the changes brought about by these projects may need to be coordinated, significant risks could surface. This is a risk topic that is often overlooked by project managers.

Related Article: Project Integration Management

Although these are common risk categories, you may find others are more useful on a specific project you manage. No matter the categories you use.

Here are a few tips for managing risks with risk categories:

• Don't hesitate to revise your risk categories if it's helpful. As the project progresses you learn more about the risks are substantial. As result more relevant categories may surface. Some risks may blend in to other categories, depending on the stages in your project. So keep your eye on the ball. Continue to identify risk and risk categories as the project unfolds. You can do this as part of your regular team Status meetings.

• Keep your risk categories short and simple. Try to avoid a multitude of categories so you and your team don't have a hard time keeping them all contained.

• Be as concise as you can when assigning risk categories. Package the risks so there is a common relevance across different areas of the project that you, your project team and other stakeholders can easily understand.

Using well-crafted risk categories can help you manager project risks more easily but also helps your stakeholders to see the risks for what they are and helps you make better decisions to address them

Writing risk records

A large number of risk management plans get thrown the trash with exasperated project managers and sponsors screaming things like, despite our work this risk plan is useless. The difference between risk plans that work, and those that do not usually comes down to one simple element: the way risks are written. Do you know how to write appropriate risk records?

Formula for writing effective risk records :

• Adapt this simple structure. A properly structured risk record is easy as PIE. Probability of impact as the result of an event. Add the cause of the event and you will have a perfectly useful risk record.

• Don’t hesitate to have multiple risk records for the same risk. In each record you outline different causes because the mitigation action will be different.

• Don't write the records and leave them to collect dust. You need to be continually going back to your records to see how the risks are tracking. As the project progresses your risk may change, specifically with probability of occurring and potential impacts. You may also surface other potential causes for the risk to occur.

Keep your risks current and you will always be on top of things that could derail your project. You might think it seems a bit redundant to write multiple records for risks with the same impact and keep reviewing them all the time. However, you will want to understand when you need to act to address the risks and ensure those actions will be useful.

Starting with specific and structured risk records, make sure risks are relatively easy to review and update. With well-crafted risk records your risk management plan can be pragmatic and efficient and a well-crafted risk plan proactively addresses the problems that can plague your project, which can be the difference between successful deliveries of project outcomes or a project that gets cancelled before delivers any value

Building a risk register

So, you have a collection of items that you want to keep track of and cared for appropriately. First thing you would do is find a place to keep them, right? Many project managers draft a set of risks but create a problem for themselves because they don't create a common and accessible place to keep and care for them. To prevent yourself for having this problem on your projects, it is important to create a risk register. Let’s examine the data elements you include in a useful risk register.

• The risk register captures details for the risks that have been identified at the beginning and during the life of the project. It also includes the high, medium or low grades in terms of their likelihood of occurring and how seriously that impact your project

• Include the plans for treating each risk as well as the costs of any treatment strategy, who is responsible to execute and the result if that strategy was executed.

• Identify the owner of the risk and how the risk is tied to a task or series of tasks in the project schedule. Risks typically manifest themselves in the execution of tasks or a hurdle to executing a task appropriately. As a means of tracking your risks appropriately and understanding when they might occur, having risks tied to tasks is a useful management practice.

(download the sample risk register template by clicking here)

Best practices for making the risk register:

1. Use your risk register as a risk focus task or to-do list. You should have statuses related to each risk and allocate action items to each risk. You should also assigned resources to each risk related action, so it's clear who is responsible for managing the risks.

2. Ensure you understand the ins and outs of your project, before you build and publish your first risk register. This allows you to collect the knowledge and understanding of your key stakeholders and understand how they want to manage risk. It also helps to know where to get the information you're going to need to ensure your risks are relevant.

3. Sort the risks in your risk register by probability and impact to your project. You’ll be dealing with a number of risks in a typical project. However, you do not need to share every risk with your sponsor and senior stakeholders. They will probably only be interested in the risk that they have to address themselves. Having a risk register sorted appropriately means you can easily share the top risks with senior stakeholders.

4. Make your risk register complete but keep it brief and to the point. Your risk register should be much more than a list, saying you have 20 risks. Ensure it can quickly convey essential risk information and what you’re doing about the risks. Also make sure it updated at least after every status meeting.

Your risk register will serve as a great tool if you are vigilant by including and maintaining the right information throughout the project. It brings your risk management plan to life, and gives you a concise crisp summary of the status of all the risks on your project at any point in time

For other articles in Project Risk Management, see also:

• Project Risk Management: Creating a Risk Plan

• Project Risk Management: Identifying Project Risks

• Project Risk Management: Analyzing Project Risks

• Project Risk Management: Responding to Project Risks

• Project Risk Management: Monitoring and Controlling Project Risks

If you are looking for even more information on managing risk, I encourage you to check out some very insightful books:

Risk Management: Concepts and Guidance by Carl Pritchard is a great book that addresses risk concepts that can be applied to any project.

Here are good references for handling IT-based projects.

• Waltzing with Bears: Managing Risk on Software Projects by Tom DeMarco and Timothy Lister

• Managing Risk: Methods for Software Systems Development by Elaine M. Hal

#ProjectRiskManagement #featuredpage1