CISSP For Dummies
Book image
Explore Book Buy On Amazon

Identifying risks is everyone’s job and, thus, is covered on the PMP Certification Exam. Even though the risk management plan defines roles and responsibilities for risk management, everyone should be on the lookout for events that could negatively affect the project as well as opportunities to improve project performance. Think about it as a sailor in a crow’s nest with a telescope, constantly sweeping the horizon for perils.

Identify Risks. Determining which risks may affect the project and documenting their characteristics.

Risk identification and the subsequent analysis and response take place throughout the project.

Identify Risks: Inputs

To do a thorough job in identifying risks, you need to look at all the elements in the project management plan and all the other project documents as well as environmental factors associated with the project.

Planning takes place throughout the project, as does risk management. Not all project management plan components or project documents are available at the beginning of the project. As they become available, though, they should be referenced for sources of risk.

The four categories of documents you can look at are

  • Project management plan elements

  • Project documents

  • Enterprise environmental factors (EEFs)

  • Organizational process assets (OPAs)

Here is a list of the relevant information from each category.

  • Project management plan elements

    • Risk management plan

    • Cost management plan

    • Schedule management plan

    • Quality management plan

    • Human resource management plan

    • Scope baseline

    • Schedule baseline

    • Budget

  • Project documents

    • Project charter

    • Stakeholder register

    • Cost estimates

    • Duration estimates

    • Network diagram

    • Assumption log

    • Issue log

    • Performance reports

    • Earned value reports

    • Resource requirements

    • Procurement documents

  • Enterprise environmental factors (EEFs)

    • Benchmarks

    • Industry information

    • Studies, white papers, and research

    • Risk attitudes

  • Organizational process assets (OPAs)

    • Risk registers from past projects

    • Lessons learned

This probably seems like quite the laundry list. However, risk can come from any aspect of the project. That’s why it is important to review all project management plan elements, project documents, and the project environment to get a full understanding of the risks on your project.

Identify Risks: Outputs

The risk register is started as an output of this process. However, you will add to it as you analyze your risks and develop responses to them. Initially, you’re documenting your risks.

Documenting a risk statement like, “The budget is at risk” is not acceptable. That gives very little information to work with when addressing the risk. The following risk statements are much better:

Because the cost to install security cameras in a childcare center is greater than anticipated, there is a risk you will overrun the budget.

The city might not approve the plans, thus causing a schedule delay.

A team member might be reassigned to a higher priority project, thus causing a schedule delay.

All risk statements start with the cause and then define the effect. The approach to describing the risk event is different, but both approaches provide something to work with when deciding how to analyze and respond to the risk. At this point in time, you might already know how you’re going to respond to the risk event.

In that case, you can enter a potential response in the risk register. However, it’s a good practice to get a robust list of risks, analyze them, and then develop responses because a group of risks can often be addressed by one response. Your risk register will follow you throughout the rest of the risk management processes.

Risk register. A document in which the results of risk analysis and risk response planning are recorded.

The risk register details all identified risks, including description, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status.

The risk management plan describes how risk management will be structured and performed on the project. It is a management document. The risk register keeps track of identified risks, their ranking, responses, and all other information about individual risks. It is a tracking document.

Because you are progressively elaborating your project plan elements and your project documents, you will also progressively elaborate your risk register. As more is known about the project, existing risks can be further elaborated, and new risks will be identified.

About This Article

This article can be found in the category: