Identify Risks

This article contains most of the important information you need to know about Develop Schedule process in order to answer questions related to this topic in the PMP Exam, I recommend you review this type of articles 1 week before your exam date, all information mentioned are based on PMBOK Guide 6th edition and PMP Exam Prep 9th edition for Rita Maclhy’s, ITTO refers to Inputs, Tools & Techniques and outputs.

This process is a part of Planning Process group and Risk Management Knowledge Area with the following ITTO’s


  1. Project Management Plan (Requirements , Risk , Cost , Schedule , Quality , Recourses Management Plans , Scope, Cost , Schedule Baselines )
  2. Project Documents ( Cost Estimates ,Duration Estimates ,Assumptions Log , Issue Log , Lessons Learned Register ,Stakeholder Register , Requirements Documentation , Resources Requirements )
  3. Procurement Documents
  4. Agreements
  5. Enterprise Environmental Factors
  6. Organization Process Assets.


Tools & Techniques:

  1. Expert Judgment
  2. Data Gathering ( Checklist , Brainstorming , Interviews )
  3. Data Analysis ( Root Cause Analysis , Assumption and constraint Analysis, SWOT Analysis , Document Analysis )
  4. Interpersonal and Team Skills ( Influencing )
  5. Prompt Lists
  6. Meetings


  1. Risk Register
  2. Risk Report
  3. Project Document updates ( Assumption Log , Issue Log , Lessons Learned Register )


  • Objectives of this process are to identify and record a long list of risks , make sure all risks are in Cause-Risk-Effect format ( Metalanguage) and understands all listed risks.
  • Usually risks listed in this process included details such as potential risk owner, triggers and potential responses.
  • As a professional Project manager a good time should be spent to gather information and collect requirements from key stakeholders , have a well defined scope as unclear requirements or scope is a Major risk of the project that may have a negative cost and schedule impact .
  • Meeting experts face to face is a perfect tool as meetings virtually or using email for risk management decreases the quantity and quality of risks identified.
  • Any risk with 80% or above probability should be treated as a fact .
  • A Good tool used to differentiate risks from facts is use the casue-risk-effect format for naming risks .
  • Risks effects are usually related to project objectives, constraints and tolerances.


  • Critical success factors of identify Risk process includes the following :
  1. Early identification, it enables ley decisions to take maximum account of risks inherent in the project.
  2. Iterative identification, the frequency of iteration is defined in plan risk management process , and it can be done at key milestones and on significant changes.
  3. Emergent Identification, As risks in nature can be identified anytime.
  4. Comprehensive Identification, As a broad range should be used.
  5. Opportunities to be considered not only threats.
  6. Multiple perspectives, it should be done with key stakeholders from different perspectives.
  7. Risks linked to project objectives, each identified risk must be linked to at least on project objective.
  8. Complete Risk statement, Each identified risk should be clearly stated in the metalanguage format.
  9. Ownership and level of detail, each risk owner should be identified with detailed description of his role , risk triggers should be mentioned as well.
  10. Objectivity , All biases should be recognized and addresses as early as possible , biases effect on risk management should be controlled and managed proactively.
  • A Well-defined risk is written in the Metalanguage format , Cause-risk-Effect , it should be well worded and specific to the project.
  • Opportunities should be identified to balance out the negative occurrences ( Threats ) , as well as to take advantage of additional benefits to the project , a separate list of opportunities should be created.
  • While identify risks the project manager should look at the assumptions list , it is a good source of risk.
  • Risks identified are recorded usually in 2 forms , Sticky Notes & Forms..
  • Risks could be identified during checklists, it is a great tool during initiating , before a charter is created and before formal risk management begins .
  • Note that risks that are identified are less likely to occur as they changed from unknown unknowns to known unknowns.


  • Major tools and techniques to identify risks :
  1. Prompt List , Generic list of risk categories , used as a starting point to customize a list of risk categories most relevant to your project, while identifying risk using categories , the risk category might be inserted in the Cause column of the risk format , make sure there is no forgotten risk category from the prompt list you are using.
  2. Risk Breakdown Structure, which arrange risks though category .
  3. Historical Records, Looking at records from past projects as it will save time in risk management.
  4. Review Project documents, making sure all project documents are available.
  5. Brainstorming, meeting to come up with ideas or solve a problem, it help participants build on each other idea , a brainstorming session should be conducted in with 2 scribes , one to facilitate and one to record ideas , it can build a very long list of risks quickly .
  6. Conduct a pre mortem , meeting to come up with ideas, the group of participants are asked to imagine that the project is completed or terminated , and it failed to achieve one or more objective, then they will start mentioning why the project was failed , they should imagine the project is a success to list opportunities.
  7. Affinity diagram, Risks identified from other tools are grouped in this tool and categorized as per similarities , each group is given a title.
  8. Expert Interviews, this tool can be done in all steps of risk management processes , It can be done through emails, meetings, letters and telephone calls , the best interview could be done with 3 team members, one ask questions, one records answers and one looks for nonverbal communication of the stakeholder.
  9. Nominal Group technique, mainly used when you need to gain a group opinion not individual, it helps gaining the group buy in .
  10. Delphi Technique, to obtain agreement on what risks exists in the project, or on the quantitative risk analysis results.
  11. Cause and effect Diagram, used to evaluate causes of risk events, helps team members visually determine potential and sub causes
  12. Failure Mood and effect Analysis / Fault tree analysis , especially used for engineering design , looks for failure modes ( The ways a product or project may fail ) , it designs a failure out of the product, each failure mode will have a list of risks , the risks with the highest Risk Priority number ( RPN) will be selected as risks , RPN = Sensitivity * Occurrences * Detection rate
  13. SWOT Analysis , Looks at the project strengths and weaknesses and therefore looks at threats and opportunities.
  14. Force Field Analysis .
  15. Influence Diagrams.
  16. System Dynamics
  • As a professional Project Manager you should never depend on one method to identify risks , you should use a combination of methods .
  • You know that you should stop identify risks in two cases :
  1. When new identified risks seems stupid.
  2. Ask the team to rate how confident they are about identified threats and opportunities and check the rating , if it is too low you should continue.
  • Identify Risk Process results with Risk Register, It’s the place where most of risk information is kept , it’s part of the project documents and it will be updated after finishing each risk management process.
  • In this phase the produced risk register will results in the following information:
  1. List of Risks.
  2. Root Causes of the Risks.
  3. Potential risk owners ( May be proposed and noted here , assigned officially in Plan risk response Process )
  4. List of Potential responses , potential ones only as there will be a process of Planning risk responses.
  5. Updated Risk Categories.

Leave a Reply

Logged in as shadi alsha3er. Log out?