LECTURE 4

PROJECT RISK IDENTIFICATION

1
 Introduction
• Risk Identification is the process of determining
which risks might affect the project and
documenting their characteristics.
• It is an iterative process, involving the project
team, management team, stakeholders and
subject matter experts.
• It's an "iterative process" because new risks may
become known during the project execution.
Risk Identification process is a part of Project
Planning Phase.

2
 Types of Risk
Various ways of classifying project risks exist:
 Insurable Risk vs. Business Risk

Insurable Risk
A risk that conforms to the norms and
specifications of the insurance policy in such a
way that the criterion for insurance is fulfilled.
Property loss, crime loss, and law suits made by
third parties claiming damage due to negligence
are all insurable risks.

3
 Insurable Risk
For a risk to be insurable, it typically must meet a few criteria:
• The risk is potentially costly enough that a business is
willing to pay a premium to protect against it.
• The risk can't be so catastrophic that the insurer would
never be able to pay for the loss (i.e. act of war).
• The risk is well-defined and has a clear, measurable value
that can't be influenced by the policyholder.
• The risk is random, not within the policyholder's control;
and the policyholder cannot cause or influence the loss.
• There must be a sufficient number of insureds subject to
the same risk, so that all policyholders' combined
premiums can share in the cost of any losses - but it must
be unlikely that all policyholders will suffer a loss at the
same time.
4
 Business Risk
• Is a risk of loss tied to the way of doing business that
it is considered not to be an appropriate subject of
insurance coverage.
• Such risks are typically addressed by businesses as
overhead, building the cost of loss into the price of
the product, and managed by Quality Control. The
cost of replacing defective products or redoing
defective work are examples of business risks.
• Business risk is influenced by numerous factors,
including sales volume, per-unit price, input costs,
competition, overall economic climate and
government regulations.
5
 Negative Risks Vs Positive risk
• Negative risk is represented by potential events
that could harm the project. In general, these
risks are to be avoided.
• Positive risk, on the other hand, refers to risk
that we initiate ourselves because we see a
potential opportunity, along with a potential for
failure. This is what we’re referring to when we
say that we are intelligent risk takers.

6
 Risk Identification Sources
• External Unpredictable
– Regulatory
– Natural hazards
– Unexpected side effects of the project
– Failure to complete project due to uncontrollable
external events

• External Predictable
– Market Risks
– Environmental impacts
– Social impacts
– currency risk
– Inflation
– Taxes
7
•
Risk Identification
Internal, Non-Technical
Sources cont..
– Management
– Schedule
– Cost
– Cash Flow
– Loss of Potential Benefit or Profit

• Technical
– Changes in Technology
– Performance Uncertainty
– Risks Associated with Project’s Technology
– Design
– Sheer Size or Complexity

• Legal
– Licensing
– Patent Rights
– Contractual Difficulties
– Outsider Suits
– Insider Suits

8
Inputs to Risk
Identification
Process

9
 1. Enterprise Environmental Factors

• The environmental factors internal or

external to the performing organization
that can influence the project must be
considered in the risk identification process.
• Published information, including
commercial databases, academic studies,
benchmarking, or other industry studies,
may also be useful in identifying risks.

10
 2. Organizational Process Assets
• Information on prior projects may be available
from previous project files. This might include
lessons learned, process controls, and risk-
related templates.

11
 3. Project Scope Baseline
• Project assumptions are found in the project scope
statement, a component of scope baseline.
• Uncertainty in project assumptions should be
evaluated as potential causes of project risk.
• The Potential constraints in these
assumptions/predetermined factors are such as hard
deadlines and fixed costs
• The Work Breakdown Structure, another
component of the scope baseline, (WBS) identifies
tasks and deliverables associated with a project.
Resources are identified for each item within the
WBS that facilitates budgeting as well as assignment
of responsibilities. It can be used to recognize risks at
different levels of the WBS hierarchy.
12
 4. Risk Management Plan
• Key inputs from the risk management plan to the
Risk Identification process are the assignments of
roles and responsibilities, provision for risk
management activities in the budget and
schedule, and categories of risk, which are
sometimes expressed in the Risk Breakdown
Structure.

13
 5. Project Management Plan
• In the process of identifying risks, one needs to look
at the cost management plan, schedule
management plan, risk management plan, and
quality management plan.
• The key items from the risk management plan
useful for risk identification are risk categories,
roles and responsibilities, and the budget and
timing available for the risk management activities.
• Estimates such as activity cost estimates and
activity duration estimates by definition have a
degree of uncertainty built into them. They should
be looked at carefully to identify the potential risks
hiding behind this uncertainty.
14
Risk Identification - Tools & Techniques

15
 i. Documentation reviews

• Review project plans, assumptions.

16
 ii. Information Gathering Techniques
• Delphi technique, brainstorming, interviewing,
Nominal Group Technique (NGT), SWOT
analysis.

17
 1. Brainstorming
• It is a technique by which a group attempts to
generate ideas or find a solution for a specific
problem by building up ideas spontaneously and
without judgment.
• An experienced facilitator should run the
brainstorming session.
• Psychology literature shows that individuals
produce a greater number of ideas working alone
than they do through brainstorming in small,
face-to-face groups. Group effects often inhibit
idea generation.
18
 2. Delphi Technique
• Tries "to reach a consensus" of the experts by
getting, "summarizing", "re-circulating" and
discussing information and viewpoints.
• It is used to derive a consensus among a panel of
experts who make predictions about future
developments.
• It provides independent and anonymous input
regarding future events.
• Uses repeated rounds of questioning and written
responses and avoids the biasing effects possible
in oral methods, such as brainstorming.
19
 3. Interviewing
• It is the externally evoked and driven dump of
expert viewpoints.
• It is a fact-finding technique for collecting
information in face-to-face, phone, e-mail, or
instant-messaging discussions.
• Interviewing people with similar project
experience is an important tool for identifying
potential risks

20
 4. Nominal Group Technique (NGT)
– Each individual silently writes her or his ideas on a
piece of paper
– Each idea is then written on a board or flip chart one
at a time in a round-robin fashion until each individual
has listed all of his or her ideas.
– The group then discusses and clarifies each of the
ideas.
– Each individual then silently ranks and prioritizes the
ideas.
– The group then discusses the rankings and priorities of
the ideas.
– Each individual ranks and prioritizes the ideas again.
– The rankings and prioritizations are then summarized
for the group. 21
 5. SWOT analysis
• SWOT analysis (strengths, weaknesses,
opportunities, and threats) can also be used
during risk identification. Is the investigation and
documentation of "strength, weakness,
opportunities, and threats" of risks. Helps identify
the broad negative and positive risks that apply
to a project

22
 6. Checklists Analysis
• Checklist Analysis can provide ideas for risks on a
current project.
• Checklists can be developed based on historical
information, knowledge from previous similar
projects and from other sources of information.

23
 Checklists Analysis
• Example of a Risk Check List
• Funding for the project has been secured
• Funding for the project is sufficient
• Funding for the project has been approved by senior
management
• The project team has the requisite skills to complete the
project
• The project has adequate manpower to complete the
project
• The project charter and project plan have been approved
by senior management or the project sponsor
• The project’s goal is realistic and achievable
• The project’s schedule is realistic and achievable
• The project’s scope has been clearly defined
• Processes for scope changes have been clearly defined 24
 7. Cause-and-effect diagram or Ishikawa/fishbone diagrams

• This is useful for identifying causes of risks.

• The major purpose of the CE Diagram is to act as
a first step in problem solving by generating a
comprehensive list of possible causes.
• It can lead to immediate identification of major
causes and point to the potential remedial
actions and may indicate the best potential areas
for further exploration and analysis.

25
 Cause-and-effect diagram cont..
• It is a three step process:
Step 1
• Write down the effect to be investigated and
draw the 'backbone' arrow to it. In the
example shown below the effect is 'Incorrect
deliveries'.

26
 Cause-and-effect diagram cont..
Step 2
• Identify all the broad areas of enquiry in which
the causes of the effect being investigated may
lie. For incorrect deliveries the diagram may then
become:

27
 Cause-and-effect diagram cont..
Step 3
• Write in all the detailed possible causes in each
of the broad areas of enquiry. Each cause
identified should be fully explored for further
more specific causes which, in turn, contribute to
them.

28
29
30
Risk Identification – Outputs

31
 Risk Register
A document that contains the results of various risk
management processes.
• It is a tool for documenting potential risk events
and related information.
• The risk register ultimately contains the
outcomes of the other risk management
processes as they are conducted.
• The preparation of the risk register begins in the
Risk Identification process

32
 Risk Register Contents
• An identification number for each risk event
• A rank for each risk event
• The name of each risk event
• A description of each risk event
• The category under which each risk event falls
• The root cause of each risk
• Triggers for each risk; triggers are indicators or
symptoms of actual risk events
• Potential responses to each risk
• The risk owner or person who will own or take
responsibility for each risk
• The probability and impact of each risk occurring
• The status of each risk
33
 Sample of a risk register

No. Rank Risk Descripti Category Root Triggers Potential Risk Probability Impact Severity Status
on
Cause Responses Owner

R44 1

R21 2

R7 3

34
Thank you for
listening

35