The process of Identifying Risks consists of first finding as many Risks as you possibly can. Then we look for the effect of the Risks, causes, and root causes. Finally we categorize the Risks and assign an Owner to each Risk. All this information is placed in the Risk Register.
Here are the steps:
   1)  Ask someone else, who has been less involved in your project, to help you find Risks you might miss. They will bring a more objective view.
  2)  Assemble the group and ask "What could go wrong?" Do this in a Brainstorming manner. Click here for how to do Brainstorming. Places to look for Risks include:
  • Assumptions made so far in planning other knowledge areas. These might not be true, or might not happen as expected. We planned on good weather but the risk is the weather could be poor.
  • Review of project documents produced so far, including these planning
>Work Breakdown Structure (WBS)
>Critical Path Diagram (CPD)
>Structured Walk Through (SWT)
>Resource Calendar
  • Strength, Weaknesses, Opportunities, Threats:   (SWOT) analysis  .
  • Regulatory requirements
  • Legal
  • Natural hazards, disasters
  • Accident, sabotage
  • Politics
  • Possible market change
  • Currency, taxes, inflation
  • Management and/or staff changes
  • Labour unrest, work stoppage
  • Site accessibility
  • Interference from other projects
  • Contractor claims
  • Technology changes
  • Past projects' Lessons Learned
Identified risks might be:
  • a Key employee could quit.
  • the weather might be poor.
You should collect all of these possible Risks before moving to Step 3.
   3)  Now for each identified Risk, ask "What would happen if this Risk occurred?" ("What if" this does/ does not occur). List all of these impacts. For example, What if a key employee quits? One impact could be: the schedule will be delayed. What if the weather is poor? An impact is: we will get a poor turn out of people. There may be several impacts for each Risk.
   4)  Next, for each Risk, ask, "What could cause that to happen?" For the Risk of a Key employee could quit, one cause might be our competitor is offering better working hours. There may be more than one cause for some Risks. You might find a Cause & Effect (Fishbone) diagram useful for discovering the Root Causes.
   5)  Assign an Owner to each Risk. Every Risk needs an Owner. This is the person who will take responsibility for the agreed-to and funded Risk response.
   6)  Finally, list all the Risks, Impacts, Causes, and Owners on the Risk Register.

Click Button for Tools to help you Identify Risks