Identifying risks

Posted on: December 21st, 2012 by admin
Now that we’ve done our risk management planning, the very next step is to identify risks. This is exactly what it sounds like – brainstorming to figure out what possible bad things might crop up to bite you during the project. How do you do this? Well, quite simply, get the team in a room. With stickies. First thing you should have them do is write down one risk per stickie. Now, this doesn’t have to happen in a vacuum. Let’s say you’ve created a Work Breakdown Structure. This important project artifact can provide a wealth of information to you as you brainstorm risks. Let’s say you have the following WBS, created to define the scope of a project to create a website.
(Note: You would ordinarily create a WBS in the hierarchical, graphical format below. But since it’s likely too small for you to read here, I recreated some of the information in a tabular format.
Web site
Design
Site research
Design Presentation
Content
Portfolio
Members provide portfolios
Test
Beta test
Alpha test
Production and Development
Main page
Create logo
So now you look at the WBS and think, hmm, where might there be risk? (Realize of course that the real WBS would likely have quite a few more boxes.) So you might say, for example, task “Create logo” is a risk. Why? Perhaps either because no one in your group has done it before or because the vendor you used before was slow in forthcoming. Or maybe you just don’t know what to expect. So you slap that down on a stickie without judging it. And so you might go through the entire WBS and do this.
What other sources of input might there be to your risk identification? Well clearly the schedule. It has the tasks that are identified in the WBS only now they’re fleshed out over time. And they may have resources applied to them. You can also look at the charter or just tap into the brains of the subject matter experts who have done this kind of work before. And when doing this, consider the famous triple constraint: schedule, scope and cost.
So let’s say you spend several hours with the team brainstorming risks.  And you’ve come up with, say, 50. What do you do now? Do you have to come up with a plan to prevent the occurrence of all those risks? No you don’t. That’s the beauty of risk management. The first step was to identify as many risks as you could without judgment.Now you may well have some ideas to mitigate those risks. That’s fine. Put them on a separate flip chart so you don’t lose them. This exercise is all about identification not solving the problem. The next exercise is to prioritize these risks. We’ll see how you do that in the next post.

Comments are closed.