risk identification

Risk Identification Process

The project risk identification is a process of documenting and identifying the uncertainties that could affect the performance of the project. This step addresses the first component of risk, which is also the focus here.

An Overview of Risk Identification Process

The identification step in risk management includes examining each element of the project. This is to determine the possible risks and the root causes associated with it. It entails starting the risks documentation and creating a phase for subsequent response and analysis.

The risk identification step usually comprises of following activities:

  • Collecting available information on project constraints and assumptions
  • Reviewing the results of risk identification from similar past projects
  • Determining the tools and techniques, if not mentioned in the risk management plan
  • Review the risks list to ensure all risks have been identified
  • Proceeding to risk analysis step

From informal brainstorming to structured work session, the step consists of all tools or techniques necessary to support the step. The independent subject matter experts and project team members are asked for the insight and information into serious project concerns. The method used to identify the risk should make a balance between project requirements and available skills and resources of the project team.

Time Constraint

As soon as the project management plan has defined a structure to identify the risks, the project risk identification should also start.   

During each step in the risk management process, it is essential to perform identification of risk continually till the project lifecycle is over. The project progresses through project planning and engineering to construction and goes perhaps beyond the operation and maintenance.

As the process continues, the new risks may evolve, and more refined details may come up that will want reexamining the original profile of the risk. Risk characteristics related to each phase vary, which reflects the modification due to project uncertainties.

Project Team or Participants

The risk identification has some resources that need to be scaled based on the project’s size and complexity.  This step captures or detects any new risks that may come up as the project proceeds.

Here, it dismisses all the previous risks that were resolved earlier. The frequency or timing of this iterative process differs from case to case at each project lifecycle phase.

However, for complex projects, the project team in risk identification efforts may extend to include business partners, internal subject matter experts, outside experts, key stakeholders, and other functional areas.

Key Inputs

Take the time and resources to gather realistic, relevant and high-quality data about the potential risks project may face. This is a key to successful risk identification.

The key inputs associated with project constraints and assumptions can include:

  • The objectives and scope of the project
  • The budget/funding and cost estimates of project
  • The project design and specifications
  • The primary  schedule as the project progresses ahead
  • Interviews of subject matter expert
  • Inputs of stakeholders

Apart from the specific project information, there are some other input sources that can serve as a rich source of information.

The solid and factual data collected during the earlier work also usually produce the most useful data. However, often such information is difficult to assess, particularly if the company does not have any record management system.

The status reports of recent projects are more likely reliable and defensible. Especially, if the data are recent and is relevant to the project, it is more valuable. Notably, it is always easy to capture the informal information.

The project team can gain helpful insights into the potential risks by communicating the project with subject matter experts or colleagues.

Root Cause & Cause-and-Effect Analysis

During risk identification, it is necessary to look for root causes instead of taking only symptoms of large problems. Therefore, project teams may find this analysis useful in subsequent risk analysis and risk discovery.

Here are some of its common techniques:

Fishbone diagram

It generally states an outcome that projects usually avoids. For instance, a delay or increase in the cost estimate. It challenges the project team to move backward to uncover the reasonable sources that could lead to an issue.

Mind mapping

Mind mapping tools are created around a text or a single word. It is put at the center wherein associated words, ideas and concepts are included.

Failure mode and effect analysis

It provides a quantitative analysis that includes identification of single risk event and the likelihood of the impact that may arise with that event.

Risk Management Identification Output

After the risks are identified, proper documentation should be done to produce a comprehensive list of all the perceived risks.

Risk Checklist and Register

If a project is simpler, just evaluating the relevant risks described on a predefined list is enough. However, for complex projects, utilizing a risk register to start collecting information associated with identified project risks and opportunities is essential.

Often, known as risk log, it is a crucial part of the complete project management framework.  Basically, it’s a tool that helps to identify, assess and manage risks to an acceptable level.

It does it all through review and update process. The role to update the risk register is generally allocated to the project control function.

The risk register further uses the risk management processes, qualitative risk analysis, quantitative risk analysis, and response planning.

In qualitative analysis, data adds to the existing list of risks, which includes the urgency of the risks, the priority of risks, risk categorization and any other trends.

While in quantitative risk analysis, the update of the risk register is done with probabilities related to each perceived risk. Ideally, it should also meet the projections of cost and time.

At the end of project risk identification, the information that is recorded includes risk description, risk owner and data identified.

The components of risk register used to manage risks in complex projects:

Date, reference number, a key element, existing controls, risk group, likelihood, action summary, and responsibility.

Principles to Follow

The risk identification process would generally need to conform to the following practices:

  • Having knowledge of project context can help the project team focus on unique risk resources that may impact the project.
  • Make a comprehensive list of project risks and opportunities that can later be screened during the analysis step.
  • Defining each risk clearly and completely to provide sufficient information.
  • Assign each risk owners to each risk with clear accountability and responsibility for management.
  • Ensuring that the right people are participating in the project.


The risk identification step starts as early as possible and remains consistent throughout the project lifecycle with regular analysis and views.

It’s a scalable activity, so the resource commitment and approach applied should be in line with the project complexity and information available. The process could range from a quick checklist to facilitated work session. Here the project team and subject experts are requested for concerns and information.

Leave a Reply

Your email address will not be published. Required fields are marked *