Risk Management-Identification
| Line 4: | Line 4: | ||
| − | A risk is defined as the uncertainty of an event, that if occurs, impacts the event either in a positive or negative manner <ref name="PMIStandard">. When managing projects, programmes or portfolios, it is vital to identify and manage risks in order to prevent negative and benefit from positive outcomes. Risk management is a common practice and lies within the planning stage of project management. According to the “Standard for Risk Management in Portfolios, Programs, and Projects” published by the Project Management Institute (PMI)<ref name="PMIStandard">, identifying risks is the second out of seven stages within the risk management life cycle. Hence, identifying risks is one of the early stages of risk management and a necessity in order to pursue further risk management actions and prevent a negative impact on the projects’ success.<ref name="PMIStandard"> | + | A risk is defined as the uncertainty of an event, that if occurs, impacts the event either in a positive or negative manner <ref name="PMIStandard"/>. When managing projects, programmes or portfolios, it is vital to identify and manage risks in order to prevent negative and benefit from positive outcomes. Risk management is a common practice and lies within the planning stage of project management. According to the “Standard for Risk Management in Portfolios, Programs, and Projects” published by the Project Management Institute (PMI)<ref name="PMIStandard"/>, identifying risks is the second out of seven stages within the risk management life cycle. Hence, identifying risks is one of the early stages of risk management and a necessity in order to pursue further risk management actions and prevent a negative impact on the projects’ success.<ref name="PMIStandard"/> |
== Context and Application == | == Context and Application == | ||
| − | Risk identification is applied for projects, programmes and portfolios, whilst the techniques might vary due to complexity and size. As a part of the risk management life cycle, it is an important stage within the planning phase of risk management but is dependent on the following active steps in order to be put to practice and cause risk prevention. For a manager of either a project, programme or portfolio, risk identification is a practice that, if omitted, might lead to project failure.<ref name="PMIStandard"><ref name="P2"><ref name="ISO"> | + | Risk identification is applied for projects, programmes and portfolios, whilst the techniques might vary due to complexity and size. As a part of the risk management life cycle, it is an important stage within the planning phase of risk management but is dependent on the following active steps in order to be put to practice and cause risk prevention. For a manager of either a project, programme or portfolio, risk identification is a practice that, if omitted, might lead to project failure.<ref name="PMIStandard"/><ref name="P2"/><ref name="ISO"/> |
| − | In 2019, PMI published the international standard “Standard for Risk Management in Portfolios, Programs, and Projects” PMIStandard. The standard is put to practice worldwide and is a tool for project, programme or portfolio managers to achieve success. PMI divides risks into two categories; individual risks that effect one or more objectives and overall risks as the uncertainty of the whole project, programme or portfolio that arises as a collection of all sources of uncertainty. Both individual and overall risks are important to identify within the identification process. Additionally, they address the risks with positive outcomes as opportunities and risks with negative outcomes as threats. The separate terms are applied to distinguish the possible outcomes and effects of risks within projects, programmes or portfolios. Other terms used to distinguish and characterize risks are conditional risks that will only occur if the XXX<ref name="PMIStandard"> | + | In 2019, PMI published the international standard “Standard for Risk Management in Portfolios, Programs, and Projects” PMIStandard. The standard is put to practice worldwide and is a tool for project, programme or portfolio managers to achieve success. PMI divides risks into two categories; individual risks that effect one or more objectives and overall risks as the uncertainty of the whole project, programme or portfolio that arises as a collection of all sources of uncertainty. Both individual and overall risks are important to identify within the identification process. Additionally, they address the risks with positive outcomes as opportunities and risks with negative outcomes as threats. The separate terms are applied to distinguish the possible outcomes and effects of risks within projects, programmes or portfolios. Other terms used to distinguish and characterize risks are conditional risks that will only occur if the XXX<ref name="PMIStandard"/> |
| − | In addition to PMI, ISO and PRINCE2 are two practiced standards that differ slightly from the methodology given by PMI. In terms of risk identification, PMI is the only standard that addresses the life cycle term, whilst ISO and Prince2 lists identification as either the first or second step within the procedure of risk management identification. However, all sources address the importance of risk management as a continuous procedure, as risks are not only to be identified at the beginning of a project, but is a continuous process from the projects’, programmes’, or portfolios’ initiation to completion. Hence, the methodology given by PMI, addressing risk identification as a step within a life cycle, amplifies the importance of the practice throughout the whole project.<ref name="PMIStandard"><ref name="P2"><ref name="ISO"> | + | In addition to PMI, ISO and PRINCE2 are two practiced standards that differ slightly from the methodology given by PMI. In terms of risk identification, PMI is the only standard that addresses the life cycle term, whilst ISO and Prince2 lists identification as either the first or second step within the procedure of risk management identification. However, all sources address the importance of risk management as a continuous procedure, as risks are not only to be identified at the beginning of a project, but is a continuous process from the projects’, programmes’, or portfolios’ initiation to completion. Hence, the methodology given by PMI, addressing risk identification as a step within a life cycle, amplifies the importance of the practice throughout the whole project.<ref name="PMIStandard"/><ref name="P2"/><ref name="ISO"/> |
== Inputs == | == Inputs == | ||
| − | In order to carry out the identification process, it is vital to have information about the projects’ scope in the form of a project management plan, project documents, agreements, procurement documentation, enterprise environmental factors and organizational process assets. Together they form the inputs of the identification process. Therefore, it is of great importance to have established communication with managers, stakeholders, senior management, potential customers and all other active participants in the project, programme or portfolio in order to include all possible perspectives on risk identification. <ref name="ISO"><ref name="PMIGuide"> | + | In order to carry out the identification process, it is vital to have information about the projects’ scope in the form of a project management plan, project documents, agreements, procurement documentation, enterprise environmental factors and organizational process assets. Together they form the inputs of the identification process. Therefore, it is of great importance to have established communication with managers, stakeholders, senior management, potential customers and all other active participants in the project, programme or portfolio in order to include all possible perspectives on risk identification. <ref name="ISO"/><ref name="PMIGuide"/> |
==Techniques for risk identification == | ==Techniques for risk identification == | ||
| Line 22: | Line 22: | ||
== Brainstorming == | == Brainstorming == | ||
| − | The term brainstorming was first introduced in the book How to “Think Up” by Alex Faickney Osborn in 1942 as a unique technique incorporated by the advertisement agency BBDO. However, the term was not populated before Osborn published the book “Applied Imagination: Principles and Procedures of Creative Problem Solving” in 1953<ref name="Brainstorm"><ref name="RiskEng">. The principles of brainstorming might have been associated differently and used by several teams before Osborn addressed the term. However, since 1953 brainstorming has been the term used worldwide as a group creativity technique in order to obtain a list of spontaneous ideas and thoughts related to a specified topic. | + | The term brainstorming was first introduced in the book How to “Think Up” by Alex Faickney Osborn in 1942 as a unique technique incorporated by the advertisement agency BBDO. However, the term was not populated before Osborn published the book “Applied Imagination: Principles and Procedures of Creative Problem Solving” in 1953<ref name="Brainstorm"/><ref name="RiskEng"/>. The principles of brainstorming might have been associated differently and used by several teams before Osborn addressed the term. However, since 1953 brainstorming has been the term used worldwide as a group creativity technique in order to obtain a list of spontaneous ideas and thoughts related to a specified topic. |
| − | The idea of brainstorming in risk identifications is to gather all potential risks from a variety of disciplines within the project, programme or portfolio team and form a list of individual and overall risks. There are no strict boundaries, but the brainstorming may be divided into different project categories in order to structure the process. All thoughts should be noted down without criticism in order to broaden the framework and identify risks that might not be obvious by first glance. <ref name="PMIStandard"><ref name="Brainstorm"> | + | The idea of brainstorming in risk identifications is to gather all potential risks from a variety of disciplines within the project, programme or portfolio team and form a list of individual and overall risks. There are no strict boundaries, but the brainstorming may be divided into different project categories in order to structure the process. All thoughts should be noted down without criticism in order to broaden the framework and identify risks that might not be obvious by first glance. <ref name="PMIStandard"/><ref name="Brainstorm"/> |
== Risk Checklists == | == Risk Checklists == | ||
| − | Based on historical projects, programmes or portfolios with a comparable background, one can establish a risk checklist. The purpose of this checklist is to present individual risks that have occurred before and that might occur during the lifetime of the project, programme or portfolio. In order to use a checklist as a risk identification tool it is vital that the checklist is updated and covers risks from a variety of professions. <ref name="PMIStandard"><ref name="PMIGuide"><ref name="P2"> | + | Based on historical projects, programmes or portfolios with a comparable background, one can establish a risk checklist. The purpose of this checklist is to present individual risks that have occurred before and that might occur during the lifetime of the project, programme or portfolio. In order to use a checklist as a risk identification tool it is vital that the checklist is updated and covers risks from a variety of professions. <ref name="PMIStandard"/><ref name="PMIGuide"/><ref name="P2"/> |
==Risk breakdown structure (RBS)== | ==Risk breakdown structure (RBS)== | ||
| − | A risk breakdown structure (RBS) is a hierarchical decomposition of potential sources of risk | + | A risk breakdown structure (RBS) is a hierarchical decomposition of potential sources of risk <ref name="P2"/>. The structure aims to divide the risks into specific domains with enhanced detail and further subdivisions. The purpose of RBS is to make a detailed overview for the manager of the project, programme or portfolio of the different sections that the risks correspond to. There are several ways to organize the risk breakdown structure with one example being the PESTLE (Political, Economic, Social, Technical, Legislative, Environmental) division. Several examples of how to organise a RBS is shown in FIGUREXYZ. <ref name="P2"/><ref name="RBS"/> |
== Additional techniques == | == Additional techniques == | ||
== Outputs == | == Outputs == | ||
== Risk register == | == Risk register == | ||
| − | The aim of identifying risks is to gather them in a risk register that can actively be used by all active participants of the project, programme or portfolio. The risk register includes a thorough list of all risks identified with detailed information of their potential cause and effect. A specific risk owner may be addressed in order to specify the person or team responsible for monitoring and managing the risk. Possible responses to the risks should be included for the those of predictable outcome. The complexity of the risk register and the length of each risk description will differ from the context of the project, programme or portfolio.<ref name="PMIGuide"> p.417 | + | The aim of identifying risks is to gather them in a risk register that can actively be used by all active participants of the project, programme or portfolio. The risk register includes a thorough list of all risks identified with detailed information of their potential cause and effect. A specific risk owner may be addressed in order to specify the person or team responsible for monitoring and managing the risk. Possible responses to the risks should be included for the those of predictable outcome. The complexity of the risk register and the length of each risk description will differ from the context of the project, programme or portfolio.<ref name="PMIGuide"/> p.417 |
== Risk report == | == Risk report == | ||
| − | In addition to the risk register, a risk report can be composed in order to address the overall risk of a specific project, programme or portfolio. The risk report includes summaries of all individual risks and to which extent they impose a threat or opportunity to the project, programme or portfolio as a whole. Tools such as metrics, trends, or risk rating systems may be implied in order to inform the project manager and all relevant parties of historical data, statistics and degree of threat that the identified risks can cause. <ref name="PMIGuide"> p.418 | + | In addition to the risk register, a risk report can be composed in order to address the overall risk of a specific project, programme or portfolio. The risk report includes summaries of all individual risks and to which extent they impose a threat or opportunity to the project, programme or portfolio as a whole. Tools such as metrics, trends, or risk rating systems may be implied in order to inform the project manager and all relevant parties of historical data, statistics and degree of threat that the identified risks can cause. <ref name="PMIGuide"/> p.418 |
== Revision of project documents == | == Revision of project documents == | ||
| − | Lastly, the outcome of the identification process might have affected the initial assumptions and must therefore be re- assessed. This is an important process in order to include new aspects and concerns from the risk identification stage. For future projects it can also be relevant to compose a register of the tools and techniques used in the specific project, programme or portfolio in order to document what methods that were beneficial to use and which methods that didn’t serve a significant purpose during the risk identification process.<ref name="PMIGuide"> p.418 | + | Lastly, the outcome of the identification process might have affected the initial assumptions and must therefore be re- assessed. This is an important process in order to include new aspects and concerns from the risk identification stage. For future projects it can also be relevant to compose a register of the tools and techniques used in the specific project, programme or portfolio in order to document what methods that were beneficial to use and which methods that didn’t serve a significant purpose during the risk identification process.<ref name="PMIGuide"/> p.418 |
Key success factors for identifying risks | Key success factors for identifying risks | ||
| − | ==A selection of key success factors for identifying risks are listed below. <ref name="PMIStandard"> <ref name="RBS"> == | + | ==A selection of key success factors for identifying risks are listed below. <ref name="PMIStandard"/> <ref name="RBS"/> == |
- Early identification, | - Early identification, | ||
- Manage risk identification as an iterative process | - Manage risk identification as an iterative process | ||
Revision as of 22:24, 19 February 2021
"By Maria Eileen Hubbbuck (s210444)"
Why risk identification?
A risk is defined as the uncertainty of an event, that if occurs, impacts the event either in a positive or negative manner [1]. When managing projects, programmes or portfolios, it is vital to identify and manage risks in order to prevent negative and benefit from positive outcomes. Risk management is a common practice and lies within the planning stage of project management. According to the “Standard for Risk Management in Portfolios, Programs, and Projects” published by the Project Management Institute (PMI)[1], identifying risks is the second out of seven stages within the risk management life cycle. Hence, identifying risks is one of the early stages of risk management and a necessity in order to pursue further risk management actions and prevent a negative impact on the projects’ success.[1]
Context and Application
Risk identification is applied for projects, programmes and portfolios, whilst the techniques might vary due to complexity and size. As a part of the risk management life cycle, it is an important stage within the planning phase of risk management but is dependent on the following active steps in order to be put to practice and cause risk prevention. For a manager of either a project, programme or portfolio, risk identification is a practice that, if omitted, might lead to project failure.[1][2][3]
In 2019, PMI published the international standard “Standard for Risk Management in Portfolios, Programs, and Projects” PMIStandard. The standard is put to practice worldwide and is a tool for project, programme or portfolio managers to achieve success. PMI divides risks into two categories; individual risks that effect one or more objectives and overall risks as the uncertainty of the whole project, programme or portfolio that arises as a collection of all sources of uncertainty. Both individual and overall risks are important to identify within the identification process. Additionally, they address the risks with positive outcomes as opportunities and risks with negative outcomes as threats. The separate terms are applied to distinguish the possible outcomes and effects of risks within projects, programmes or portfolios. Other terms used to distinguish and characterize risks are conditional risks that will only occur if the XXX[1]
In addition to PMI, ISO and PRINCE2 are two practiced standards that differ slightly from the methodology given by PMI. In terms of risk identification, PMI is the only standard that addresses the life cycle term, whilst ISO and Prince2 lists identification as either the first or second step within the procedure of risk management identification. However, all sources address the importance of risk management as a continuous procedure, as risks are not only to be identified at the beginning of a project, but is a continuous process from the projects’, programmes’, or portfolios’ initiation to completion. Hence, the methodology given by PMI, addressing risk identification as a step within a life cycle, amplifies the importance of the practice throughout the whole project.[1][2][3]
Inputs
In order to carry out the identification process, it is vital to have information about the projects’ scope in the form of a project management plan, project documents, agreements, procurement documentation, enterprise environmental factors and organizational process assets. Together they form the inputs of the identification process. Therefore, it is of great importance to have established communication with managers, stakeholders, senior management, potential customers and all other active participants in the project, programme or portfolio in order to include all possible perspectives on risk identification. [3][4]
Techniques for risk identification
There is no specific technique that is strictly related to risk identification. However, all the addressed international standards list a selection of several techniques that can contribute to a thorough risk identification. The aim is to document the predictable risks and recognize that there might arise risks that are unpredictable from the current risk identification stage.
Brainstorming
The term brainstorming was first introduced in the book How to “Think Up” by Alex Faickney Osborn in 1942 as a unique technique incorporated by the advertisement agency BBDO. However, the term was not populated before Osborn published the book “Applied Imagination: Principles and Procedures of Creative Problem Solving” in 1953[5][6]. The principles of brainstorming might have been associated differently and used by several teams before Osborn addressed the term. However, since 1953 brainstorming has been the term used worldwide as a group creativity technique in order to obtain a list of spontaneous ideas and thoughts related to a specified topic. The idea of brainstorming in risk identifications is to gather all potential risks from a variety of disciplines within the project, programme or portfolio team and form a list of individual and overall risks. There are no strict boundaries, but the brainstorming may be divided into different project categories in order to structure the process. All thoughts should be noted down without criticism in order to broaden the framework and identify risks that might not be obvious by first glance. [1][5]
Risk Checklists
Based on historical projects, programmes or portfolios with a comparable background, one can establish a risk checklist. The purpose of this checklist is to present individual risks that have occurred before and that might occur during the lifetime of the project, programme or portfolio. In order to use a checklist as a risk identification tool it is vital that the checklist is updated and covers risks from a variety of professions. [1][4][2]
Risk breakdown structure (RBS)
A risk breakdown structure (RBS) is a hierarchical decomposition of potential sources of risk [2]. The structure aims to divide the risks into specific domains with enhanced detail and further subdivisions. The purpose of RBS is to make a detailed overview for the manager of the project, programme or portfolio of the different sections that the risks correspond to. There are several ways to organize the risk breakdown structure with one example being the PESTLE (Political, Economic, Social, Technical, Legislative, Environmental) division. Several examples of how to organise a RBS is shown in FIGUREXYZ. [2][7]
Additional techniques
Outputs
Risk register
The aim of identifying risks is to gather them in a risk register that can actively be used by all active participants of the project, programme or portfolio. The risk register includes a thorough list of all risks identified with detailed information of their potential cause and effect. A specific risk owner may be addressed in order to specify the person or team responsible for monitoring and managing the risk. Possible responses to the risks should be included for the those of predictable outcome. The complexity of the risk register and the length of each risk description will differ from the context of the project, programme or portfolio.[4] p.417
Risk report
In addition to the risk register, a risk report can be composed in order to address the overall risk of a specific project, programme or portfolio. The risk report includes summaries of all individual risks and to which extent they impose a threat or opportunity to the project, programme or portfolio as a whole. Tools such as metrics, trends, or risk rating systems may be implied in order to inform the project manager and all relevant parties of historical data, statistics and degree of threat that the identified risks can cause. [4] p.418
Revision of project documents
Lastly, the outcome of the identification process might have affected the initial assumptions and must therefore be re- assessed. This is an important process in order to include new aspects and concerns from the risk identification stage. For future projects it can also be relevant to compose a register of the tools and techniques used in the specific project, programme or portfolio in order to document what methods that were beneficial to use and which methods that didn’t serve a significant purpose during the risk identification process.[4] p.418 Key success factors for identifying risks
A selection of key success factors for identifying risks are listed below. [1] [7]
- Early identification, - Manage risk identification as an iterative process - Comprehensive identification - Include both the identification of threats and opportunities - Include a variety of departments for multiple perspectives - Include both individual and overall risks - Effective and clear communication - View all stakeholders and contributors critically to minimize bias
Limitations
Some limitations of the international standards are presented below: - The experts’ bias should be taken into account during risk identification. If the outcome of the project, programme or portfolio will benefit the expert team in a certain way then it is vital to be sceptical as to which extent they are trustworthy. Including a third part or a similar project team can help to prevent expert bias.
As checklists might omit relevant risks that are not addressed as a historical risk, it is necessary to combine the technique with other risk identification techniques to identify all relevant risks.
References
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 Project Management Institute, Inc. (PMI) (2019), Standard for Risk Management in Portfolios, Programs, and Projects
- ↑ 2.0 2.1 2.2 2.3 2.4 AXELOS(2017), Managing Successful Projects with PRINCE2 2017 Edition
- ↑ 3.0 3.1 3.2 Project Committee ISO/PC 236 (2012), Project management, ISO 21500 Guidance on project management
- ↑ 4.0 4.1 4.2 4.3 4.4 Project Management Institute, Inc. (PMI)( 2017), Guide to the Project Management Body of Knowledge (PMBOK® Guide) (6th Edition)
- ↑ 5.0 5.1 Eleazar, Hernández(2017), Brainstorming p.57-58. In: Leading Creative Teams Management Career Paths for Deigners, Developers, and Copywriters, APress
- ↑ Munier, Nolberto (2014) , Risk Identification. In: Risk Management for Engineering Projects
- ↑ 7.0 7.1 Hillson, David(2003), Using a Risk Breakdown Structure in project management
