Risk Management-Identification

From apppm
Revision as of 20:35, 21 February 2021 by S210444 (Talk | contribs)

Jump to: navigation, search

Developed by Maria Eileen Hubbuck (s210444)


Risk identification is necessary for all projects, programmes and portfolios that strive to achieve a set of objectives with success. The international standards made by the Project Management Institute(PMI), PRojects IN Controlled Environments (PRINCE2) and the International Organisation for Standardisation (ISO) addresses tools and techniques in order to perform a successful identification process for project, programme or portfolio managers. The standards emphasize the importance of handling the objectives. However, successful risk management involves more than listing identified risks. Risk identification is an iterative process in an ongoing life cycle for projects, programmes or portfolios and demands the identified risks to be structured in a way that matches their complexity and level of impact. Adopting identification techniques such as brainstorming, risk checklists and risk breakdown structure are necessary actions in order to output a thorough risk register, risk report and perform revision of project documents. Some key success factors for risk identification, amongst others, are the implementation of effective and clear communication, early and comprehensive identifications, inclusion of risks both as threats and opportunities, individual and overall risks and include a variety of departments for multiple risk perspectives.[1][2][3]

Contents

Why identify risks?

A risk is defined as the uncertainty of an event, that if occurs, impacts the event either in a positive or negative manner [1]. When managing projects, programmes or portfolios, it is vital to identify and manage risks in order to prevent negative and benefit from positive outcomes. Risk management is a common practice and lies within the planning stage of project management. According to the “Standard for Risk Management in Portfolios, Programs, and Projects” published by PMI[1], identifying risks is the second out of seven stages within the risk management life cycle. Hence, identifying risks is one of the early stages of risk management and a necessity in order to pursue further risk management actions and prevent a negative impact on the projects’ success.[1]

Context and Application

Risk identification is applied for projects, programmes and portfolios, whilst the techniques might vary due to complexity and size. As a part of the risk management life cycle, it is an important stage within the planning phase of risk management but is dependent on the following active steps in order to be put to practice and cause risk prevention. For a manager of either a project, programme or portfolio, risk identification is a practice that, if omitted, might lead to project failure.[1][2][3]

Figure 1: Illustrates that identifying risks is a part of the risk management life cycle.Modified from[1].[4]

In 2019, PMI published the international standard “Standard for Risk Management in Portfolios, Programs, and Projects” PMIStandard. The standard is put to practice worldwide and is a tool for project, programme or portfolio managers to achieve success. PMI divides risks into two categories; individual risks that effect one or more objectives and overall risks as the uncertainty of the whole project, programme or portfolio that arises as a collection of all sources of uncertainty. Both individual and overall risks are important to identify within the identification process. Additionally, they address the risks with positive outcomes as opportunities and risks with negative outcomes as threats. The separate terms are applied to distinguish the possible outcomes and effects of risks within projects, programmes or portfolios. Other terms used to distinguish and characterise risks are conditional risks that will occur as an effect of another risk occurring. The term correlated risks is used for risks that vary accordingly due to a fixed correlation. Independent and dependent risks are also two terms addressed when stating the dependencies of two risks to one another. The wide termination of risks serves as a purpose to initiate structure and to differentiate them from one another.[1][5] In addition to PMI, ISO and PRINCE2 are two practiced standards that differ slightly from the methodology given by PMI. In terms of risk identification, PMI is the only standard that addresses the life cycle term, whilst ISO and Prince2 lists identification as either the first or second step within the procedure of risk management identification. However, all sources address the importance of risk management as a continuous procedure, as risks are not only to be identified at the beginning of a project, but is a continuous process from the projects’, programmes’, or portfolios’ initiation to completion. Hence, the methodology given by PMI, addressing risk identification as a step within a life cycle, amplifies the importance of the practice throughout the whole project.[1][2][3]

Inputs

In order to carry out the identification process, it is vital to have information about the projects’ scope in the form of a project management plan, project documents, agreements, procurement documentation, enterprise environmental factors and organizational process assets. Together they form the inputs of the identification process. Therefore, it is of great importance to have established communication with managers, stakeholders, senior management, potential customers and all other active participants in the project, programme or portfolio in order to include all possible perspectives on risk identification. [3][6]

Techniques for risk identification

There is no specific technique that is strictly related to risk identification. However, all the addressed international standards list a selection of several techniques that can contribute to a thorough risk identification. The aim is to document the predictable risks and recognise that there might arise risks that are unpredictable from the current risk identification stage.

Brainstorming

The term brainstorming was first introduced in the book How to “Think Up” by Alex Faickney Osborn in 1942 as a unique technique incorporated by the advertisement agency BBDO. However, the term was not populated before Osborn published the book “Applied Imagination: Principles and Procedures of Creative Problem Solving” in 1953[7][5]. The principles of brainstorming might have been associated differently and used by several teams before Osborn addressed the term. However, since 1953 brainstorming has been the term used worldwide as a group creativity technique in order to obtain a list of spontaneous ideas and thoughts related to a specified topic. The idea of brainstorming in risk identifications is to gather all potential risks from a variety of disciplines within the project, programme or portfolio team and form a list of individual and overall risks. There are no strict boundaries, but the brainstorming may be divided into different project categories in order to structure the process. All thoughts should be noted down without criticism in order to broaden the framework and identify risks that might not be obvious by first glance. [1][7]

Risk Checklists

Based on historical projects, programmes or portfolios with a comparable background, one can establish a risk checklist. The purpose of this checklist is to present individual risks that have occurred before and that might occur during the lifetime of the project, programme or portfolio. In order to use a checklist as a risk identification tool it is vital that the checklist is updated and covers risks from a variety of professions. As checklists might omit relevant risks that are not addressed as a historical risk, it is necessary to combine the technique with other risk identification techniques to identify all relevant risks. [1][6][2]

Risk breakdown structure (RBS)

A risk breakdown structure (RBS) is a hierarchical decomposition of potential sources of risk (Source Prince2). The structure aims to divide the risks into specific domains with enhanced detail and further subdivisions. The purpose of RBS is to make a detailed overview for the manager of the project, programme or portfolio of the different sections that the risks correspond to. There are several ways to organize the risk breakdown structure and each risk may be broken down differently according to complexity and size. In PRINCE2, the PESTLE (Political, Economic, Social, Technical, Legislative, Environmental) division is described as one of many generic subdivisions that can be implemented for a wide range of projects, programmes or portfolios. In addition to PESTLE, the guidebook for PMI addresses TECOP (technical, environmental, commercial, operational, political), and VUCA (volatility, uncertainty, complexity, ambiguity) as two other relevant generic structures suitable for RBS. [6]

Figure XX is a graphical representation of the template model and should be modified into further specific and relevant subdivisions when put to practice. An additional general RBS is to be depicted in figure YY. The figure is modified for the purpose of this article and illustrates a universal and general decomposition made by the Risk Management Specific Interest Group of the Project Management Institute (PMI Risk SIG) and the Risk Management Working Group of the International Council On Systems Engineering (INCOSE RMWG). The model breaks down the different risks associated to the categories: technology, management and external.[6][2]Cite error: Closing </ref> missing for <ref> tag

[1]

[2]

[3]

[5]

[8]

[7]

[4] [9]


Cite error: <ref> tags exist, but no <references/> tag was found
Retrieved from "http://wiki.doing-projects.org/index.php?title=Risk_Management-Identification&oldid=89248"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox