00:01
Hello and welcome.
00:02
This module will look at the identify risks
process in the PMBOK
guide. You need to pay particular attention
to this
process because it's going to feature in the
exam in multiple ways the
identification of risks.
00:18
The difficulty is rated as medium because
you may not have come across some of these
concepts before or paid so much attention to
the successful
identification of risks.
00:28
And there are some new concepts to introduce
to you as well, and that's why memorization
is rated as medium.
00:36
The particular domain task that they
identify risk process helps us
understand better is planning task team,
which says
develop the risk management plan by
identifying, analyzing and
prioritizing project risks and defining risk
response strategies in
order to manage uncertainty and opportunity
throughout the project
lifecycle. And the single domain task
actually covers all
five of those risk management planning
processes.
01:08
The key themes in the identify risk process
include the identification of
all risk or uncertainty that could impact
the project.
01:17
And remember, risk can be good, positive or
bad negative
uncertainty. Your experience to date may
just be focusing on
negative uncertainty for the purposes of the
exam.
01:30
You need to think in terms of positive and
negative risks.
01:35
You're also going to do a preliminary
analysis of the nature and consequence of
these risks and also an urgency assessment
going to
begin the production of the risk register
and the other planning processes.
01:48
Update the risk register with their specific
information, whether it's
qualitative analysis, quantitative analysis
or risk response planning.
01:59
There are quite a few inputs into this
process because risk can occur at any
point in your project.
02:06
So of course, the first thing you want will
be your risk management plan because
it's going to provide guidance on how you do
risk identification and it's going
to reflect the level of risk tolerance or
risk adversity your
organization has.
02:23
Remember that within the risk management
plan will also be your risk breakdown
structure, giving you those categories and
subcategories of risk to
help guide your risk identification.
02:36
And because risk can occur at any point in
the project will also want our Cost
Management Plan, our Schedule Management
Plan, our Quality Management Plan, our
Human Resource Management Plan, and our
scope baseline, just to name a few.
02:50
Because all of these will identify areas of
uncertainty in the
planning of their respective areas, and that
uncertainty represents
risk. We'll also want our individual
activity cost estimates and
our individual activity duration estimates.
03:08
This is because the process of estimating
either cost or duration
highlights uncertainty.
03:17
If we can't give really, really, really
defined estimates and instead, we're giving a
range. Then there's uncertainty in our
estimates, and there's a risk
around that, so we'll want those two
documents so we can figure out the
risks that exist with cost and duration
estimates.
03:36
We'll also want our stakeholder register will
want to know what their perception of risk
is on the project, what their risk tolerance
or risk aversion is
and what their expectations are around risk
management on the project.
03:52
Specific project documents that we will want
will include our lessons learned from
previous projects.
03:59
Now, keep in mind for the exam lessons
learned are some of the most important
documents that you can review, and the
assumption in the exam is that
when you begin something like this, you
immediately go to your lessons learned
archive and pull out or search for similar
projects
that you've completed in the past and take
time to learn from the things they didn't do
so well and the things they did well.
04:26
You'll also want procurement documents, any
contracts or agreements that you've signed
because they will capture risk or
uncertainty in them as well.
04:36
In fact, as you'll see, when we look at
procurement and the selection of the type of
contract, whether it's fixed price or time
and materials
reflects who's taking on board the risk.
04:50
Specific enterprise environmental factors
that we may want to take into consideration
include industry regulations around risk
identification and the
depth to which we must go to.
05:03
We might also want to look at particular
organizational process assets such as our
project management methodology and perhaps a
blank risk register template that we may
already have. So you can see
from all of those inputs, and they were
quite a lot.
05:21
That nearly every other planning document is
represented and used as an input,
and hopefully that reinforces that risk can
and does occur
at all aspects of the project.
05:34
And in my experience, the risk register has
been one of the most
alive documents in my project and at certain
points at the
project. Will checking that risk register
every day?
Certainly at least once a week and checking
it to see whether it's still accurate.
05:51
Did we miss any risks?
Have new risks arisen?
Was our assessment of urgency or consequence
accurate?
Was our analysis accurate?
Where are our responses appropriate?
Have we put in place all of the proactive
ones and are we ready for the reactive
ones? That's the attitude that you'll need
to take into the exam
when it comes to risk management.
06:17
Let's take a look at some of the tools and
techniques that may be useful to us.
06:21
Documentation, reviews, particularly
lessons, learned documentation,
as I've already mentioned, it's one of the
most important parts of project management is
reviewing lessons learned.
06:34
You'll also want to use information
gathering techniques, things like interviews
and focus groups to gather information from
experts and
stakeholders. You may have a checklist
analysis
where perhaps you use your risk breakdown
structure as a checklist to
go through and make sure that you've done
all the risk management work you are going to
do. You also test your assumptions with
assumptions
analysis, and this is the process of
documenting the assumptions you
make about uncertainty and then coming back
and checking them in the future.
07:12
Were those assumptions correct?
Were they too conservative?
Document all of your assumptions.
07:20
You'll use diagramming techniques as well
things like cause and effect, Ishikawa or
fishbone diagrams are very useful here.
07:30
SWOT analysis, well, SWOT stands for
strengths, weaknesses,
opportunities and threats.
07:38
The strengths and opportunities represent
positive uncertainty or
positive risk to the project.
07:46
The weaknesses and threats represent
negative risk
or negative uncertainty on your project.
07:54
And obviously, given the range of tools and
techniques and the range of information that
you're looking at, expert judgment is
critical here.
08:05
So let's take a closer look at some of these
tools and techniques.
08:10
As I've already said, the most important
document that you can review are the lessons
learned from previous projects, and I can't
emphasize this enough.
08:19
Lessons learned are considered to be
incredibly valuable intellectual property
of the organization.
08:27
And you will be expected to not only get a
lessons learned throughout the project
and in the closing stages of a project,
store them where they can be easily retrieved
in the future. But you'll also be expected
to use previous
lessons learned from other projects.
08:45
Other documents that you may find useful
include industry publications.
08:50
Perhaps your industry has regular
publications covering
usual points of risk on projects just to
help you out, and you
may also have relevant company policies and
manuals that may help you out with
the identification of risk as well.
09:06
So go looking for all of these things.
09:10
The particular information gathering
techniques that you may find useful include
the Delphi technique, the delfi technique is
one of my favorites.
09:21
It helps get around that situation where you
might have a group of experts in a room and
you might be asking their opinion in this
case on risk identification.
09:32
What normally happens when you get a group
of people in the room, though, is that the
loudest person, the most confident person
speaks up.
09:40
And you get the junior people, the
introverts not speaking up and you lose their
very valuable input.
09:47
So what the Delphi technique does to get
around this peer pressure
and bullying is to identify a group of
experts and
ask them to be part of your information
gathering technique anonymously.
10:02
You don't tell them who else is being asked
or how many other people are being asked.
10:06
You send them your questions.
10:08
And in this case, you would send them your
questions about risk identification on your
project and perhaps some form of early
assessment.
10:16
They get the opportunity to respond to you
with their views and opinions.
10:21
You then take all of the experts views and
opinions, collate them and send them
back out to all of the experts without
identifying who said what.
10:32
This gives the experts the opportunity to
read what others have said
and consider it without peer pressure.
10:40
They may then choose to change their first
opinion, and if they do, they'll get
back to you with that information.
10:48
Another information gathering technique,
which is very useful is
brainstorming. This is where you get people
to think a little bit outside of the
box, a little bit creatively with risk
identification.
11:01
Perhaps you just ask them to think of
anything at all.
11:04
Maybe that person who comes up with the
chance of a meteor hitting
your project, maybe they're being a little
bit too creative.
11:14
But what you can do with brainstorming is
once you've got a list of all those creative
suggestions, as then use things like the
nominal group technique,
which allows the group then to vote on which
of the risks you'd go forward with.
11:28
You also use expert interviews either one to
one focus
groups workshops any way you can solicit
information from
experts. And, of course, root cause
identification using an
Ishikawa fishbone or cause and effect
diagram.
11:47
Here's an example of one of those.
11:50
In this case, instead of a major defect like
we saw the diagram being used
in quality management here would identify a
potential area of
uncertainty. And then we'd look at all the
other potential areas of uncertainty which
could contribute to it.
12:08
Other diagramming techniques.
12:10
This is an influence diagram.
12:13
In this case, the risk has been identified as
profit loss.
12:17
And what we're doing is showing how one set
of factors may influence another to increase
or decrease the risk of risk.
12:26
So in this instance, poor information can
lead to insufficient
planning and create plans drawn up
uninformed decisions, which in turn can lead
to incorrect product being delivered and the
wrong actions taken, which all in turn
can lead to profit loss.
12:43
Now you can choose where to focus your risk
management
activities. Somewhere in that flow diagram.
12:53
Another simple flowchart is just showing how
a flow of risks
directly affects other risks in the project.
13:00
In this case, poor health and safety
planning creates a lack of
awareness and implementation of health and
safety rules, which in turn creates an injury
to staff. So what we want to actually
address is
poor health and safety planning as part of
our risk management.
13:20
The single output from the identify risks
process is the first
iteration and subsequent iterations of our
risk register.
13:30
And the risk register is going to be where
we keep all the information about our risks.
13:37
Here's a very generic example of a risk
register, I don't recommend putting this one
in place, but it's got the information we
need in it to show you all
the information. A risk register can
contain.
13:50
So you see over on the left hand side, we've
got our risk categories,
then we've got a description of our risk
events.
13:57
The actual identified risks.
13:59
We've got a description of risk
consequences.
14:03
We've got an assessment of whether it's a
positive or negative risk and an
urgency assessment.
14:09
This could be on a scale of one to five or
one to ten or whatever it is that you want to
use to tell us which risks are going to
happen in the near future,
which ones are going to happen in the medium
term and which ones are still a long term
off. You'll see this risk register, then
goes on to include all the
information from the other risk planning
processes.
14:31
We've then got some information about
qualitative risk analysis, including an
assessment of probability and impact.
14:39
We've got an assessment of quantitative risk
analysis, which is objective
probability and impact calculations
resulting in a, in this case, financial
figure, whether then got the information
from risk response planning
with a list of all of our risk responses and
their triggers.
14:57
And finally, we may also have a residual
risk analysis, too, which takes a
look at our initial analysis and what it
would be now with our
risk response's applied.
15:08
This is to make sure that our risk responses
are appropriate and do in fact
affect the risk either negatively or
positively.
15:18
So as we go through the other risk
management planning processes, we would be
able to populate this with actual
information.
15:26
But here for the identify risk process.
15:30
We're going to populate the information on
the left hand side of this chart.
15:33
The risk categories, specific identified
risk events, a description of the
consequences, perhaps a description of
whether it's positive or negative and
also an urgency assessment.
15:47
Now, there's one other thing you need to be
aware of that will appear in the exam, and
that's the watch list.
15:54
You may decide to take out some of the lower
order risks from your
risk register and have them in a separate
document, and that's called a watch
list. It's used for low order risks, things
that have
got low probability, low impact, but they
could change.
16:12
And if they do change, you may want to
escalate them to the risk register.
16:17
So keep in mind, the watch list is for low
Audio risks.
16:22
There's also a relationship between the
watch list and the issues log.
16:26
The issues log is typically used to
communicate to stakeholders that you take the
issue seriously.
16:33
Now, issues aren't risks yet.
16:36
But an unresolved issue could escalate, and
it could escalate to the watch list and
then to the risk register or directly to the
risk register.
16:48
So in summary, the identify risks process is
an
ongoing iterative process to identify all
possible
risks, both positive and negative, that may
affect your project.
17:04
Thank you very much.
17:05
This has been an introduction and overview
to the identify risks process and the
PMBOK guide.