Identify Risks

00:01 Hello and welcome.

00:02 This module will look at the identify risks process in the PMBOK guide. You need to pay particular attention to this process because it's going to feature in the exam in multiple ways the identification of risks.

00:18 The difficulty is rated as medium because you may not have come across some of these concepts before or paid so much attention to the successful identification of risks.

00:28 And there are some new concepts to introduce to you as well, and that's why memorization is rated as medium.

00:36 The particular domain task that they identify risk process helps us understand better is planning task team, which says develop the risk management plan by identifying, analyzing and prioritizing project risks and defining risk response strategies in order to manage uncertainty and opportunity throughout the project lifecycle. And the single domain task actually covers all five of those risk management planning processes.

01:08 The key themes in the identify risk process include the identification of all risk or uncertainty that could impact the project.

01:17 And remember, risk can be good, positive or bad negative uncertainty. Your experience to date may just be focusing on negative uncertainty for the purposes of the exam.

01:30 You need to think in terms of positive and negative risks.

01:35 You're also going to do a preliminary analysis of the nature and consequence of these risks and also an urgency assessment going to begin the production of the risk register and the other planning processes.

01:48 Update the risk register with their specific information, whether it's qualitative analysis, quantitative analysis or risk response planning.

01:59 There are quite a few inputs into this process because risk can occur at any point in your project.

02:06 So of course, the first thing you want will be your risk management plan because it's going to provide guidance on how you do risk identification and it's going to reflect the level of risk tolerance or risk adversity your organization has.

02:23 Remember that within the risk management plan will also be your risk breakdown structure, giving you those categories and subcategories of risk to help guide your risk identification.

02:36 And because risk can occur at any point in the project will also want our Cost Management Plan, our Schedule Management Plan, our Quality Management Plan, our Human Resource Management Plan, and our scope baseline, just to name a few.

02:50 Because all of these will identify areas of uncertainty in the planning of their respective areas, and that uncertainty represents risk. We'll also want our individual activity cost estimates and our individual activity duration estimates.

03:08 This is because the process of estimating either cost or duration highlights uncertainty.

03:17 If we can't give really, really, really defined estimates and instead, we're giving a range. Then there's uncertainty in our estimates, and there's a risk around that, so we'll want those two documents so we can figure out the risks that exist with cost and duration estimates.

03:36 We'll also want our stakeholder register will want to know what their perception of risk is on the project, what their risk tolerance or risk aversion is and what their expectations are around risk management on the project.

03:52 Specific project documents that we will want will include our lessons learned from previous projects.

03:59 Now, keep in mind for the exam lessons learned are some of the most important documents that you can review, and the assumption in the exam is that when you begin something like this, you immediately go to your lessons learned archive and pull out or search for similar projects that you've completed in the past and take time to learn from the things they didn't do so well and the things they did well.

04:26 You'll also want procurement documents, any contracts or agreements that you've signed because they will capture risk or uncertainty in them as well.

04:36 In fact, as you'll see, when we look at procurement and the selection of the type of contract, whether it's fixed price or time and materials reflects who's taking on board the risk.

04:50 Specific enterprise environmental factors that we may want to take into consideration include industry regulations around risk identification and the depth to which we must go to.

05:03 We might also want to look at particular organizational process assets such as our project management methodology and perhaps a blank risk register template that we may already have. So you can see from all of those inputs, and they were quite a lot.

05:21 That nearly every other planning document is represented and used as an input, and hopefully that reinforces that risk can and does occur at all aspects of the project.

05:34 And in my experience, the risk register has been one of the most alive documents in my project and at certain points at the project. Will checking that risk register every day? Certainly at least once a week and checking it to see whether it's still accurate.

05:51 Did we miss any risks? Have new risks arisen? Was our assessment of urgency or consequence accurate? Was our analysis accurate? Where are our responses appropriate? Have we put in place all of the proactive ones and are we ready for the reactive ones? That's the attitude that you'll need to take into the exam when it comes to risk management.

06:17 Let's take a look at some of the tools and techniques that may be useful to us.

06:21 Documentation, reviews, particularly lessons, learned documentation, as I've already mentioned, it's one of the most important parts of project management is reviewing lessons learned.

06:34 You'll also want to use information gathering techniques, things like interviews and focus groups to gather information from experts and stakeholders. You may have a checklist analysis where perhaps you use your risk breakdown structure as a checklist to go through and make sure that you've done all the risk management work you are going to do. You also test your assumptions with assumptions analysis, and this is the process of documenting the assumptions you make about uncertainty and then coming back and checking them in the future.

07:12 Were those assumptions correct? Were they too conservative? Document all of your assumptions.

07:20 You'll use diagramming techniques as well things like cause and effect, Ishikawa or fishbone diagrams are very useful here.

07:30 SWOT analysis, well, SWOT stands for strengths, weaknesses, opportunities and threats.

07:38 The strengths and opportunities represent positive uncertainty or positive risk to the project.

07:46 The weaknesses and threats represent negative risk or negative uncertainty on your project.

07:54 And obviously, given the range of tools and techniques and the range of information that you're looking at, expert judgment is critical here.

08:05 So let's take a closer look at some of these tools and techniques.

08:10 As I've already said, the most important document that you can review are the lessons learned from previous projects, and I can't emphasize this enough.

08:19 Lessons learned are considered to be incredibly valuable intellectual property of the organization.

08:27 And you will be expected to not only get a lessons learned throughout the project and in the closing stages of a project, store them where they can be easily retrieved in the future. But you'll also be expected to use previous lessons learned from other projects.

08:45 Other documents that you may find useful include industry publications.

08:50 Perhaps your industry has regular publications covering usual points of risk on projects just to help you out, and you may also have relevant company policies and manuals that may help you out with the identification of risk as well.

09:06 So go looking for all of these things.

09:10 The particular information gathering techniques that you may find useful include the Delphi technique, the delfi technique is one of my favorites.

09:21 It helps get around that situation where you might have a group of experts in a room and you might be asking their opinion in this case on risk identification.

09:32 What normally happens when you get a group of people in the room, though, is that the loudest person, the most confident person speaks up.

09:40 And you get the junior people, the introverts not speaking up and you lose their very valuable input.

09:47 So what the Delphi technique does to get around this peer pressure and bullying is to identify a group of experts and ask them to be part of your information gathering technique anonymously.

10:02 You don't tell them who else is being asked or how many other people are being asked.

10:06 You send them your questions.

10:08 And in this case, you would send them your questions about risk identification on your project and perhaps some form of early assessment.

10:16 They get the opportunity to respond to you with their views and opinions.

10:21 You then take all of the experts views and opinions, collate them and send them back out to all of the experts without identifying who said what.

10:32 This gives the experts the opportunity to read what others have said and consider it without peer pressure.

10:40 They may then choose to change their first opinion, and if they do, they'll get back to you with that information.

10:48 Another information gathering technique, which is very useful is brainstorming. This is where you get people to think a little bit outside of the box, a little bit creatively with risk identification.

11:01 Perhaps you just ask them to think of anything at all.

11:04 Maybe that person who comes up with the chance of a meteor hitting your project, maybe they're being a little bit too creative.

11:14 But what you can do with brainstorming is once you've got a list of all those creative suggestions, as then use things like the nominal group technique, which allows the group then to vote on which of the risks you'd go forward with.

11:28 You also use expert interviews either one to one focus groups workshops any way you can solicit information from experts. And, of course, root cause identification using an Ishikawa fishbone or cause and effect diagram.

11:47 Here's an example of one of those.

11:50 In this case, instead of a major defect like we saw the diagram being used in quality management here would identify a potential area of uncertainty. And then we'd look at all the other potential areas of uncertainty which could contribute to it.

12:08 Other diagramming techniques.

12:10 This is an influence diagram.

12:13 In this case, the risk has been identified as profit loss.

12:17 And what we're doing is showing how one set of factors may influence another to increase or decrease the risk of risk.

12:26 So in this instance, poor information can lead to insufficient planning and create plans drawn up uninformed decisions, which in turn can lead to incorrect product being delivered and the wrong actions taken, which all in turn can lead to profit loss.

12:43 Now you can choose where to focus your risk management activities. Somewhere in that flow diagram.

12:53 Another simple flowchart is just showing how a flow of risks directly affects other risks in the project.

13:00 In this case, poor health and safety planning creates a lack of awareness and implementation of health and safety rules, which in turn creates an injury to staff. So what we want to actually address is poor health and safety planning as part of our risk management.

13:20 The single output from the identify risks process is the first iteration and subsequent iterations of our risk register.

13:30 And the risk register is going to be where we keep all the information about our risks.

13:37 Here's a very generic example of a risk register, I don't recommend putting this one in place, but it's got the information we need in it to show you all the information. A risk register can contain.

13:50 So you see over on the left hand side, we've got our risk categories, then we've got a description of our risk events.

13:57 The actual identified risks.

13:59 We've got a description of risk consequences.

14:03 We've got an assessment of whether it's a positive or negative risk and an urgency assessment.

14:09 This could be on a scale of one to five or one to ten or whatever it is that you want to use to tell us which risks are going to happen in the near future, which ones are going to happen in the medium term and which ones are still a long term off. You'll see this risk register, then goes on to include all the information from the other risk planning processes.

14:31 We've then got some information about qualitative risk analysis, including an assessment of probability and impact.

14:39 We've got an assessment of quantitative risk analysis, which is objective probability and impact calculations resulting in a, in this case, financial figure, whether then got the information from risk response planning with a list of all of our risk responses and their triggers.

14:57 And finally, we may also have a residual risk analysis, too, which takes a look at our initial analysis and what it would be now with our risk response's applied.

15:08 This is to make sure that our risk responses are appropriate and do in fact affect the risk either negatively or positively.

15:18 So as we go through the other risk management planning processes, we would be able to populate this with actual information.

15:26 But here for the identify risk process.

15:30 We're going to populate the information on the left hand side of this chart.

15:33 The risk categories, specific identified risk events, a description of the consequences, perhaps a description of whether it's positive or negative and also an urgency assessment.

15:47 Now, there's one other thing you need to be aware of that will appear in the exam, and that's the watch list.

15:54 You may decide to take out some of the lower order risks from your risk register and have them in a separate document, and that's called a watch list. It's used for low order risks, things that have got low probability, low impact, but they could change.

16:12 And if they do change, you may want to escalate them to the risk register.

16:17 So keep in mind, the watch list is for low Audio risks.

16:22 There's also a relationship between the watch list and the issues log.

16:26 The issues log is typically used to communicate to stakeholders that you take the issue seriously.

16:33 Now, issues aren't risks yet.

16:36 But an unresolved issue could escalate, and it could escalate to the watch list and then to the risk register or directly to the risk register.

16:48 So in summary, the identify risks process is an ongoing iterative process to identify all possible risks, both positive and negative, that may affect your project.

17:04 Thank you very much.

17:05 This has been an introduction and overview to the identify risks process and the PMBOK guide.