• Enterprise Environmental Factors in this context refer to "published information, including commercial databases, academic studies, benchmarking, or other industry studies [...]" (comp. PMBOK3, p. 247).
• And the Organizational Process Assets in this context refer to "information on prior projects (being) available from previous project files [...]" (comp. PMBOK3, p. 247)
(8.2) Risk Identification
(8.2.1) Process Input
... generated by predecessor processes
- Project Scope Statement
- Risk Management Plan
- generated by: Risk Management Planning
- Project Management Plan
... introduced by external units
- Enterprise Environmental Factors
- Organizational Process Assets
(8.2.2) Process Definition
Risk Identification is the process for "[...] determining which risks might affect the project and documenting their characteristics" (comp. PMBOK3, p. 237): It's an "iterative process" because new risks may become known during the project execution (comp. PMBOK3, p. 246).
- Part of the Planning Process Group
- Child Process of Develop Project Management Plan
- Member of Knowledge Area Project Risk Management
The subject Risk Management operates on the base of other risk concerning concepts
(8.2.3) Tools and Techniques
PMBOK Mentioned Methods
- Documentation reviews are used for getting ideas of project risks: "The quality of plans, as well as consistency between those plans and with the project requirements and assumptions, can be indicators of risk in the project."
- Information gathering techniques are methods for discovering, collecting and conforming information:
- Brainstorming is the dump of possible viewpoints which still must be evaluated
- Delphi technique tries "to reach a consensus" of the experts by getting, "summarizing", "recirculating" and discussing information and viewpoints
- Interviewing is the externally evoked and driven dump of expert viewpoints
- Root cause identification is "an inquiry into the essential causes of a project's risks"
- SWOT analysis is the investigation and documentation of "strength, weakness, opportunities, and threats" of risks
- Checklist analysis is a method for identifying actual project risks on the base of "[...] historical information and knowledge that has been accumulated from previous similar projects [...]"
- Assumption analysis is a method for identifying risks by validating the basic assumptions namely collected in the project charter and other documents
- Diagramming techniques are tools for collecting and visualizing the cause / effect aspects, for example
- cause-and-effect diagrams like fishbone (Ishikawa) diagrams
- system or process flow charts which are linking elements
- influence diagrams which show "causal influences, time ording of events" and so on
(comp. PMBOK3, pp. 247f).
Open Source Tools
- myPmpsFactory firstly offers a structured risk mind map which can be used as base for a project risk breakdown structure. Secondly myPmpsFactory offers an integrated risk register which fullfills the conditions of the risk management plan: One can describe and classify the identified risks. This 'template' can be edited by Open Office 3 (Calc).
(8.2.4) Process Output
- The Risk Register is a document which is initially generated by the process "risk identification" and which will be improved by more sophisticated analysis and desciptions generated during the following processes. Initially the risk register contains
- a list of identified risks "[...] including their root causes [...]" and all other specifying information
- a list of potential responses being first ideas howto reduce bad effects and enhance good effects
- a list of root causes of risks being the "[...] fundamental conditions or events that may gice rise to the identified risk"
- updated risk categories are evoked by the act of identifying risks and should be integrated into the RBS and will indirectly evoke an update of the risk management plan
(comp. PMBOK3, p. 249).
Although not especially mentioned the risk trigger which indicates that a risk occurs should also be integrated into the risk register: Finally the risk register "[...] contains risks, triggers, results from risk analysis, responses, and risk owners" (comp. CROSSWIND7, p. 420).
(8.2.5) Output Using Successor Processes
Successors using the initially generated output as own input(1):
- Qualitative Risk Analysis
- Quantitative Risk Analysis
- Risk Response Planning
- Risk Monitoring and Control
- Activity Duration Estimating
- Schedule Development
- Cost Estimating
- Plan Purchases and Acquisitions
- Plan Contracting
- Select Sellers
- For details see FAQ::Q001:1