PMP Quy Trình Identify Risks 11.2

PMP Quy Trình Identify Risks 11.2
Process Name: Identify Risks (11.2)

Process Group: P

Determining which risks may affect the project and documenting their characteristics.

1. Project management plan
Risk Mgmt Plan

Cost Mgmt Plan
Quality Mgmt Plan
Schedule Mgmt Plan

RM Plan

Requirements mgm plan
Scope Baseline
Schedule baseline
Cost baseline
2. Project documents
Assumption log
Cost estimates
Duration estimates
Issue log
LL register
Requirements document
Resource requirements
Stakeholder Register

3. Agreements
4. Procurement document
5. EEF
6. OPA
1. Expert judgment
2. Data gathering
– Brainstorming
– Checklists
– Interviews
3. Data analysis
– Root cause analysis
– Assumption and constraint analysis
– SWOT analysis
– Document analysis
4. Interpersonal & Team skills
– Facilitation
5. Prompt lists
6. Meetings
1. Risk Register
2. Risk report
3. Project document updates
Assumption log
Issue log
LL register

[wc_highlight color=”blue”]10 Critical success factors[/wc_highlight]:

  1. Early identification
  2. Iterative identification
  3. Emergent identification
  4. Comprehensive identification
  5. Explicit identification of opportunities
  6. Multiple perspectives (input from broad range of project stakeholder)
  7. Risks linked to project objectives (Ref: What is risk?)
  8. Complete risk statement
  9. Ownership and level of detail
  10. Objectivity


Note: Secondary risks will be identified during Plan risk response


  1. Risk management plan – As you may have guessed correctly by now, the risk management plan comes as an input to every risk management process in our project that happens after it is created. As this document explains how risk management activities are to be carried out in our project, it is an indispensable resource. We will be using the following from the risk management plan:
    1. Assignment of Roles & Responsibilities
    2. Budget and Schedule provisions & allocations to Risk Management activities
    3. RBS
  2. Scope baseline – The scope baseline includes the Project Scope Statement along with any constraints & assumptions. As you might already know, wherever assumptions are involved, there are bound to be uncertainties and it is these uncertainties that we are looking for. Also, constraints can be a major source of risks. A Work Breakdown Structure is going to give us a detailed perspective of the project work that will be done including tasks and sub-tasks. By going through this WBS thoroughly we can uncover a lot of potential risk possibilities.
  3. Cost management plan – The Estimating Costs and Determining Budgets process of Project Planning creates the Projects Cost Baseline or in other words the Project Budget. The approach used in managing the project costs can be a major source of risks. For ex: a project that is operating on a tight budget with little room for maneuvering has a great risk of cost overruns. On the other hand, if the project has good cost reserves planned already, then the risks go down accordingly.
  4. Schedule management plan – The Develop Project Schedule process creates the Project Schedule. By understanding the Projects Schedule and the Schedule Management Plan will give us a good idea of whether the project is operating on [wc_highlight color=”red”]tight deadlines[/wc_highlight] or has [wc_highlight color=”red”]any slack in terms of completion dates[/wc_highlight]. As in the case of Projects Budget, projects operating on a tight schedule can have a great deal of risk in terms of schedule overruns.
  5.  Quality management plan – The approach to quality management in the project has a direct bearing on the project risks. A Project where a great deal of importance is given to quality related activities to produce a good quality work product usually has lower risks when compared to one that does not follow good quality practices. In cases where the quality or work done is compromised (for whatever reason it may be), risks are introduced. [wc_highlight color=”red”]Poor Quality Standards[/wc_highlight] is a major source of risks in many projects. If we address the Quality aspect of our project, we will be eliminating a good number of risks at its source.
  6. Activity cost estimates – The Cost Estimates are created in the Estimating Costs process and these estimates can give us a good idea of the likely cost involved in all the scheduled project activities. This way we can identify if the project is in any danger of cost overruns.
  7. Activity duration estimates – The activity duration estimates are created in the Estimate Activity Duration process. The quality and accuracy of the estimates can have a direct impact on the risks. If the [wc_highlight color=”green”]estimate is accurate[/wc_highlight] then the risks of schedule overruns are low whereas if the estimates are [wc_highlight color=”red”]rough or ball-park[/wc_highlight] then the chances of schedule slippages are pretty high which in turn means high risk.
  8. Stakeholder register – The stakeholder register gives us details about the list of all people who have a stake in our project. We can use it to identify the high influence group of stakeholders and handle them accordingly. We can also use this document to invite all those important stakeholders to the risk related meetings to ensure that everyone is on the same page.
  9. EEF – We have learnt what these enterprise environmental factors are many times in this blog. The factors that are relevant in our identifying risks area are:
    1. Commercial Databases
    2. Public & Industry studies
  10. OPA – The organizational process assets include [wc_highlight color=”green”]files & data from previous projects[/wc_highlight]. We can study what the actual risks were, the responses that we used and the actual outcomes of the responses. We can utilize this information to ensure that we do not commit the same mistakes as our predecessors. Looking at the lessons learned documents from previous similar projects would be a good idea too. [wc_highlight color=”red”]Document Templates[/wc_highlight] also come under this section.
  11. Project doc – There are a whole bunch of other project related documents that can be sources of risks or risk related information. Some of them are:
    1. Work Performance Reports – The output of the Direct and Manage Project Execution process
    2. Earned Value Reports – The output of the Measure Project Performance process
    3. Assumption logs
    4. Baselines (Cost, Schedule and Scope)
    5. Network Diagrams – Created during the Develop Project Schedule process
    6. Etc.

If you see closely, the scope baseline was considered as a separate input entity just a few paragraphs ago and has been mentioned again as part of the general term “Baselines” along with the Cost and Schedule baseline. Also, the Schedule Management Plan & the Cost Management Plan were covered already as inputs in detail and their baselines are considered here. This should give you a fair idea of the fact that the [wc_highlight color=”red”]golden triangle “Scope-Time-Cost”[/wc_highlight] are the key sources of risks for the Project and need to be investigated & analyzed thoroughly in order to minimize risks and to enhance the chances of the Project’s Success.

Apart from all the above mentioned inputs, any other document or information related to the Project that can be a source of risk or that can provide insights that will help in project risk management can be considered as input to this process.



  1. Info Gathering techniques
    1. Brainstorming
    2. Delphi technique
    3. Interviewing
    4. Root cause analysis
  2. Diagraming techniques:
    1. Cause & Effect diagrams
    2. System / process flowcharts
    3. Influence diagram
  3. Document review
  4. Checklist analysis
  5. Assumptions analysis
  6. SWOT analysis
  7. Expert Judgment


Identify risks tools / techniques by Practice risk for Project Risk Management

Assumptions & Constraint analysis – Simple structured approach
– Can be based on project charter
– Generated project specific risks
– Implicit / hidden assumptions or constraint s are often missed – Requires a comprehensive list of assumptions and constraints.
Brainstorming – Allow all participants to speak their mind and contribute to the discussion
– Can involve all key stakeholders.
– Creative generation of ideas
– Requires attendance of stakeholder. Difficult to arrange and expensive.
– Prone to groupthink
– May produce biased results by strong person (management)
– Often not well facilitated
– Requires filtering
– Attendance group of stakeholders.
– Commitment to honesty.
– Preparation
– Good facilitation.
– Use of structure (categories or RBS)
Cause and effect diagram (Ishikawa) Visual presentation – Diagram can quickly become over-complex Effective selection of critical impacts.
Check lists – Captures previous experience
– Presents detailed list of risks.
– Checklist can grow to become unwieldy
– Risk not on the list will be missed
– Misses opportunity
– Regular maintenance is required.
– Use of structure can assit (RBS)
Delphi Technique – Captures inputs from technical experts
– Remove sources of bias
– Limited to technical risks
– Dependent on actual expertise of experts
– May take longer time than available due to iterations of the expert’s inputs
– Effective facilitation
– Careful of selection of experts
– Clear definition of scope
Document review – Exposes detailed project-specific risk
– Requires no specialist tools
– Limited to risks contained in the document – Understanding of relevance of prior exp.
FMEA / Fault Tree Analysis – Structured approach, well understood by engineers
– Overall reliability by using quantitative tools
– Good tool support
– Focuses on threats, not so useful for opportunities
– Requires expert tools
– Detailed description of the area being assessed.
– Statistical accurate data
Force Field analysis – Create deep understanding of factors that affect project objectives – Time consuming and complex technique
– Only applying to single objective, not provide whole project view
– Prioritized objectives
Industry knowledge base – Captures previous exp
– Allow benchmarking against external org
– Limited to what has previously happened
– Excludes project-specific risk
– Access to relevant info
Questionnaire – Broad thinking to identify – Dependent on quality of questions
– Limited topics covered by questions
– Can be a simple reformatting of checklist
– Clear and unambiguous questions
– Detailed briefing of respondents
Root-Cause analysis – Basic for development of pre-emptive and comprehensive responses
– Can serve to reduce complexity
– Oversimplify
– No valid strategy for addressing the root cause.
– Willingness by management
– Ability to identify if a risk is an outcome of a more fundamental cause.
SWOT Analysis – Focus on both Opportunity and threat
– Structured approach
– Focus on internal and external
– Tends to produce high level generic risks, not project-specific. – Good facilitation
– Avoid confusing 4 SWOT perspectives
System dynamics – Exposes unexpected inter-relation between project elements (feedback and feed-forward loops)
– Produces overall impacts of all included events and risks.
– Requires software and expertise to build model
– Focus on impact, but difficult to include the concept of probability.
– Understanding of feedback
– Competency in applying tools and understanding their output
– Quality of system model
– Accuracy of input data collected for the specific project.
WBS Review – Ensures all elements of project scope are considered.
– Provides for risks related to different level of detail
– Excludes external risks (not included in WBS) – Good WBS


PMP Process Groups Map:

Leave a Reply

Your email address will not be published. Required fields are marked *

two × 2 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.