1
OPMT2510 – Project Quality and Risk Management
Module 2 – Risk Identification
Table of Contents
Introduction .................................................................................................................................................. 1
What We Covered in the Previous Module .............................................................................................. 1
What We Will See in this Module ............................................................................................................. 2
Learning Objectives................................................................................................................................... 2
Elements of a Risk Management System ...................................................................................................... 2
What is a Risk? ............................................................................................................................................. 3
Types of Risk ................................................................................................................................................. 3
Sources of Risks............................................................................................................................................. 4
Categories ................................................................................................................................................. 4
Tools .......................................................................................................................................................... 5
Involving other People .............................................................................................................................. 5
Key Features of Good Outputs...................................................................................................................... 5
Risk Breakdown Structure (RBS) ............................................................................................................... 6
Risk Registry .............................................................................................................................................. 7
Summary ....................................................................................................................................................... 8
Note: Make all links open in a new tab
Introduction
Welcome to our first module dedicated entirely to Project Risk Management: Risk Identification.
What We Covered in the Previous Module
Last module we covered the basics of Project Management to identify the context where Project Quality
and Risk Management are inserted.
We also introduced the basic concepts of Risk and Quality and the synergy between the two.
2
If any of the above sounds unfamiliar to you or you feel uncertain of your grasp of the concepts, return
to the previous module to review the material and discussions. You can also use one of the Discussion
Boards to ask questions.
What We Will See in this Module
In this module we will cover the basic concepts of Risk, how to identify Project Risks and how to present
them in a structured manner.
Learning Objectives
#outcome
Upon completion of Module 2, you will be able to:
1. Identify the connection of Risk Identification in the overall Risk Management System.
2. Describe the connection between Risk and Quality.
3. Differentiate between negative and positive risks.
4. List several Sources of Risks.
5. Construct a Risk Breakdown Structure.
/outcome
Elements of a Risk Management System
A Risk Management System contains the following elements:





Inputs
Risk Identification
Risk Assessment and Prioritization
o Qualitative
o Quantitative
Risk Response Plan
Risk Monitoring and Control
As you can see, Risk Identification is the first step in the series of Risk-related activities undertaken in a
project.
Identifying Risks (Module 2) allows you to later Assess and Prioritize them (Module 3). Your assessment
will provide direction and focus in the creation of a Risk Response Plan (Module 4). The execution of this
plan will need to be Monitored and Controlled (Module 5).
What about Inputs? Inputs are sources of information that can be used to help you think about and
identify risks. The PMBoK lists some of them:


Project Charter
Project Management Plan
3



Stakeholders
Enterprise Environmental Factors (Attitudes)
Organization Process Assets (Tools/Methodology)
Another important source of inputs to Risk Identification is Historical Data.
#activity
Now let’s practice identifying risks by using a simulation called Rockworkz.
#discussion
Read the instructions for Rockworkz and reply with your list of at least 10 risks. Let us know how long it
took you to come up with your list too.
/discussion
/activity
What is a Risk?
Are all uncertainties Risks? What about unknown Risks?
#discussion
Read “When is a Risk not a Risk?” What have you identified as the main points in the text? Considering
those points, would your list of Risks for the Rockworkz exercise have been written any differently?
Reply to your own post in the discussion forum. Explain how your list would change and why.
/discussion
Note that the depth of our knowledge of a Project’s Objectives changes throughout the life of a Project.
At the beginning, we may only know the high-level scope items, for example, but have a much better
understanding as we write the Project Management Plan.
Types of Risk
As we previously discussed, a Risk can be defined as “the chance of something happening that will have
an impact on objectives”.
Our natural tendency is to think of impact in negative terms:
 “If the supplier doesn’t deliver the parts on time, we will be late in producing our product”.
 “We have discovered unexpected soil conditions in this job site; our budget is not sufficient to
remediate this. We will need more money.”
But Risks can also refer to the chance of something positive happening that will impact our objectives.
Keep this in mind when Identifying Risks: otherwise, you will only cover half of the picture.
4
#accordion
Negative Risk (threats):
Event that could have a detrimental impact on objective(s).
Positive Risk (opportunities):
Event that could create the possibility of a better outcome (not a new objective!).
/accordion
Since Risk is the chance of something happening, the Risk itself is not positive or negative, just its effect.
Practice identifying positive and negative risks by completing the discussion activity that follows.
#discussion
Negative and Positive risks
Select a project that is currently occurring in Canada. This could be a major public infrastructure project,
a construction project in your neighbourhood or any other project you are aware of. Provide a brief
summary of the project including the objectives or scope. Brainstorm 5 negative and 5 positive risks to
the project.
/discussion
Sources of Risks
Trying to come up with a complete list of Risks for a project can be a Herculean task. Think back to the
Rockworkz exercise you completed. How much more complete would it have been if you had other
people helping you list risks? What if you had a checklist created by someone who ran a similar event at
a different school?
There are many tools that can help you develop a more complete and deep list of Risks. We will list
some of them below.
Categories
Many Risks go together. Identifying categories of Risks will help trigger and focus your thought process.
When Identifying Risks, consider the following categories as Potential Sources of risk:
•
•
•
Organizational, Strategic, Compliance, Operational
Project
– Financial, Time, Performance, Resources, etc.
– Managerial, Organizational Context
Product
– Client, Technical, Legal, Environmental, Safety
– Strategic, Operational
Categorize the Risks
Return to the negative and positive risks that you identified earlier. Now categorize them. Post your list
of categorized risks as a response to your earlier post.
5
Tools
Many tools are used in Project Management to stimulate ideas and support collaboration. You may have
seen and used some of them in other areas of Project Management. This is a reference list:
•
•
•
•
•
•
•
•
Documentation Review (WBS for example)
Information Gathering
– Brainstorming
– Delphi technique
– Interviewing
– Root cause analysis
Checklists (Risk Profile)
Assumptions
Diagrams
– Cause-and-Effect Diagram
– Process flow charts
SWOT Analysis
Expert Judgement
Scenario Analysis
Involving Other People
When Identifying Risks, you will benefit from involving different groups of people and stakeholders.
Different people and teams will bring different experiences, backgrounds and points of view, stimulating
the discussion and providing more content to your list of Risks. When Identifying Risks, consider
involving these groups:
•
•
•
•
•
•
•
•
Project Management Team
Customers
Suppliers
Stakeholders
Risk Management Specialists
Technical Specialists
Project Management Specialists
Internal and/or external resources
Key Features of Good Outputs
As you briefly experienced in the Rockworkz exercise and as you can imagine, considering the previous
discussion, as you go through Risk Identification you will easily collect dozens of risks, perhaps hundreds
depending on the size and complexity of the Project.
It is crucial to organize the Risks in a manner that will support the activities that follow in Risk
Management. We will cover the two common ways to do it. The key aspect is that, whatever way you
choose to do, your outputs be:
 Comprehensive
6



Specific/Differentiated
Organized
Actionable
Risk Breakdown Structure (RBS)
The RBS is analogous in its presentation to the WBS: a tree diagram which allows for Risk Categories to
be organized hierarchically.
The RBS can also be presented as a table:
7
Here is an interesting take on the RBS: combining it with the WBS in one Matrix. What advantages does
such a visualization bring?
Risk Registry
The Risk Registry is usually presented as a table containing information about a risk in each row. During
Risk Identification, not much information can be collected other than descriptions of the Risk, a
categorization, its Cause(s) and Effect(s) and perhaps some links to Project Phase and WBS. We will look
at the Risk Registry in more detail in Module 4 of this course.
8
Summary
In this module we covered the basic concepts of Risk, the tools to help in Risk Identification for a Project,
and how to organize and present the Risks identified through the use of a Risk Breakdown Structure.
#discussion
Read the instructions for Rockworkz 2 and reply with your organized list of at least 10 risks, different
than the ones you listed for Rockworkz 1.
/discussion