The first step in managing risk is to identify the risks you need to manage. This is the most important step in risk management and something new project managers tend to struggle with. I will present some techniques that have over the years have worked well for me.

1. What worries you? – You can ask this question to your project team members and stakeholders. Do this first individually, then in groups. Many do not understand the term “risk” as it applies to projects and may come up with a blank if you ask them about risks. Everyone can relate to the term “worry” and I have found this helpful. You may get answers such as “I don’t have enough resources” or “the timeline is too tight” or “I don’t have enough expertise on my team in this area”. These types of answers are a great start in risk identification.
2. The “Pre-Mortem” – we are familiar with doing “lessons learned” and “post-mortems” on projects. Doing a “Pre-Mortem” can help identify risks. You ask the project team and stakeholders  “It’s 9 months from now, the project is over and it was a disaster. What are the reasons?”. Your mind works better at identifying risk when looking backwards so this technique can be very effective. You may get responses like “The Sponsor wasn’t involved in decision making” or “We didn’t train the staff on the new tools”. These types of answers are risks that need to be managed. You can also ask the opposite question: “It’s 9 months from now, the project is over and it was wildly successful. Why?”. Responses like “John Jones was assigned as the technical lead” or “The Steering Committee made prompt decisions” will help you identify risks and mitigate them.
3. Risk Breakdown Structure(RBS) – if you Google this term you will find many examples. An RBS is simply a hierarchy of areas in which risks can occur. You would present each of these areas to the team and brainstorm potential risks for each area. Here is a sample RBS:

Technical

Technology

Complexity of Interfaces

Performance and Reliability

Quality

External

Vendors

Regulatory

Market

Customer

Weather

Environmental

Government

Internal

Dependencies on other projects

Resources

Funding

Requirements

Resistance to change

Inexperience

Schedule

Equipment

Quality

Customer satsifaction

Project Management

Estimates

Plans

Controls

Communications

Scope

——————————-

You should state your risks in a consistent manner. A common way to phrase your identified risks are: “If (risk event occurs), then (impact to project in terms of scope, schedule, cost, quality)”

Here is an example: “If the vendor is late delivering Component X, then we may not be able to meet the project milestone for the first build”. Note that I stated “may” not “won’t”. Remember, risks are probabilities, not certainties. If it is a certainty, it is an issue, not a risk.

When I teach project management principles to non-professional PM’s, I emphasize that the two things you must do to greatly increase your chance of success are (1) create a complete Project Charter, and (2) manage risk. Those two practices, when done well, contribute to the bulk of project success.

In previous topics I discussed Risk Management in two places:

1. The Project Charter
2. The Project Management Plan

In the Project Charter, only the initially identified high exposure risks are typically listed and you may not yet have fully developed mitigation and contingency plans. In the Project Management Plan, the Risk Management Plan describes how you will conduct risk management but it does not address the specific risks.

In the “Risk Management – Deeper Dive” series, I will present the following topics in detail:

Part 1: Risk Identification

Part 2: Risk Prioritization (probability/impact/exposure)

Part 3: Risk Triggers

Part 4: Risk Mitigation Strategies

Part 5 : Risk Contingency Plans

Part 6: Risk Ownership

Part 7: Risk Monitoring

Managing risk is a key project management best practice. I strongly suggest you make this one of the first areas of mastering project management.