Identifying Risk
Risk identification is of course the first step in managing risk but it is an area that brings to the fore all of the emotional baggage discussed earlier. The very mention of risk can raise senior managers' blood pressure by a few points. It is obvious that if you don't think about the possibility of something occurring you can't act on it and plan for it but risk identification is a good example of the 'shooting the messenger' syndrome we noted earlier. In immature organisations, or those where a 'blame culture' is prevalent, a project manager can be treated as if s/he caused a risk just because they highlight its existence.
At the risk of labouring a very obvious point you don't create risks by identifying them. You are simply revealing them so that you can do something about them. In many cases the risks may relate to institutional strategy, to key decisions already taken or to other things that are going on within the organisation and it may be uncomfortable for senior managers to see some of these issues brought into the open. There is no way round this. We need to raise awareness of risk management techniques and create risk robust cultures within our organisations if we are to run successful projects. It is assumed that you are using a structured project management methodology and this will provide a range of information sources to help you identify areas of risk. If you are unsure about any of the terminology used here you should consult the Project Management infoKit. Risk identification and analysis should be ongoing throughout the project but particularly at project start-up and stage boundaries. You are likely to start looking for risks relating to:
- The project plan
- Stakeholders
- Resources
- The organisational environment
- The external environment
The risk profile will change as you move through the project so risk identification and review should be an ongoing task rather than a one-off event. All too often risks are logged at the start of a project then never updated.
