Identify Risks

Sensei Short Scroll 21 Planning Process Group

Identify Risks

Introduction: Why This Matters

No matter how carefully a project is planned, uncertainty is unavoidable. Some uncertainties threaten cost, schedule, or quality, while others present opportunities to improve outcomes. The Identify Risks process ensures that risks are systematically discovered, documented, and prepared for analysis.

On the PMP exam, this process is often tested through situational questions about where risks come from and who is responsible for identifying them. The answer: everyone on the project team and relevant stakeholders. In practice, consistently identifying risks early prevents surprises, builds stakeholder trust, and creates the foundation for proactive management (Project Management Institute, 2021).

Purpose and Objectives

Primary Purpose: Identify individual project risks and sources of overall project risk, and document them in the risk register.

Key Objectives:

  • Collect input from stakeholders, subject matter experts, and team members.
  • Identify risks across categories such as technical, external, organizational, and project management.
  • Document threats (negative risks) and opportunities (positive risks).
  • Capture root causes, potential triggers, and early warning signs.
  • Populate the risk register with initial entries for later analysis.

Overview and ITTOs

Inputs

  • Risk management plan.
  • Cost, schedule, and quality management plans.
  • Scope baseline.
  • Assumption log.
  • Activity cost and duration estimates.
  • Stakeholder register.
  • Other project documents, enterprise environmental factors, and organizational process assets.

Tools and Techniques

  • Data gathering: Brainstorming, checklists, interviews, Delphi technique, and root cause analysis.
  • Data analysis: SWOT analysis, document review, and analysis of assumptions and constraints.
  • Interpersonal skills: Facilitation, active listening, and political awareness.
  • Prompt lists: Categories such as PESTLE (Political, Economic, Social, Technological, Legal, Environmental).
  • Meetings: Risk workshops and risk identification sessions with stakeholders.

Outputs

  • Risk register (initial version).
  • Risk report (high level overview).
  • Project document updates such as the assumption log, issue log, and lessons learned register.

The Risk Register

The risk register is the primary output of Identify Risks and will evolve throughout the project.

Typical contents:

  • Description of the risk, whether threat or opportunity.
  • Root cause.
  • Potential triggers or early warning signs.
  • Category (linked to the Risk Breakdown Structure).
  • Potential responses, if already known.
  • Risk owner (often assigned later during analysis and planning).

Example entry:

  • Risk ID: R 004
  • Description: Supplier may delay delivery of key equipment.
  • Category: External → Supplier risk.
  • Root cause: Vendor dependency and tight market capacity.
  • Trigger: Late confirmation of purchase order.
  • Potential response: Qualify a backup supplier.

Practical Example: Pharmaceutical Development Project

Context: A biotech company is developing a new drug.

Identify Risks activities:

  • Brainstorming: Scientists, regulatory experts, and manufacturing leads identify risks in formulation, trials, and approval.
  • Checklists: Past projects highlight risks such as patient recruitment delays and regulatory audits.
  • SWOT analysis:
    • Strengths: Strong research and development team.
    • Weaknesses: Limited regulatory experience.
    • Opportunities: Partnerships with global laboratories.
    • Threats: Competing drugs in the pipeline.
  • Risk register entries:
    • Risk: Clinical trial recruitment slower than expected.
    • Risk: Unexpected side effects in phase two testing.
    • Opportunity: Partnership accelerates access to trial participants.

Outcome: The project develops a robust risk register early, which supports proactive mitigation and contingency planning.

Common Pitfalls

Treating risk identification as a one time event

  • Pitfall: Risks are identified only at project kickoff.
  • Prevention: Make risk identification iterative and update regularly.

Narrow participation

  • Pitfall: Only the project manager identifies risks.
  • Prevention: Include team members, stakeholders, and external experts.

Focusing only on threats

  • Pitfall: Positive risks and opportunities are ignored.
  • Prevention: Deliberately search for both threats and opportunities.

Poor documentation

  • Pitfall: Vague entries such as “something might go wrong”.
  • Prevention: Document specific causes, potential effects, and clear triggers.

Sensei Tip : Turn vague worries into sharp entries. A strong risk entry links a clear cause, a specific risk event, and a visible trigger. This makes it easier to spot early warning signs in both exam questions and real projects.

Exam Alert : A common trap is thinking only the project manager identifies risks or that risks are only threats. On the exam, new risks can appear at any time, everyone can raise them, and opportunities belong in the risk register too.

Exam Lens

Patterns on the PMP Exam:

  • Everyone is responsible for identifying risks, not just the project manager.
  • Risk identification is iterative and should be repeated throughout the project.
  • Opportunities are also risks and must be captured in the risk register.
  • Prompt lists such as PESTLE and the Risk Breakdown Structure often appear in scenario questions.

Sample Question

Question: A project manager holds a brainstorming session and updates the risk register with new risks. Two weeks later, a team member identifies an additional risk. What should the project manager do?

  1. Tell the team member to wait until the next review.
  2. Add the risk to the risk register immediately.
  3. Ignore it since the initial identification is complete.
  4. Perform qualitative analysis first.

Correct Answer: B. Risk identification is iterative and new risks should be added immediately.

Quick Recap Table

Element Why It Matters Exam Watch Point
Risk Register Primary output that lists identified risks. Must be created during Identify Risks.
Data Gathering Techniques such as brainstorming, checklists, Delphi, and interviews. Exam questions often ask which technique is being used.
Prompt Lists Ensure risks are comprehensive across political, economic, social, technological, legal, and environmental dimensions. Expect scenarios that mention PESTLE or the RBS.
Opportunities Positive risks that can benefit the project if captured and managed. Many candidates forget that opportunities belong in the risk register too.

Key Takeaways

  • Identify Risks systematically discovers and documents individual risks and sources of overall project risk.
  • The key outputs are the risk register and the initial risk report.
  • Risk identification is iterative. New risks can emerge at any time and must be captured.
  • On the exam, always remember that risks include both threats and opportunities.
  • In practice, consistent risk identification improves preparedness, resilience, and confidence among stakeholders.

Next Step

With risks identified, the next process is Perform Qualitative Risk Analysis. In that process, the team prioritizes risks based on probability and impact to guide where attention and resources should be focused.

Bibliography

Project Management Institute. (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) (7th ed.). Project Management Institute.

Scroll to Top