HKSM

Replace this with term.

Purpose & When to Use

Identify Risks finds uncertainties that could help or harm the project and documents them for analysis and action. Use it early during planning and repeat at key points: after major changes, phase gates, contract awards, or when new information appears.

• Surfaces both threats and opportunities across scope, schedule, cost, quality, and stakeholder expectations.
• Builds a shared view of where uncertainty lies and who owns follow-up.
• Feeds the risk register and risk report, which guide analysis and response planning.

Mini Flow (How It’s Done)

• Prepare context and categories. Confirm objectives, assumptions, constraints, and use a simple risk breakdown structure or prompt list to cover diverse sources.
• Gather the right people. Include team leads, key stakeholders, suppliers when relevant, and subject matter experts.
• Generate risks. Use techniques such as brainstorming, interviews, checklists, document reviews, lessons learned, and facilitated workshops; consider SWOT and PESTLE style prompts.
• Write clear statements. Capture each risk using a cause–risk–effect format, note triggers, potential timing, category, and initial suggested responses if obvious.
• Assign ownership. Name a risk owner for each item to carry it into analysis.
• Screen and organize. Combine duplicates, group by category, and separate issues and assumptions from true risks.
• Record results. Update the risk register and risk summary; update the assumptions log and lessons learned as needed.
• Plan cadence. Schedule recurring identification sessions and add risk identification to change control and onboarding checklists.

Quality & Acceptance Checklist

• Every risk uses a clear cause–risk–effect statement with concise wording.
• Both threats and opportunities are captured; none are dismissed without note.
• Each risk has an owner, category, potential timing, and possible triggers.
• Issues and assumptions are logged separately from risks.
• Sources reviewed include plans, baselines, estimates, contracts, constraints, and stakeholder inputs.
• Duplicates merged; vague items clarified or parked for follow-up.
• Initial notes on possible responses captured where sensible, without committing to action yet.
• Register is dated, versioned, and accessible to the team and key stakeholders.

Common Mistakes & Exam Traps

• Focusing only on threats and ignoring opportunities.
• Confusing current problems with risks; issues belong in the issue log, not the risk register.
• Jumping straight to detailed responses before completing analysis.
• Holding a one-time workshop and never revisiting as the project evolves.
• Using vague, solution-biased statements rather than cause–risk–effect phrasing.
• Leaving risks ownerless; without an owner they rarely progress.
• Missing external or integration risks by inviting too narrow a group.
• Failing to identify secondary risks that could arise from proposed responses.

PMP Example Question

During a mid-project workshop, the team identifies a new regulatory change that may delay a critical deliverable if enacted. What should the project manager do next?

1. Immediately develop a detailed mitigation plan and add contingency reserves.
2. Add it to the issue log and escalate to the sponsor.
3. Record it in the risk register with cause, potential effects, and assign an owner for analysis.
4. Wait until quantitative risk analysis is complete before documenting it.

Correct Answer: C — Record it in the risk register with cause, effects, and an owner for analysis.

Explanation: In identification, the correct action is to document the risk clearly and assign ownership so it can move into analysis and response planning. It is not an issue yet, and detailed planning comes after analysis.