A practical guide to project risk identification

Risk identification made simple with this 3-step guide

Welcome to the Minimum Viable Project!

We're all about practical project management for SMBs. Discover a new skill, tool, or framework every Tuesday and learn to manage profitable projects!

Not a member yet? Don't miss a single issue and join 2,509 other PMs today!

Every project has risks.

It's perfectly normal that things come up during project execution. Some projects adjust and move on. Others spin out of control and lose money.

The difference? Risk management.

Risk management starts with identifying what could become a threat to your project boundaries. Today we're breaking down exactly how you can do that.

A structured way to identify what you don't know, yet

First things first: what is a risk?

The Project Management Institute (PMI) says "An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives."

Everyone knows the obvious risks: a supplier is late, or a crucial resource leaves the company. The hardest and most valuable part is identifying what's unknown.

Because of how vague and intangible project risk is, some skip the entire identification. Others might ask around the table twice and move on.

That's not going to cut it.

We're here to keep it practical

The problem with most risk identification methods is that they're designed for big corporations. They are made to deal with large amounts of ambiguity and complexity. The PMI has even written entire scientific papers about risk identification.

You're probably not launching Google Chrome or managing the Boston Big Dig, so we need to keep it practical. 

How do we cover our bases, without spending half our resource allocation on risk identification up front?

Let's find the sweet spot!

First: when should you identify risks?

Risk management is done near the end of the project planning phase.

Once you start executing, you'll need to monitor risks constantly.

How often depends on the pace of the project and the rate of change in the environment you are executing in.

Take major milestones and once a month as a starting point, and adjust for your context.

Identify your risk categories

There are 4 common environments through which risks can arise:

  1. Internal

  2. External

  3. Commercial

  4. Technical

It's up to you as a project manager to identify which are most relevant. Split categories if needed.

Once your project plan is drafted and the categories identified, it's time to sit down and identify your project risks.

Let's walk through my favorite ways to do that, 1 by 1!

1. Checklists & lessons learned

The first step is individual and looking backward.

See if your organization has done similar projects in the past, and if lessons learned were recorded. If similar projects were done, there should be checklists or internal best practices available.

Sit down, grab a coffee, and go through them in detail.

You're looking for things that have gone wrong in the past, and see if they could repeat themselves in your project.

Consider interviewing the project manager of similar projects done in the past.

2. Assumptions & requirements

It's time to broaden your perspective and look at the present with a small group of stakeholders. Your project plan consists of 10 or more different elements, but we're sticking to the two documents that are most likely to contain a landmine.

You have taken your project charter and translated that into project requirements with your team. While doing that, you've made assumptions. There are also assumptions in your timeline, budget, and resource plan, for example. 

Walk your most relevant stakeholders through these assumptions. They will usually be functional managers or senior leadership.

What do they know, that your team might have overlooked? Are there any changes on the horizon that you should be aware of?

Review your requirements with an external subject matter expert, or with an experienced colleague. Are there dependencies that you are underestimating? Talk them through your risk categories and assumptions.

3. Brainstorm with your team

Last but not least, it's time to look ahead with your entire project team.

Organize a brainstorming session with your team to walk through the project plan, and have them think of possible risks from the different categories. Send out material up front, and use a brainstorming format that suits your organization & team members.

It's important in this phase that you don't go into problem-solving. You're here to identify. 

Brainstorming like this gives team members a moment to voice concerns and feel heard. It also helps you to identify personalities and get started building a team.

A complete risk log

You should now have a long list of risks from all your categories. How to turn that list into a risk log and make a risk mitigation plan, is for another time.

Going through these steps might take a few hours, up to a few days in complex cases. That's decided by the complexity of the project, organization, and environment.

While stakeholders will be urging you to get going, no unexpected issue was ever solved in those 2 days you're spending now. It's time well spent.

In summary

Risk identification is a crucial step in managing successful projects. The goal is to never be caught off guard, without spending half your resources on the most unlikely scenarios.

To identify risk, you:

  • Determine your risk categories

  • Look at past, present & future

  • Involve stakeholders & team

  • Use a structured approach

Create a risk log, and use that to make a risk management plan. If you'd like me to dig into that in a future issue, please hit reply and tell me how I could make that most valuable for you.

Next week we're digging into something completely different: the daily huddle! What makes a great daily meeting for you? Ever been in a really bad one? Hit reply and let me know!

A message from Mostly Metrics

Mostly metrics is a weekly newsletter that explains financial metrics and business models in plain English.

It's written by CJ Gustafson, a startup CFO. Check out his pieces on actually understanding dilution, incentive stock options (ISOs), and LTV:CAC ratios.

Join the +9,000 VCs, Startup Founders, & Financial Analysts who subscribe.

Thanks for reading!

If you enjoyed that, I have a small request: forward this email to 1 friend or colleague. They'll appreciate you, and it helps me reach more people. Everybody wins!

That's it for this week - until next Tuesday!

Cheers,Jasper