1) Identify Risks in a “Problem / Impact” Statement
Risk identification can begin once you and your team have a clear understanding of your project and your organization’s appetite for risk on that project. Start by working with your project team to collaboratively identify and categorize things that can go wrong with your project. This is not an exercise that you do on your own as project manager.
One approach is to get your team in a conference room or on a videoconference, and share a copy of your empty RAID log. Start by prompting my team with something like, “let’s walk through the project, beginning to end, and identify all the ways this can go wrong.” At this stage, coach your team to resist the urge to problem solve. Don’t fill out any more columns in your RAID log than just a short description of the risk. Your goal is to freely brainstorm a list of what can potentially go wrong – big and small.
As you write down each risk, document them in a problem / impact statement, capturing the potential issue and how it would impact project parameters like cost, schedule, scope and quality – the impact categories we stack ranked in the previous section.
Some examples of problem / impact statements:
- The equipment might arrive late from the distributor, causing us to reschedule the installation contractors – incurring a $1,000 fee
- Our Florida training event is scheduled at the peak of hurricane season, so weather disruptions could reduce attendance or force us to reschedule the event, delaying the rollout of our new product
- To finish the project, the organization’s capital investment committee has to approve the project budget for next fiscal year. If they do not approve the budget, then we will not have the funds required to finish the project and cannot complete the deliverables
Depending on the risk appetite of your organization, this process can be in-depth and take several workshops, or it may be performed at a high level and done in an hour or so. This is where your understanding of the project environment and your professional judgment will come into play.
You and your team also don’t have to rely exclusively on your brainstorming. If your organization has RAID logs from past, similar projects, this can be a great source of material for not only understanding what can go wrong, but what risk response strategies worked and didn’t work for those risks.
When you have your initial list of risks captured in a problem/impact statement, now it’s time to organize them by category.