Brainstorming is perhaps the most popular method for identifying risks. While imagination and “thinking outside the box” are encouraged, it should be guided so that it focuses on risks that could impact key project objectives or critical activities. The goal is to cast a wide a net as possible, nothing out of bounds at this stage.
Alternatively, you can use input from experts or SME (Subject Matter Experts). One such method is Delphi. Delphi is a much more regimented process in which a facilitator sends out questionnaires to participant who remains anonymous throughout the process. They are asked to return their answers to the questionnaire to the facilitator. The facilitator then captures the ideas and sends out new questionnaires to refine the items identified in the first round. This process is iterative and continues until a consensus is reached.
Interviewing techniques can also be used to identify risks. In this process, confidentiality is used to elicit risks from project team members that ordinarily might not be identified in group settings due to group think and psychological effects. The confidentiality provides anonymity that otherwise would constrain individuals from providing complete disclosure. These three techniques are perhaps the most popular and can be used in any scale of project, but there are additional methods that can be used to augment the risk identification process.
SWOT analysis (Strengths, Weaknesses, Threats, Opportunity) is a process in these elements are represented a diagram and the project team identify internal and external factors for each element. It is very useful not only for identifying risks, but also to support decision making in the presence of risk and uncertainty.
Cause and Effect analysis are extremely useful in identifying underlying situation that can cause a risk to occur. Often cause and effect diagrams will generate causal chains of events where conditions and actions can trigger or make more probable a series of related risks to occur.
Event Chain Diagrams is a visualization technique that identifies risk and causal relationships between them. The relationships are event chains and help project managers identify and manage the risks that can have most impact on project plans.
Risk templates or checklists are by-products of the risk identification process. Using past projects, project managers can assemble lists of common risks that can be applied to future projects. These lists or templates can provide the basis for risk identification at the start of a project: however, as each project brings its own unique set of objectives and constraints, lists and templates should only be used as a starting point as they only represent a portion of the risks.
For many projects even using vigorous risk you may still miss many risks during original risk identification process. It often happens for research and development project when you don’t have enough historical project information. These “known risks” or those you identified before project starts are “tip of the iceberg”. Many risks can be identified only after project starts as part of project control. Therefore is it important to repeat risk identification process on different phases of the project.
