|
Risk identification is a systematic attempt to specify threats to the project (estimates, schedule, resource loading, etc.). By identifying known and predictable risks, the client and CO take the first step toward avoiding them when possible and controlling them when necessary.
While it would be impossible to anticipate the complete universe of risks, the aim is to clearly identify the 20 percent of risks that would have 80 percent of the potential impact (Pareto Principle [80/20 Rule]). The following activities are useful for clarifying and identifying risks:
- At the initial stage of risk identification, convene a brainstorming session of the purchase/SCM team, during which each member has an opportunity to identify a few project risks.
- Interview stakeholders responsible for ongoing programs and projects, and consider the opportunities/impact of the current activity.
- Check with suppliers regarding their plans for delivering the desired outcome.
- Discuss with all parties involved their understanding of the mission, aims and objectives, and plans for delivery of project results.
- For repeating projects, create a risk checklist that focuses on a subset of known and predictable risks.
- Ask “so what?” after each potential risk is identified, until a clear cost or consequence of the potential effects of a risk, or an issue that needs resolution, is identified. For example:
- Statement — “Project duration will be greater than 36 months.”
- Question — “So what?”
- Answer — “Project staff may be unwilling to work on the project for all 36 months.”
- Question — “So what?”
- Answer — “The risk is that the project will take 10 percent more time than currently budgeted, to allow for the learning curve as new personnel join the project. There is also an issue that staff changes in mid-project are not acceptable to the client.”
|
|