Identify Risks surfaces the threats and opportunities that could affect the project, drawing on every plan and document plus the team’s and stakeholders’ knowledge. It produces the risk register — the list of individual risks with their characteristics — and the risk report, the picture of overall project risk.
It is iterative and inclusive: risks emerge throughout the project, and the people doing the work often see them first. Brainstorming, checklists, interviews, and prompt lists help cast a wide net, while clear risk statements (cause, event, effect) keep entries actionable.
Common pitfalls. Treating it as a one-time workshop; vague risk statements that can’t be acted on; focusing only on threats and missing opportunities; and a register filled in once and never revisited.
Inputs, Tools & Techniques, and Outputs
Inputs
- Project management plan
- Project documents
- Agreements
- Procurement documentation
- Enterprise environmental factors
- Organizational process assets
Tools & Techniques
- Expert judgment
- Data gathering
- Data analysis
- Interpersonal and team skills
- Prompt lists
- Meetings
Outputs
- Risk register
- Risk report
- Project documents updates