09 Dec Risk Identification: Going to the Source
When Early Man* slid down from the trees and stood up on the African savannah, the first thing he did was start looking for sources of risk. (Unless he was unlucky, in which case a risk ate him before he even got started.) His approach was simple: just look—at his surroundings and himself. I can’t see behind that clump of bushes—is there a lioness hiding back there? What’s that rustling? Something that might give me a poisonous bite? Is my balance okay? Am I about to step into a hole and break an ankle?
You, the friendly neighborhood project manager, can do pretty much the same thing Early Man did: look for external and internal sources of risk.
External risk sources are things in your general environment not directly connected with the project, but could affect it anyway. For a construction project, the weather could be a source of external risk. What do you do if you’ve finished framing that Gulf Coast hotel and Hurricane Murgatroid comes along and turns half of it into toothpicks? For a software project, one external risk might be just down the hallway, in the server room. What happens if the LAN goes down or the box with all your stuff on it goes belly up?
Internal risk sources are found within the boundaries of the project. Sometimes these will be sitting right at the conference table with you. If that new guy can’t live up to his resumé, how do you make up for the time lost while he gets up to speed or, worse yet, while you get him replaced? Maybe the business requirements won’t be complete, or won’t actually reflect at all what’s wanted in any way, shape or form (it happens)?
You can do a fair bit of looking for sources at your desk by reading over requirements, schedules, work breakdown structures, etc. with pen in hand, thinking “what could go wrong?” every couple of seconds. In days of yore, I had a project management colleague who spent a great deal of time on this sort of what-if work, extrapolating from one possible misstep to the next logical, resulting misstep and the next, much like a chess player thinking through a series of moves (only more slowly). She came up with so many arcane sources of risk we begged her to stop. She didn’t, and the result was a much cleaner product and accompanying process than we otherwise would have had. Be sure to involve your stakeholders and your team in this exercise as well—more on that later.
The take-away here? To find potential sources of risk, look around hard, as if there were a multitude of critters lurking around wanting to eat you… because there are.
Next: Using Risk Lists
* I am just using the male gender for readability—no bias intended.