Ante Up for Risk Identification
First we need risk identification. Initial risk identification may take place over lunch for smaller projects, or over a series of meetings for larger projects. The goal of risk identification is—no big surprise—to identify any potential risk. Stress the word any. Anything goes in risk identification: weather, asteroids, vendors, lack of experience, technical challenges, and so on. Technically, you'll encounter four precise categories of risk during risk identification:
- Technical, quality, or performance risks. These risks are things like working with new technology, unrealistic expectations from stakeholders, and technological advances during your project (think service packs, new versions, faster hardware).
- Organizational risks. These suck. Organizational risks are things like inconsistent goals; changing priorities on time, cost, and scope; team member allocation; and general work mayhem.
- External risks. These risks are anything outside of your project, such as vendors, new laws that affect your projects, labor issues (think labor unions), organizational buyouts, and market conditions.
- Project management risks. Yep, you may be a risk. Your inexperience, poor allocation of time and resources, lack of leadership, poor execution of project management processes: All may contribute to your project's failure. But if you acknowledge these risks before they actually happen, you can take measures to prevent the risks from affecting the project's success.