5th Edition PMBOK® Guide—Chapter 11: Process 11.2 Identify Risks

1.  Introduction

The five risk-related project management processes in the Planning Process Group deal with setting up the Risk Management Plan, identifying, analyzing and then developing responses for risks to the project.

This post is devoted to the Inputs, Tools & Techniques, and the Outputs of the second of these five processes, 11.2 Identify Risks.

2.  Inputs

You may notice the long list of inputs:  this process has probably the most extensive list of inputs of all the planning processes listed in the PMBOK® Guide.  This is because risk impacts all of the other knowledge areas, and these must therefore be taken into account as inputs of risk, and they in turn can be impacted by the risk management processes.

Subsidiary management plans that are part of the overall project management plan, from the knowledge areas of Scope, Cost, Schedule, Quality, HR, Procurement, and Stakeholder Management all contain potential inputs to this process.


1. Risk Management Plan
  • Assignment of roles and responsibilities for risk-management activities
  • Provision in schedule and budget for risk-management activities
  • Risk categories (may include risk breakdown structure)
2. Cost Management Plan Processes and controls that can be used to identify risks on the project.
3. Schedule Management Plan Project schedule objectives which may be impacted by risks.
4. Quality Management Plan Quality measures and metrics for use in identifying risks.
5. HR Management Plan
  • Roles and responsibilities
  • Project organization chart
  • Staffing management plan
6. Scope Baseline
  • Project scope statement (contains project assumptions)
  • WBS (facilitates understanding of potential risks at summary, control account, and work package levels)
7. Activity Cost Estimates Provides quantitative assessment of the range of costs of completing scheduled activities, with the width of the range indicating the degree of risk.
8. Activity Duration Estimates Used to identify risks related to time allowances for activities, with the range of the estimates indicating the degree of risk.
9. Stakeholder Register Useful for soliciting inputs from stakeholders to identify risks.
10. Project Documents
  • Project charter
  • Project schedule
  • Schedule network diagrams
  • Issue log
  • Quality checklist
11. Procurement Documents Details used to determine risks associated with planned procurements.
12. EEFs Information from industry and academia that give guidance in identification of risks.
13. OPAs
  • Project files
  • Organizational Process Controls
  • Templates for risk statement
  • Lessons learned
1. Documentation Reviews A structured review of previous project files, project plans and project assumptions.
2. Information Gathering Techniques
  • Brainstorming
  • Delphi Techniques
  • Interviewing
  • Root cause analysis
3. Checklist Analysis Checklists for risk identification may be compiled from previous projects and an analysis of the risk breakdown structure.
4. Assumptions Analysis Explores the validity of assumptions as they apply to the project.
5. Diagramming Techniques
  • Cause and effect analysis
  • System or process flow charts
  • Influence diagrams
6. SWOT Analysis Examines the project for each of the Strengths, Weaknesses, Opportunities, and Threats by examining the dimensions of positive and negative risks, and internal and external ones.
7. Expert Judgment Experts with experience on similar projects or business areas.
1. Risk Register
  • List of identified risks
  • List of potential responses

3.  Tools & Techniques

Risk identification is so crucial to a project that there are a total of 7 tools & techniques that can be used in the process.  I have listed only a bare bones description of these, because I will be expanding on many of them in the next few posts.

4.  Outputs

The output of this process, and the following planning processes in the Risk Management Knowledge Area, is the Risk Register, which will be amended at the end of each of them to include more and more detailed information about the risks identified in this process.  Future processes will give more analysis and detail on countermeasures to be taken in the event the risks do occur.

The next post will discuss the Information Gathering Techniques, the second broad category of tools & techniques used in this process of Identifying Risks.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: