Initially RISK IDENTIFICATION should be a comprehensive, non-selective, non-judgemental process.
The previous section explained how to prepare a scope document for the business or project you are interested in. The subject of the scope document is your risk subject (for example this could be a business area or a project). At the beginning of the risk management process try to identify as many risks to the value and success of the risk subject as possible. This does not mean that you intend to actively manage all of these risks – the intention initially is to try to list all the possible risks so that you can determine which ones are relevant and will therefore need to be carefully managed.
Therefore, during the initial risk identification process, try not to be too judgemental or selective, simply include as many risks as you can. Here it is useful to make use of the Value TRAI (Targets, Resources, Activities and Interactions) approach introduced in the scoping section (the link to the scope section is here). To help you consider as many risks as possible I have included check-lists for each of the four categories. You can download these checklists in PDF format by simply clicking on the links below:
You can use these check lists to help you identify as many risks as possible in the four categories. I usually find it useful to do this with a team of people who are involved with the business area concerned: This is simply a brainstorming session or as I sometimes call it a DOSER (Don’t Oppose – Suggest Every Risk) session. This same team can also help in the next stage of the process which is risk quantification. To move on to this use the link here.
All Intellectual Property Rights Owned by Chris Duggleby