5 Methods of Identifying Project Risk
By Claudio Locicero
Five methods for identifying risks that information technology professionals and project managers may consider using are Documentation Reviews, Information Gathering Techniques, Checklist Analysis, Assumptions Analysis, and Diagramming Techniques. Although the scope of this article is not to detail the methodology of each technique, the usability of each in an agile environment will be addressed.
- Documentation Reviews consist of a detailed analysis of a project document to determine if there are any apparent risks relating to requirements or assumptions. An example of utilizing this method would be when conducting a review of a system integrator’s implementation plan and you identify inconsistencies between proposed actions and best practices or you identify a conflict with the proposed implementation schedule and your organization’s internal operations schedule. Performing a Documentation Review would allow you to quickly identify and address risks by developing mitigation plans without actually performing a more in-depth quantitative or qualitative analysis.
- Information Gathering Techniques include Brainstorming, the Delphi Technique, Interviewing, Root Cause Analysis, and Strengths, Weaknesses, Opportunities, and Threats (SWOT) Analysis. Brainstorming and Interviewing would be the most beneficial to overall because it has allows obtaining the largest number of ideas or reference points for identifying project risks by being able to include numerous individuals both internal and external to projects. Involving a large number of individuals in this process, such as business process owners and end users would more effective than taking an insular project team member only approach. The Delphi Technique has its applications, but its round-robin methodology is not an efficient from a time management perspective and busy professionals or executives would not want to spend time reading project risk thoughts of others, that process is best left to the project team to collate and analyze the collected data. Root Cause and SWOT Analysis techniques are both very extremely useful tools and particularly effective after already having conducted Brainstorming sessions and Interviewing.
- Checklist Analysis are excellent when working for an integrator that perform many identical or similar projects for multiple clients where there is a risk knowledge base to work from, but becomes a burden to develop one for each individual dissimilar project in an operational business environment, unless the scope of the project warrants the work effort for its development.
- Assumptions Analysis in my opinion is closely related to Documentation Reviews whereby you review the documentation along with the assumptions that are contained within to determine its accuracy, consistency, and completeness.
- Diagramming Techniques, such as Cause-and-Effect Diagrams and Flow Charts, are useful to visualize and document risk root causes and other project processes. Executive and senior management have historically preferred to review charts and graphs to get an overall bird’s eye view of an issue or project phase rather than read through detailed status report pages.
Written by Claudio LoCicero, M.S.
Over his career he has held several technical and management positions both in the United States and overseas within the private and government sectors.
He holds a Master of Science in Information Technology with an Information Security Specialization from a university designated as a National Security Agency Certified Center of Academic Excellence for Information Assurance. He also holds numerous professional certifications such as the Project Management Professional (PMP), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Technology Infrastructure Library (ITIL) Foundation, along with several other professional certifications from Cisco, Microsoft, and the National Security Agency (NSA).
He is an active member of the International Information Systems Security Certification Consortium (ISC2), Information Systems Audit and Control Association (ISACA), Information Systems Security Association (ISSA), and the Project Management Institute (PMI).