Risk and change management - Risk identification techniques

Learning Outcomes

After studying this article, you will be able to explain the primary techniques for risk identification in the context of risk and change management, distinguish between qualitative and quantitative identification approaches, and recognize key risk identification tools and their application in PMP exam scenarios. You will be well prepared to tackle risk-related PMP questions and understand the typical outputs of risk identification.

PMP Syllabus

For PMP, you are required to understand the tools, techniques, and responsibilities involved in risk identification within project risk and change management. Review these syllabus points carefully before proceeding:

  • Recognize the difference between threats and opportunities in project risk contexts.
  • Identify risk categories and sources, including internal, external, and project-specific risks.
  • Explain the main qualitative risk identification techniques, such as brainstorming, interviews, SWOT analysis, checklists, root cause analysis, and prompt lists.
  • Understand the purpose and structure of the risk register, including typical information recorded during identification.
  • Recognize the role of all stakeholders in risk identification and the iterative nature of the process throughout the project lifecycle.
  • Relate risk identification outputs to subsequent risk analysis and planning processes.

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

  1. Which of the following is the most appropriate tool for systematically identifying risks in a new project domain?
    1. Earned value analysis
    2. Checklists and prompt lists
    3. Network diagramming
    4. Monte Carlo simulation
  2. Who is primarily responsible for risk identification on a PMP project?
    1. The project manager only
    2. The project sponsor and project manager
    3. All project stakeholders
    4. The risk owner only
  3. Which document records risks found during risk identification and is updated regularly throughout the project lifecycle?
    1. Assumption log
    2. Issue log
    3. Quality register
    4. Risk register
  4. What is the main purpose of a project pre-mortem in agile risk identification?
    1. Assigning risk owners
    2. Envisioning project success and setting quality baselines
    3. Visualizing project failure and generating possible risk events
    4. Collecting only known risks from past projects

Introduction

Risk identification is a central activity in risk and change management. For PMP, you must demonstrate the ability to select and apply appropriate risk identification techniques, distinguish risk types, and document findings for further analysis. A clear understanding of qualitative tools, iterative identification, and stakeholder roles is necessary for examination success and real project scenarios.

The Purpose of Risk Identification

Risk identification is the structured detection, recognition, and documentation of uncertainties that could affect project objectives positively (opportunities) or negatively (threats). Successful identification informs and directs all subsequent risk management efforts and ensures project teams respond proactively.

Key Term: Risk
An uncertain event or condition that, if it occurs, has a positive or negative effect on one or more project objectives.

Risk Types: Threats vs. Opportunities

Project risk includes both negative risks (threats) and positive risks (opportunities). Both require deliberate identification and may lead to different types of response strategies.

Key Term: Threat
A risk with a potential negative effect on one or more project objectives.

Key Term: Opportunity
A risk with a potential positive effect on one or more project objectives.

Who Should Identify Risks?

All stakeholders have responsibility in risk identification. This includes the project manager, project team members, customers, sponsors, suppliers, and subject matter experts. Diverse viewpoints help uncover both known and unknown risks.

Key Term: Stakeholder
Any individual, group, or organization that can affect or be affected by a project or its outcomes.

When Does Risk Identification Occur?

Risk identification begins during project initiation and planning but is revisited throughout the project lifecycle. As changes occur, new risks emerge and should be identified and documented.

Techniques for Risk Identification

PMP expects familiarity with several core techniques. Choice of method depends on project context, team experience, and the type of risk being sought.

1. Brainstorming

Facilitated sessions with mixed stakeholders generate a broad list of risks quickly. No criticism of ideas is allowed during generation—prioritization comes later.

Key Term: Brainstorming
A group technique that encourages open sharing of ideas to identify as many risks as possible.

2. Interviews

Structured interviews with stakeholders and subject matter experts provide detailed information on project-specific risks. Especially relevant for technical or unfamiliar environments.

Key Term: Interview
A one-on-one or small group questioning technique used to extract risk information from individuals with experience or specialized knowledge related to the project.

3. Checklists

Checklists are lists of potential risk types, usually based on lessons learned or organizational templates. They help ensure common risks are not overlooked. They should be reviewed and updated frequently to capture new risk sources.

Key Term: Checklist
A documented list of potential risk sources, typically based on prior projects and organizational knowledge.

4. Prompt Lists

Prompt lists organize the categories of possible risk events for systematic evaluation. Popular frameworks include PESTLE (Political, Economic, Social, Technological, Legal, Environmental), SWOT, and VUCA (Volatility, Uncertainty, Complexity, Ambiguity).

Key Term: Prompt List
A structured list of generic risk categories used to stimulate risk identification across a spectrum of possible sources.

5. Root Cause Analysis

Root cause analysis investigates the main reasons why risks may exist, rather than just symptoms or surface events. Fishbone diagrams (Ishikawa diagrams) and cause-and-effect analysis are typical tools.

Key Term: Root Cause Analysis
A method for identifying the main reasons for potential risks, often using graphical tools.

6. SWOT Analysis

SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis evaluates internal and external project factors to identify a balanced range of risks and opportunities.

Key Term: SWOT Analysis
A structured analysis tool examining project strengths, weaknesses, opportunities, and threats.

7. Document and Assumption Analysis

Reviewing project documents (charter, business case, contracts) and assumption logs can reveal hidden risks, especially those relating to incomplete information or incorrect expectations.

Key Term: Assumption Analysis
The process of examining project assumptions for potential risks if they prove unfounded.

8. Project Pre-Mortem (Agile and Iterative Projects)

A project pre-mortem is an agile risk identification technique where team members assume the project has failed, then brainstorm reasons for this failure.

Key Term: Pre-mortem
An exercise in which team members assume project failure and generate likely causes to proactively identify risks.

Recording Identified Risks

All identified risks must be recorded in a risk register for further analysis and management. The register is updated regularly and should include:

  • Risk description and category
  • Potential causes and effects
  • Probability or impact estimate (if available)
  • Risk owner (who will monitor and respond if needed)
  • Trigger conditions (signs risk may occur)
  • Possible responses (if already considered)
  • Related assumptions or links to other risks

Key Term: Risk Register
The primary project document recording identified risks, details, and subsequent risk analysis and responses.

Worked Example 1.1

A project team is about to develop a mobile banking app. The project manager organizes a brainstorming session. One stakeholder identifies “cybersecurity breach” as a risk, while another suggests “unexpected regulatory changes.” How should the team proceed?

Answer: Each identified risk is recorded in the risk register. The team may later use root cause analysis (to explore “cybersecurity breach,” e.g., insufficient authentication controls) and checklists to verify other common risks are not missed. Risk identification is iterative; new risks and their details are added as they emerge.

Worked Example 1.2

A construction project is operating near a floodplain. The team uses a PESTLE prompt list to identify “unusual seasonal storms” (Environmental) and “new safety regulations” (Legal) as external risks. What should be done next?

Answer: These findings are entered in the risk register. A root cause analysis may help detail triggers or mitigation actions. The risk register is then used in risk analysis and planning.

Exam Warning

Exam questions may ask who is responsible for risk identification. Remember, it is not only the project manager: all stakeholders must participate to ensure different viewpoints and unknown risks are discovered.

Revision Tip

When using checklists or prompt lists for risk identification, always supplement with open brainstorming and document review. Checklists help prevent omissions but do not guarantee discovery of new or unique risks.

Summary

Risk identification is a continuous, collaborative process for capturing uncertainties and documenting them in a risk register. Techniques such as brainstorming, interviews, root cause analysis, SWOT, prompt lists, and pre-mortem sessions are used to surface a wide range of risks. All project stakeholders are expected to contribute. Accurate risk identification directly influences the project team's ability to plan and select appropriate responses, critical for project success and the PMP exam.

Key Point Checklist

This article has covered the following key knowledge points:

  • Risk identification captures threats and opportunities throughout the project lifecycle.
  • All stakeholders, not just the project manager, contribute to risk identification.
  • Brainstorming, interviews, checklists, prompt lists, root cause analysis, and SWOT are core qualitative techniques.
  • Project documents, assumption logs, and historical data should be reviewed for hidden risks.
  • The pre-mortem technique is valuable in agile and high-uncertainty projects.
  • The risk register records all risks and is kept current as the project progresses.
  • Identified risks inform further risk analysis and planning activities.

Key Terms and Concepts

  • Risk
  • Threat
  • Opportunity
  • Stakeholder
  • Brainstorming
  • Interview
  • Checklist
  • Prompt List
  • Root Cause Analysis
  • SWOT Analysis
  • Assumption Analysis
  • Pre-mortem
  • Risk Register
The answers, solutions, explanations, and written content provided on this page represent PastPaperHero's interpretation of academic material and potential responses to given questions. These are not guaranteed to be the only correct or definitive answers or explanations. Alternative valid responses, interpretations, or approaches may exist. If you believe any content is incorrect, outdated, or could be improved, please get in touch with us and we will review and make necessary amendments if we deem it appropriate. As per our terms and conditions, PastPaperHero shall not be held liable or responsible for any consequences arising. This includes, but is not limited to, incorrect answers in assignments, exams, or any form of testing administered by educational institutions or examination boards, as well as any misunderstandings or misapplications of concepts explained in our written content. Users are responsible for verifying that the methods, procedures, and explanations presented align with those taught in their respective educational settings and with current academic standards. While we strive to provide high-quality, accurate, and up-to-date content, PastPaperHero does not guarantee the completeness or accuracy of our written explanations, nor any specific outcomes in academic understanding or testing, whether formal or informal.
No resources available.

Job & Test Prep on a Budget

Compare PastPaperHero's subscription offering to the wider market

PastPaperHero
Monthly Plan
$10
4PM Training Insti...
One-time Fee
$1,990-2,090
Assessment Day
One-time Fee
$20-39
Job Test Prep
One-time Fee
$90-350
Simplilearn
One-time Fee
$649
StarAgile
One-time Fee
$449

Note the above prices are approximate and based on prices listed on the respective websites as of May 2025. Prices may vary based on location, currency exchange rates, and other factors.

Get unlimited access to thousands of practice questions, flashcards, and detailed explanations. Save over 90% compared to one-time courses while maintaining the flexibility to learn at your own pace.

All-in-one Learning Platform

Everything you need to master your assessments and job tests in one place

  • Comprehensive Content

    Access thousands of fully explained questions and cases across multiple subjects

  • Visual Learning

    Understand complex concepts with intuitive diagrams and flowcharts

  • Focused Practice

    Prepare for assessments with targeted practice materials and expert guidance

  • Personalized Learning

    Track your progress and focus on areas where you need improvement

  • Affordable Access

    Get quality educational resources at a fraction of traditional costs

Tell Us What You Think

Help us improve our resources by sharing your experience

Pleased to share that I have successfully passed the SQE1 exam on 1st attempt. With SQE2 exempted, I’m now one step closer to getting enrolled as a Solicitor of England and Wales! Would like to thank my seniors, colleagues, mentors and friends for all the support during this grueling journey. This is one of the most difficult bar exams in the world to undertake, especially alongside a full time job! So happy to help out any aspirant who may be reading this message! I had prepared from the University of Law SQE Manuals and the AI powered MCQ bank from PastPaperHero.

Saptarshi Chatterjee

Saptarshi Chatterjee

Senior Associate at Trilegal