What Risks Actually Need Identifying?

Andy Jordan is President of Roffensian Consulting S.A., a Roatan, Honduras-based management consulting firm with a comprehensive project management practice. Andy always appreciates feedback and discussion on the issues raised in his articles and can be reached at [email protected]. Andy's new book Risk Management for Project Driven Organizations is now available.

  New Practitioners   Risk Management  

Risk management can be a contentious part of project delivery. I remember having many an animated conversation about what the potential exposure of a risk was, how best to try and manage that exposure, and what to do if things went wrong. But some of the biggest disagreements came around risk identification. That might sound silly, but it’s actually a common problem and is what I want to address here.

Understanding risk identification
Risk identification is obviously the first step in the risk management process, and is therefore the foundation of the entire risk control strategy for a project—you can’t plan for or manage a risk that you haven’t identified.

But risk identification isn’t about identifying every risk that exists—that’s simply impossible. Consider a current example: It would not have been realistic to have initiated a project at the end of 2019 and had a risk that identified the possibility of a global pandemic that would change the entire way that work happened. Of course, that’s exactly what occurred, but it wasn’t a risk that was reasonable to identify (and even if it had been, what would the risk management approach have been at that point?).

These “one in a million” type risks are always out there, and there are enough of them that occasionally one of them will occur and cause massive…

Please log in or sign up below to read the rest of the article.