12.08 Risk Identification

• Definition: Risk Identification is the process of recognizing potential risks that might negatively impact the software project.
• Goal: The main objective is to create a list of known or anticipated risks that could affect various areas of the project, including technical, business, people, and process concerns.
• Context: It is performed early in the Risk Management Process.
• Techniques Used: The sources list several techniques for identifying risks:
  • Brainstorming sessions with stakeholders or experts.
  • Checklists from past projects.
  • Interviews with experienced developers/project managers.
  • SWOT Analysis (Strengths, Weaknesses, Opportunities, Threats).
  • Risk Taxonomy (grouping risks into categories).
• Examples of Identified Risks: The sources provide concrete examples of potential risks that might be identified:
  • Requirements may change frequently.
  • A critical developer may leave the team.
  • Integration with a third-party API may fail.
  • The project may exceed the budget.
  • Delays in delivery.
  • Scope creep (uncontrolled changes in project scope).
  • Technology failures.

Risk Identification is a foundational step because you cannot manage a risk if you haven't first recognized it as a possibility. The output of this activity is a list of these potential risks, which then serves as the input for subsequent steps in the Risk Management Process, such as Risk Analysis and Projection.

Within the structure of an RMMM Plan (Risk Mitigation, Monitoring, and Management Plan), Risk Identification is a dedicated section where the list of potential risks is presented, often categorized by type (Project risks, Technical risks, Product risks, People risks, Organizational/external risks). This highlights its importance as a distinct phase that informs the rest of the plan.