4.1 Risk Identification Techniques

Why Identification Matters

Risk identification is the process of finding, recognizing, and documenting individual project risks and sources of overall project risk. On the PMI-RMP exam it maps to Domain II: Risk Identification (~21%) of the Exam Content Outline. A risk you never identify cannot be analyzed, owned, or responded to — so completeness is the goal, not precision.

The exam's golden rule: identification is iterative and continuous. New risks emerge as the project progresses, assumptions resolve, and the environment shifts, so the team re-identifies risks at every phase, milestone, and major change.

Core Techniques

Brainstorming generates a broad list of risks quickly in a facilitated group session; the facilitator suppresses criticism so ideas flow freely, then the team refines and de-duplicates afterward. Brainstorming is fast and inclusive but vulnerable to groupthink and dominant voices.

The Delphi technique collects input from experts anonymously across multiple rounds. A facilitator circulates a questionnaire, summarizes responses, and feeds them back until consensus emerges. Anonymity is the point — it removes bias, groupthink, and pressure from dominant or senior voices. Expect a question contrasting Delphi (anonymous, consensus) with brainstorming (open, group).

Nominal Group Technique

The nominal group technique extends brainstorming with a structured step: after ideas are generated, participants individually rank or vote on them to prioritize. It blends the breadth of brainstorming with a measure of the anonymity Delphi provides, reducing the influence of louder participants while keeping the group in one room. Recognize it as a hybrid that produces an ordered list, not just a raw list of risks.

Interviews elicit risks one-on-one from experienced participants, subject-matter experts, and stakeholders; they surface risks people are reluctant to raise in a group.

Checklists are lists of risks distilled from past projects, the Risk Breakdown Structure (RBS), and organizational lessons learned. They make identification fast and repeatable but can blind a team to novel risks not on the list — so checklists supplement, never replace, open techniques.

Document analysis reviews plans, contracts, agreements, assumptions, scope statements, and prior records for inconsistencies, gaps, and ambiguities that signal risk. A clause that is unclear or an assumption stated without evidence is itself a flag.

Data-Gathering vs Data-Analysis

The PMI-RMP groups identification tools into two families worth distinguishing on the exam:

• Data-gathering techniques collect raw input: brainstorming, checklists, interviews.
• Data-analysis techniques interpret information to expose risk: root-cause analysis, assumption and constraint analysis, SWOT, document analysis.

Knowing the family helps you answer "which technique" questions — if the stem asks how to generate candidate risks, lean to gathering; if it asks how to examine existing information for hidden risk, lean to analysis.

Analytical & Diagramming Tools

Assumption and constraint analysis tests the validity of each assumption and the rigidity of each constraint. An assumption that proves false becomes a threat; a constraint that can be relaxed may become an opportunity. This is a frequently tested, identification-stage technique.

SWOT analysis examines internal Strengths and Weaknesses and external Opportunities and Threats. Crucially for risk work, SWOT deliberately surfaces opportunities (positive risks), not just threats — a common exam distinction.

Root-cause analysis asks why a problem occurs. The Ishikawa (fishbone, cause-and-effect) diagram groups potential causes by category, and the Five Whys drills from symptom to cause so responses target the source.

Prompt Lists & Influence Diagrams

Prompt lists are predetermined categories of risk sources that prompt the team to think broadly. Memorize the common frameworks:

Influence diagrams are graphical representations of situations showing causal influences, the time ordering of events, and relationships among variables and outcomes — useful for modeling how risks interact.

Who Participates

Identification is a team sport. Participants include the project manager, the risk manager or facilitator, project team members, subject-matter experts, customers, end users, sponsors, and other stakeholders. Broad participation widens the net and builds ownership — people are more likely to manage risks they helped name.

The project team should always be involved so they develop and maintain a sense of ownership and responsibility for the risks and the associated response actions. Stakeholders outside the team add perspectives the team lacks, especially on external and organizational risk sources.

The risk facilitator plays a distinct role: neutral, unbiased, and focused on drawing out input from every participant rather than contributing personal opinions. A good facilitator keeps the session productive, prevents dominance, and ensures both threats and opportunities are explored.

Common Traps

• One-and-done thinking. Treating identification as a single early workshop is wrong; the exam rewards continuous, iterative identification.
• Threats only. Forgetting that identification must capture opportunities too — SWOT and prompt lists apply to both.
• Symptom vs cause. Logging a symptom ("schedule slipping") instead of using root-cause analysis to find the underlying cause.
• Checklist tunnel vision. Relying solely on checklists and missing risks unique to this project.
• Vague entries. Capturing risks without enough detail to analyze later — clarity is fixed by good risk statements (Section 4.2).