Process
Areas
(staged)

Level 2
 RM
 ARD
 PP
 PMC
 AM
 SSAD
 MA
 PPQA
 CM
Level 3
 ATM
 AVER
 AVAL
 OPF
 OPD
 OT
 IPM
 RSKM
 DAR
Level 4
 OPP
 QPM
Level 5
 OID
 CAR

 SP 1.1 Determine Risk Sources and Categories
Process AreaRSKM
Level2
GoalSG 1
PracticeSP 1.1

Determine risk sources and categories.

Identifying risk sources provides a basis for systematically examining changing situations over time to uncover circumstances that impact the ability of the project to meet its objectives. Risk sources are both internal and external to the project. As the project progresses, additional sources of risk may be identified. Establishing categories for risks provides a mechanism for collecting and organizing risks as well as ensuring appropriate scrutiny and management attention to risks that can have serious consequences on meeting project objectives.

Acquirers initially identify and categorize risk sources and categories for the project and refine those sources and categories over time (e.g., schedule, cost, sourcing, contract management, supplier execution, technology readiness, human safety, reliability related risks and other issues outside the control of the acquirer). The supplier is also a source of risk (e.g., financial stability of the suppler and the possibility of the supplier’s acquisition by another organization).

Typical Work Products

1.    Risk source lists (external and internal)

2.    Risk categories list

Subpractices

1.    Determine risk sources.

Risk sources are fundamental drivers that cause risks in a project or organization. There are many sources of risks, both internal and external to a project. Risk sources identify where risks may originate.

Typical internal and external risk sources include the following:

·       Uncertain requirements

·       Unprecedented efforts (i.e., estimates unavailable)

·       Infeasible design

·       Unavailable technology

·       Unrealistic schedule estimates or allocation

·       Inadequate staffing and skills

·       Cost or funding issues

·       Uncertain or inadequate subcontractor capability

·       Uncertain or inadequate supplier capability

·       Inadequate communication with customers

·       Disruptions to the continuity of operations

 

Many of these sources of risk are often accepted without adequately planning for them. Early identification of both internal and external sources of risk can lead to early identification of risks. Risk mitigation plans can then be implemented early in the project to preclude occurrence of risks or reduce consequences of their occurrence.

2.    Determine risk categories.

Risk categories are the “bins” used for collecting and organizing risks. Identifying risk categories aids the future consolidation of activities in risk mitigation plans.

 

The following factors may be considered when determining risk categories:

·       Phases of the project’s lifecycle model (e.g., requirements, design, manufacturing, test and evaluation, delivery, and disposal)

·       Types of processes used

·       Types of products used

·       Project management risks (e.g., contract risks, budget/cost risks, schedule risks, resource risks, performance risks, and supportability risks)

·       Supplier risks (e.g., financial viability of the supplier and the geographic location of supplier resources)

·       Product safety, security, and reliability

 

A risk taxonomy can be used to provide a framework for determining risk sources and categories.

Table  | Images  | Glossary  | Index  | Faceted index


Process
Areas(continuous)

Process
management  
 OPF
 OPD
 OT  
 OPP 
 OID
Project
management
 PP
 PMC
 IPM
 QPM
 RSKM
 REQM
Acquisition
 AM
 SSAD 
 ARD
 ATM
 AVER
 AVAL
Support
 CM
 PPQA
 MA
 DAR
 CAR