Process
Areas
(staged)

Level 2
 
RM
 PP
 PMC
 SAM
 MA
 PPQA
 CM
Level 3
 
RD
 TS
 PI
 VE
 VA
 OPF
 OPD
 OT
 IPM
 RSKM
 DAR
Level 4
 
OPP
 QPM
Level 5
 
OID
 CAR

 SP 1.1 Determine Risk Sources and Categories
Process AreaRSKM
Level2
GoalSG 1
PracticeSP 1.1

Determine risk sources and categories.

Identification of risk sources provides a basis for systematically examining changing situations over time to uncover circumstances that impact the ability of the project to meet its objectives. Risk sources are both internal and external to the project. As the project progresses, additional sources of risk may be identified. Establishing categories for risks provides a mechanism for collecting and organizing risks as well as ensuring appropriate scrutiny and management attention for those risks that can have more serious consequences on meeting project objectives.

Typical Work Products

1.    Risk source lists (external and internal)

2.    Risk categories list

Subpractices

1.    Determine risk sources.

Risk sources are the fundamental drivers that cause risks within a project or organization. There are many sources of risks, both internal and external, to a project. Risk sources identify common areas where risks may originate. Typical internal and external risk sources include the following:

·   Uncertain requirements

·   Unprecedented efforts—estimates unavailable

·   Infeasible design

·   Unavailable technology

·   Unrealistic schedule estimates or allocation

·   Inadequate staffing and skills

·   Cost or funding issues

·   Uncertain or inadequate subcontractor capability

·   Uncertain or inadequate vendor capability

·   Inadequate communication with actual or potential customers or with their representatives

·   Disruptions to continuity of operations

Many of these sources of risk are often accepted without adequate planning. Early identification of both internal and external sources of risk can lead to early identification of risks. Risk mitigation plans can then be implemented early in the project to preclude occurrence of the risks or reduce the consequences of their occurrence.

2.    Determine risk categories.

Risk categories reflect the “bins” for collecting and organizing risks. A reason for identifying risk categories is to help in the future consolidation of the activities in the risk mitigation plans.

The following factors may be considered when determining risk categories:

·   The phases of the project’s lifecycle model (e.g., requirements, design, manufacturing, test and evaluation, delivery, and disposal)

·   The types of processes used

·   The types of products used

·   Program management risks (e.g., contract risks, budget/cost risks, schedule risks, resources risks, performance risks, and supportability risks)

  

A risk taxonomy can be used to provide a framework for determining risk sources and categories.

Table  | Images  | Glossary  | Index  | Faceted index


Process
Areas
(continuous)


Process
management  
 
OPF
 OPD
 OT  
 
OPP 
 
OID
Project
management
 
PP
 PMC
 SAM 
 
IPM
 RSKM
 
QPM
Engineering
 
RD
 RM
 TS
 PI
 VE
 VA
Support
 
CM
 PPQA
 MA
 
DAR
 CAR