Project risk identification is a structured and iterative process to identify all the internal and external factors that may affect planning and implementation of the project. Information on potential risks can be gathered from a variety of sources including lessons learned from previous projects, current performance measurements, feasibility studies, project documentation, process maps, checklists, influence diagrams, assumption analysis, Strengths, Weaknesses, Opportunities, and Threats (SWOT) analysis, Failure Mode and Effects Analysis (FMEA), and Root Cause Analysis (RCA). Risks can be also identified through interviews with subject matter experts, questionnaires, and brainstorming sessions with the project team and key project stakeholders. It is rather easy to overlook some unique project risks; therefore, risk identification should never be left to a single individual. Risks known as force majeure include catastrophic events such as earthquakes, floods and other similar events but they are typically not part of the project risk management. Most organizations address these kinds of catastrophic risks through disaster recovery planning. Project risks are often categorized in order to provide a common language or basis for understanding, describing and responding to risks. Risks can be categorized by key sources of risk, project life cycle phases, components of the project management plan, major project deliverables, project management processes, common root causes, or any other meaningful category that has to be tailored to the specific project. In most circumstances, it is helpful to visually outline risk categories and subcategories by constructing a Risk Breakdown Structure (RBS).
